NYT Reports Porn Spam Hijacking Network 497
twitter writes "This NYT story describes how thousands of PCs have been used as porn spambots and reverse proxy servers, and mentions that they could be used for kiddie porn. Finally, though Microsoft is not mentioned, people might start to understand what a monoculture of poor quality software enables."
Flamebait (Score:1, Insightful)
-Matt
NYT registration site stories should be filtered. (Score:1, Insightful)
Excuse me? (Score:5, Insightful)
Umm, no they won't. First of all, very few people would notice the article in the first place. Second, people who did notice wouldn't know what to do to protect themselves (not supporting MS isn't an option for 90% of the computer users in the world). Third, was the comment necessary?
FUD (Score:5, Insightful)
"Some random guy says grillions of computers are infected with an undetectable virus and is going to distribute kiddie porn!!"
Please.
P.S. I'm not saying it's not possible, but for fuck's sake, get a few details before bothering to blather on about it for pages at a time.
Total flamebait! (Score:3, Insightful)
Why do the Slash Editors(ha!) put this drivel up? We can bash Microsoft enough in the comments without the extra crap in the article itself.
Just say Microsoft. (Score:2, Insightful)
What is it with the mass media not wanting to say that a given worm or trojan affects only systems running Microsoft Windows?
Erm... (Score:5, Insightful)
Shouldnt that read:
"... though Microsoft is not mentioned, we thought we might use this as an excuse to attack them anyway."
I mean I understand MS doesnt exactly have a large fanbase here but that is frankly ridiculous.
Re:Cause no other OS (Score:2, Insightful)
You hit the nail on the head. I stopped using Windows because I felt like I was not responsible for what I did on my computer. I feel like Windows is constantly changing things, and automagically configuring things for me, without asking. I dont want to install things and have them break other things. That means you're doing something I dont want you to do. I hate that. I hate that it has no security, and all the bitching about anti-microsoft editorials is so ridiculous. Accept the fact that your OS has issues, complain to the company, and then maybe Microsoft will fix things.
What's new about this? (Score:5, Insightful)
Someone (by someone, I mean companies that put out SMTP servers with a large share of the market) should strike while the iron is hot and take it a step further by airing some simple PSA's during a small assortment of shows. Maybe some must see TV "The More You Know" type thing...
Re:Flamebait (Score:2, Insightful)
Why not blame the rain on Microsoft, even though the weather report didn't mention them? They probably use MS to generate their forcasts.
why microsoft (Score:1, Insightful)
why is it always and exploit on a microsoft OS?
well, maybe because the vast majority of people in the world use Windows. So if you're a hacker do you spend your time hacking Apple/Linux or Windows? Windows of course, because there are more users.
if Apple or Linux were the predominant OS in the world, then they would be the ones getting hacked and all of you would consider Windows to be "secure".
Re:is it me, or is it crazy? (Score:3, Insightful)
It'd be like sending your spam e-mails to just 5% of people - not very effective.
Re:Monoculture it is, but... (Score:3, Insightful)
But they passed the driver's exam so it's safe for them to drive a car? Just because they have a basic class in it, doesn't make them safer.
What, you mean you've never seen Grandma swerving across the road?
Re:Obligatory no reg text (Score:5, Insightful)
There is no reason to break copyright law and repost this article. This is an example of irresponsible internet behavior at its worst - there is no justification for such action - this is not 'fair use'--it's just lazyness.
Re:Heh (Score:5, Insightful)
Why is this unfortunate? Do you want to know every nuance of the car you drive, just to get to work? How about when you watch TV? Do you really need to know about NTSC vs PAL? No, you want to watch TV.
Computers should be no different. People just want to send grandma some pictures, surf the web, type a paper, whatever... Not spend forever updating their AV package, SP updates, etc.
A computer is a tool. It is merely a means to an end.
Re:Heh (Score:1, Insightful)
Was twitter's submission the first on this story? Was it the best written? No. No. Does it fit best with the ranting michael would like to do? Yes. So that's the one that gets picked.
Indeed (Score:5, Insightful)
(1) Those that recognize Microsoft's influence and approve of it.
(2) Those that recognize Microsoft's influence and disapprove of it.
(3) Those that are oblivious to Microsoft's influence and wouldn't care even if someone told them.
