New Botnet Dwarfs Storm

ancientribe writes "Storm is no longer the world's largest botnet: Researchers at Damballa have discovered Kraken, a botnet of 400,000 zombies — twice the size of Storm. But even more disturbing is that it has infected machines at 50 of the Fortune 500, and is undetectable in over 80 percent of machines running antivirus software. Kraken appears to be evading detection by a combination of clever obfuscation techniques that hinder its detection and analysis by researchers."

Designate Windows OS as Terrorist Tool

Forbid Windows OSs from running in the USA because it's a defacto tool for terrorism.

Re:Designate Windows OS as Terrorist Tool

Last I heard, they were arguing the exact opposite - non-Windows systems are too hard for the government to break into.

And who knows, perhaps Kraken is sending your data to HLS on the side? If I made a government spy virus, I'd disguise it as a spambot too... the signal is lost in the noise.

This, needless to say, could also explain the surprisingly low discovery rate on standard AV tools.

[/tinfoil hat]

Re:Designate Windows OS as Terrorist Tool

FTA: "The primary C&C servers are hosted in France, Russia, and the U.S., according to Damballa."

The new Axis of Evil?

I am not trying to obnoxious.

How many of those zombies are Linux platforms?

Re:I am not trying to obnoxious.

About as many as are running Mac OS X or Solaris.

-jcr

Re:I am not trying to obnoxious.

You know that VMWare is proprietary, right? Running ubuntu with wine in VMWare because using XP in VMWare wouldn't be FOSS is kinda self-contradicting.

Re:I am not trying to obnoxious.

Try http://www.virtualbox.org/ [virtualbox.org], if you want free and open source virtualisation software.

Re:I am not trying to obnoxious.

I've tried to run several exploits under WINE, only to have them crash.

The WINE developers really need to work on the compatibility... :P

Re:Or Unix or Mac ...

yes actually.

Viriuses and bots are Incredibly easy to get installed and infected on a PC. It's brain dead easy.

It's far harder to get a linux or OSX or BSD infection going as you trigger the "you are trying to install "XXXX" enter your admin information to allow this to install for applications that are going to get it's hooks in the system. all other applications ca reside in a location that is safer and installable by the user only. and YES you can do this in linux, a user can download compile and run or even install an app to the user directory and use it just fine.

all OSX users I know dont simply click yes to everything because the software makers have 1/2 a brain for those platforms. windows apps all think they need to shove crap all over the pc. and therefore pc users are usedto having even a fricking mp3 playing app shoving thing in the windows system directory, changing the registry, etc...

stop that stupid behavior (return to farking ini files in the app directory instead of the incredibly stupid registry) and stop installing 65,000 random dll's in the system directories.

Untrue.

You're not right. There's nothing preventing any user from setting up executables directly in his home directory; hell, back in my shell account days, I must have had the equivalent of a pretty good-sized unix system in ~/bin, ~/usr and ~/var.

Your solution simply does not address the dancing bunnies problem [codinghorror.com].

Re:Or Unix or Mac ...

All of your suggestions differ significantly from the default configuration. It's pretty easy to tell Windows to show the real file extension. It's easy to create a new user on your Windows box, and it's easy to only log in as that user. It's easy to install software in this way (right-click, run as.)

Only we're talking about normal users here. Users who aren't going to go to these lengths to protect themselves and their computers. Nor are they going to modify the default behavior of their Linux computers, if we were to set them in front of one. We're talking about users who don't even realize that these are good things to do, so why do you expect them to do them?

Re:Or Unix or Mac ...

Do you honestly think that if Windows were to vanish off the face of the earth tomorrow all these virus authors and botnet operators would suddenly throw their hands up and say "oh well, guess we'll have to find something else to do?"

Well done, you've managed to switch the argument from the factual to the hypothetical.

This is the standard debate tactic in this situation. Get everyone tangled in debating the possibility of potential but non-existant Mac and Linux malware, judging its likelihood against factual and vastly damaging Windows viruses, worms and botnets.

Just acquit Microsoft of all culpability for poor and short-sighted decisions, incurring costs in the billions, for millions of users, by saying, "eh, it was inevitable."

Re:Or Unix or Mac ...

It's the difference between "this platform is inherently more secure" and "this platform is safer because it's not targeted as much." Apple's market share is rising--if it gets too high, it will likely become the target of malware authors.

Detection?

With an "80%" miss rate by AV tools, It would be very helpful to know what software anti-virus programs do detect Storm and Kraken? So that responsible users can check their PC's.

How does it get in? Duh!

Just how Kraken is infecting machines is still unclear, but Royal says the malware seems to appear as an image file to the victim. When the victim tries to view the image, the malware is loaded onto his or her machine. "We know the picture... ends in an .exe, which is not shown" to the user, Royal says.

Re:How does it get in? Duh!

They should just ban that .exe image file format. It's nothing but trouble. It doesn't even always reproduce the image!

Spamming

There are still Fortune 500 companies that allow unimpeded outbound SMTP traffic from their general userbase?

Aggravating...

Does anyone else find it absolutely aggravating that these stories

1. Never tell you how you know if you're infected, and
2. Never tell you how to clean up your shit if you are.

However, they always give massively generalized statistics on how vulnerable you are!

Thanks, asshats.

Idiots

""We know the picture... ends in an .exe, which is not shown" to the user, Royal says."

If it ends in .exe it isn't a picture, you shouldn't keep calling it one.

Heed my words

Beware the Botnet Dwarfs!

Re:Scary

Dispose of Windows, install a more secure OS, and take the time to learn to properly use your new OS

Or you could just learn how to properly secure XP and not go clicking all willy-nilly on every email you receive.

With a combination of three free programs and a bit of common sense, I haven't gotten a single virus or bit of spyware on my XP box in literally years. ZoneAlarm, AVG, and Spybot make a fantastic defense.

Re:Scary

With a combination of three free programs and a bit of common sense, I haven't gotten a single virus or bit of spyware on my XP box in literally years. ZoneAlarm, AVG, and Spybot make a fantastic defense.

..and is undetectable in over 80 percent of machines running antivirus software.

Re:Scary

..and is undetectable in over 80 percent of machines running antivirus software.

Hence why I also said using a bit of common sense (i.e. not clicking on everything that shows up in your email) and using a well-configured firewall. I also will occasionally check on the traffic that is outbound from my PC just to make sure something like this has not occured.

It really is not difficult to keep a windows box secure. Granted, it requires more attention than a Linux box, but still...it's quite easy to set up and maintain.

Re:Scary

Perhaps you don't understand the implications of the article.

ZoneAlarm, AVG and Spybot are _incapable_ of detecting trojans like the aforementioned Kraken simply because they are polymorphic. Don't be ignorant, just because these programs say you haven't been infected, there's a non-trivial chance that you have been.

Re:How bad will i get flamed for this?

AntiVirus software has been relatively useless for the past few years. They charge extra just to detect basic "non virus malware" and they still dont detect the REAL threats!

Signature-based detection is on its way out, and antivirus manufacturers are not adapting well. They have some heuristics that look for weird types of files, but they're not great.

UAC isn't really a solution, either. All it does is to train the monkeys that you have to click an extra time in order to get the banana.

Education is what's needed. I no longer recommend antivirus to my family--I tell them to avoid running programs that they don't know about, not to trust any attachment that comes through the mail, and offer other suggestions for safe computing practices. Running without antivirus works to remove the perception of safe computing, making them actually think about the things that they're doing. This, incidentally, leads to actual safe computing.