Groups 1 and 2 are not going to have very many people switching from one to the other. Group 3 is going to have even fewer people leaving it. So the whole "people might start to understand" bit is, quite simply, B.S. It reflects the submitter's membership in Group 2 more than anything else.
Re:Monoculture it is, but... (Score:5, Insightful)
I agree with you: if 90% of the world were running UNIX instead of Windows, we'd still have heaps of insecure, obsolete old RedHat 6.2 boxen sitting around on the Net because users just do not take security seriously and it doesn't matter what the underlying OS is.
I've pointed out before that the rise in popularity of Linux will not make the Internet more secure; it will merely result in poorly-configured Windows boxes being replaced with equally poorly-configured Linux boxes.
Re:Erm... (Score:5, Insightful)
Certainly it may only infect Win32, but that is by design. There have never been rootkits for Linux? Trojaned apps?
Re:Monoculture it is, but... (Score:4, Insightful)
The general populace might never see the difference. Increasing site-operation costs (thereby eliminating small niche sites), government regulation of our activities on the Net, and other factors seem to be dooming us to a repeat of the ClearChannel experience. Maybe I should get out the tinfoil, but I don't see how the powers that be could possibly want us to have unrestricted access to such an empowering (hate that word) medium as the Internet.
Re:Just say Microsoft. (Score:4, Insightful)
What is it with the mass media not wanting to say that a given worm or trojan affects only systems running Microsoft Windows?
In fact, the statement is wildly inaccurate. It doesn't affect VAX computers running VMS. It doesn't affect computers running AmigaOS. It doesn't affect IBM AS/400s running OS/400. It doesn't affect computers running OS/2. It doesn't affect computers running BeOS. It doesn't affect computers running MS-DOS.
I mean, it's patently ridiculous, quite honestly. None of those OSes are Apple Macintoshes nor are they UNIX variants. Actually, for that matter neither is Linux, technically. It's an original from the ground up POSIX-compliant OS (unless you believe SCO
Re:Heh (Score:5, Insightful)
I agree with the general line of your reasoning, but please observe that the examples you mention do not necessarily support your own thesis. First: if you don't know NOTHING about "NTSC vs PAL", you might quite soon end up with an unpleasant surprise buying video tapes abroad. Say, you might be an American on a trip to Amsterdam, taking advantage on their, uh-huh, liberal law regarding the pr0n. Ditto for European in Tokio.
With the car, it's even worse. You can't drive a car without valid license. The authorities consider untrained drivers too much of a threat for the public (and the drivers themselves). And it becomes more and more obvious that the Internet is also a very dangerous place for untrained computer users. You can damage yourself (sometimes just opening an email attachment) and cause damage to the others. You are absolutely right saying:
People just want to send grandma some pictures, surf the web, type a paper, whatever... Not spend forever updating their AV package, SP updates, etc.
Re:Heh (Score:2, Insightful)
Should granny be able to hire a chainsaw and swing it around her head? Probably not. Should idiots be given a computer and be allowed to connect it to the internet without the proper precuations in place? They should be forced on them if they won't listen, just as a hire shop may refuse to hire you a chainsaw.
I'm all for making computers as easy to use as possible (Very commited, in fact), but you can't expect to make them idiot proof. At some point you have to accept that some things cannot and should not be attempted by an untrained person, and work that into the design.
Re:Heh (Score:5, Insightful)
"The rogue program does not affect the Apple Macintosh line of computers or computers running variants of the Unix operating system."
Let's see, it doesn't affect Mac's or *nixes, what else is there? Why didn't they just say that it affected Windows systems only? The average person probably wouldn't put that together. It reminds me of that scene from the new austin powers movie when Dr. evil indirectly tells mini-me to go by telling everybody to get out, but then telling everybody but mini-me they can stay.
Really, I've never seen this before. Usually you report which systems were affected rather than the systems that weren't. What reason, other than ignorance, would the reporter have not to mention windows?
Wow! (Score:5, Insightful)
So instead of their normal scare-mongering by involving terrorism in any way possible, they are now suddenly switching into scaring everyone by mentioning kiddie porn instead? Wow, such diversity! Next thing you know NYT actually becomes a good source of news with facts and interesting content without a "we will spam your ass off" scheme! Maybe right after DNF is released...
Re:Heh (Score:3, Insightful)
Re:Heh (Score:3, Insightful)
hell, even I know that stuff.
computers should be like as cars, your right. you need to know basic maintinence and care and know that if you don't, it's gonna get messed up real quick. if the oil light comes on, stop the car immediately. know that you shouldn't pour sugar in your gas tank or drive into trees. know basic stuff. don't ever open, reply to or send spam- just delete it. update your virus software often. fairly straight forward stuff.
Perhaps someone should make a list of basic do's and don't with your computer and post it somewhere. actually, I think I might do that later.
Re:Cause no other OS (Score:1, Insightful)
So what does this mean? (Score:3, Insightful)
Items like this seem to be happening more and more frequently (spyware, viruses, etc) and I am wondering what the impact will be on the legalities involved. I mean, in the old days, I controlled EVERYTHING that came into and out of my PC -- now, that has changed and there may well be things hiding on my PC that I am not aware of. I do my best to administrate properly but I don't know everything and I am certain that Joe Sixpack knows even less than me about his machines.
Food for thought...
Re:Heh (Score:2, Insightful)
Re:Heh (Score:3, Insightful)
Does the average American have to worry about NTSC v PAL when they go Blockbuster? No. I have to worry about when I want to order the DVD of last year's World Rally Championship season, but I'm buying it from a bloke in England....
Good point about the driver's license. But doing things safely on your computer is more akin to manufacturers making the cars safer rather than the driver knowing their car better. I may know how to service my brakes, but if the design is poor, there's little I can do about it.
If you're designing an operating system for grandma to send email, then it should be completely locked down. Even the default email client should be configured so that it doesn't automatically open attachments. It shouldn't follow the unix "enough rope to hang yourself" maxim...
Re:Heh (Score:2, Insightful)
Re:FUD (Score:3, Insightful)
All email is:
- Sent directly (no relays)
- Usually from always-on internet accounts at cable/DSL companies.
- Either ads for Viagra, email virii, or strangely email with no payload
All the email has forged return addresses and the content (if and ad) is using HTML obfuscation.
The problem with this new technique is because the spam is spread around so many hosts the usually spam reporting/blocking methods are less effective.
With a single host acting as a spam firehose, within an hour it is usually blocked and millions of messages are prevented from being recieved.
With 1000s of hosts, only a few hosts are being blocked, not stopping much spam. Also, algorithms such as Spamvop.net's are defeated because they depend on the volume of email from a single host to determine if the host should be blocked.
The only countermeasures I can see to stop this are either:
A "fast block" option -- a single unmoderated report of spam trigging a block for say one hour, and if more reports come escalate the time the source is blocked.
or
More direct countermeasures -- using some sort of automated hacking tool to recapture the systems have hacked and repair it/close it down. This is of marginal legality, I would imagine, though I think given the intent is benign and there's the internet equivalent of a clear and present danger it might be justified.
Re:Flamebait (Score:3, Insightful)
For example, I went home to visit my parents one weekend, and my mom asked me to take a look at her computer because she was getting dialog box advertisements on her screen. I took a look, and when we got to her computer she had 5 to 10 queued up formatted advertisements on her screen sent to her using "net send". So I shut down the messenger service and turned on the firewall in XP. Problem solved. But why, on the "home edition" of Windows, is the messenger service running in the first place? Why is there this open port on someone's home machine accepting random text messages from the outside world? It's poor design, and the fact that Windows is a monopoly exaggerates the problem and creates an issue for almost every home computer user in the world.
And don't forget the countless other MS-specific issues. Consider ActiveX controls. A user installs something like Comet Cursor on their machine and ends up polluting their OS with adware and spyware. Do users of non-MS browsers have this issue? No. True, the user clicked Yes, but most people are not in the habit of clicking No to every ActiveX control that tries to install itself. Most are benign (as Comet Cursor would appear to be at first glance), and some are useful or necessary (like Windows Update). But you make a bad decision once, and you pay for it effectively until you get a new machine or re-install the OS. There are tools to remove spyware, but sometimes they don't find everything, and that misses the point anyway. The question is why do I have to solve this problem in the first place? Why can't you, the user, transparently remove software from your machine? Because Windows is designed to be so opaque that it's impossible for anyone to know where everything is and how everything works together.
And of course the vast majority of e-mail worms and viruses only affect users of Windows, and more specifically users of Microsoft mail clients on Windows machines. Users of Outlook Express or Entourage on the Mac are safe.
I find this to be a huge issue in the home PC market. Most people are completely unaware that they should not be dealing with these frustrations, and that there is a better way, simply because Windows is all they know. So in that sense, I think it was fair for the submitter to take a shot at Microsoft for this, and fair for michael to allow it to go through.
Re:Heh (Score:3, Insightful)
Re:Heh (Score:1, Insightful)
True. However, this is not really a good comparison. Learning to drive is more comparable to taking a How to Use Your Computer class.
Most of the posters on her sound like mechanics who are shocked that a customer doesn't know how many cylinders their engine has, and the viscosity of the oil.
Re:Heh (Score:3, Insightful)
Another problem with your way of looking at this is, computers were originally scientific instruments for data processing which required a certain level of understanding on the part of the users, who were generally degreed professionals. Computers have been found to be useful for a wide variety of other things, including "sending pictures to grandma" but at their core, they're still pieces of equipment, not toys. When you buy a circular saw or a wood lathe, you read the manual, don't you? And, if you don't read the manual, you fully expect to lose a thumb when you inevitably screw up, right? A computer is much more complicated than a circular saw, so I don't find it unreasonable to require people to actually make an effort and RTFM.
The fact that lazy people *want* it to be a no-brainer toy doesn't actually make it one. The incredible laziness I see in people I meet (and I'm not referring to you, here, just other people I've met) amazes ahd horrifies me. It's like they think picking up a book is going to HURT them...
Re:Monoculture it is, but... (Score:3, Insightful)
You're right. Homeowners shouldn't have to think about things like door locks. House builders need to get with the program and build houses that automatically detect people leaving, lock the doors themselves and close all the windows. And the home builders should make sure only authorized people can get in the homes they build, because after all the home owner shouldn't have to concern himself with all that technical security stuff!!
Re:Heh (Score:2, Insightful)
It isn't elitist to say that computers are fairly unique and complex devices. Just because everyone uses one now, improperly for the most part, doesn't mean they should or even can magically becomes television sets with six buttons on the front.
So I'm curious (Score:3, Insightful)
What I want to know is what can we do about it aside from choosing another site to get our news from? How can we get our issues to the people they need to. Does CmdrTaco really care if there was MS Flaming in the summary? No, he probably likes it, because guess what, it means more comments. Which in turn means more eyeballs on the ads, which in turn means more money from advertisers.
The quality of this site has been going to hell lately, and everybody bitches and moans about it in the comments, but guess what, NOTHING gets done about it. How can we change that?
Re:Would not be a monoculture (Score:2, Insightful)
Nope. We'd have millions of run-of-the-mill configured-the-same-way insecure-by-default multipurpose Redhat boxes instead. We already have that to some extent now, and have for several years. Yes, the uber *nix geeks and OSS zealots and college students with tons of time on their hands do play around and modify Linux, stripping out unnecessary stuff and making interesting things. However, for the majority of computer users, the computer is a tool. If they're going to run Linux, they're going to toss in a Redhat CD (and that CD could be several years old -- people still run Windows 95, you know), run through the install, most likely pick the "Everything" install option so they don't have to worry about not having something, and then forget about it. Is that bad? Yes and no. That process is only secure if the different consumer-oriented distros make out-of-the-box security priority number one. However, there's nothing inherently wrong with that mode of computer use. Not everybody (ie, almost nobody) wants to spend all of their free time messing around with their computer. They want it to just work.
In the end, if Linux were to become dominant over Windows, you're going to end up in the exact same scenario. And the solution to that will be the same as it is today -- user education and better accountability from the software developers. "Switch to Linux!" is not a solution now, and "Switch to <something else>!" is not a solution for the future.
Re:Heh (Score:2, Insightful)
IMO "the average person" is far more likely to know they _don't_ have a Mac, and therefore assume their computer is affected then to believe that because it doesn't say Windows, they're fine.
Re:Heh (Score:3, Insightful)
I think, ideally, I would block the saving of any file on the hard drive unless it has certain extensions (.doc,
Our local public library has the following blocks in place with Fortres Grand:
- console apps
- saving exe, com, sys, dll, and some other extensions
- running apps from A:
- the Start Menu, except for Shut Down
- MS-DOS Mode
Add a heavy dose of AV automagically updated daily without their knowledge and which cannot be disabled.Block everything they do not need to complete their job. It's possible.
-uso.
Re:Heh (Score:5, Insightful)
Computers, on the other hand, are designed to be in partial to full control of nearly anything. In their desktop and laptop form, they are extremely generalized, and a skilled person can do all manner of tasks on it, up to and including writing their own operating system for it.
The problem, in my opinion, is the marketing not the computer. It is fully possible, and indeed there are examples, to make computers specifically designed to do non-generalized tasks, such as the one you provided at the end, reading and responding to email. It is the responsibility of manufacturers to make and support devices that do this, instead of selling all-in-one-wonder desktops that can do everything from receiving television signals to crunching gigabtyes of data in some rendering farm in Simi Valley, California.
I completely agree with your viewpoint there. Where I do not agree is that the desktop concept should be reduced in complexity to become a lesser all-in-one, just for the sake of easy of use. That is what specific intention devices should be manufactured for. There is a legitimate need for multi-purpose machines that goes beyond just satiating types like ourselves that like to tinker.
Oh, and by the way, I know people who do expect their raspberry mango shampoo bottles to connect to the Internet, people want it everywhere. :)
In summery, I don't think things are as bad as you make it sound. Yes, they are more expensive, but if all you want to do is email and a little word processing now and then, an Apple works just fine, and is enough out of the way or the mainstream to where you do not need to be hyper-paranoid about security. When you use something that is by far the most popular, and hated, operating system, in an interconnected semi-anonymous world, you have to expect a little overhead in keeping things secure. If hypothetical person A does not want to put up with that, there are alternatives that work quite nicely, even in the realm of specialized devices. I saw a little black box with a keyboard that hooks up to Earthlink that allows you to do email, and that is it. Bravo.
Once the problem with getting good alternatives to the generalized super-machine is overcome, then you really only have the newness of the tech to get over. Computers are a vast thing. Even the most hardcore geek could not claim to have significant knowledge in more than a few branches (or meta-branches,) and there are thousands of branches -- all weaved in such a way to create potentially millions of pseudo-branches through combination. The fact that we have gotten computers to the point that we have, where a vendor like Apple and even some PC vendors, can send out a machine and have a complete novice checking email a few hours later, is pretty impressive (and I am not even going to try and fix that run-on sentence, I get tired just looking at it.)
Anyway, sorry about the glib response earlier, I just get tired of the car and VCR analogies, because a turn signal stick does one thing, it operates a blinking light -- whereas a computer has to have the hypothetical turn signal programmed, and the same physical material that allows the turn signal software to work can be wiped clean and turned into a SETI number cruncher by somebody else. A powerful ability that implies the potential for powerful mistakes. :)
Re:Heh (Score:2, Insightful)
Re:Cause no other OS (Score:1, Insightful)
I also like the fact that, using IE 6.0, all I have to do is visit a web-site and find that I have the latest in spyware/adware/IE-toolbar installed, without being asked whether I want it or not!
And I REALLY like the fact that I don't have to worry about the extra cash that I might have; I just send it all to M$ for the next upgrade to fix bugs that shouldn't have been designed in in the first place.
What the hell was I thinking??? I will trash Linux today!
Re:Cause no other OS (Score:1, Insightful)
Take your own advice. The security models in Win2k and XP are not any more advanced than those in Linux, even older Linux, at the protocol level. They are, however, proprietary, closed source (so you and every one else really don't know how advanced they may be) and just about guaranteed to be incompatible with anything else but Microsoft products.
As far as the part that any user sees, it is still obvious that Microsoft doesn't get it when it comes to user permissions, logins and, generally, some kind of unified and integrated way to handle multiple users on a computer. The Linux user/permission model may be a little more complicated to understand and use, but it is a helluva lot more consistent!
Cars and Computers (Score:4, Insightful)
There is a lot of maintenance work that requires driver attention and knowledge.
It is much the same with a computer. You may not have to know the internals of fixing it, but you should know enough to recognize that it needs servicing, and know who to take it to when those symptoms appear.