Forgot your password?
typodupeerror
Security Spam

Infected PCs for Rent 281

Posted by michael
from the 2-bedrooms-1-bath dept.
prostoalex writes "UK authorities are raising concerns about entire networks of infected and compromised PCs (BotNets) being available for sale or rent to the highest bidder. The Register quotes a detective from Hi-Tech Crime Unit saying 'The trade of BotNets of compromised machines is becoming an industry in itself. Organised crime is making use of this industry.'"
This discussion has been archived. No new comments can be posted.

Infected PCs for Rent

Comments Filter:
  • by Anonymous Coward on Friday April 30, 2004 @07:46PM (#9024236)
    Install distcc, and install Gentoo in record time.
  • by overshoot (39700) on Friday April 30, 2004 @07:47PM (#9024246)
    to "on-demand computing."

    Kinda sad to see IBM, HP, and others lagging so badly in commercializing this important new technology.

  • by AtariAmarok (451306) on Friday April 30, 2004 @07:47PM (#9024247)
    This is exactly the same sort of problem that happens in the world of prostitution: pay your "rent", get a disease.
  • by D-Cypell (446534) on Friday April 30, 2004 @07:48PM (#9024256)
    Good to see big industry players using their expertise and experience to enable new market creation.
  • Damn (Score:5, Funny)

    by Beer_Smurf (700116) on Friday April 30, 2004 @07:48PM (#9024262) Homepage
    Damn, one more thing I can't do with my mac.
  • by Dachannien (617929) on Friday April 30, 2004 @07:49PM (#9024269)
    If you can sell it, you can get stung selling it. This may be the sort of thing that law enforcement agencies need in order to start busting people.

  • Terrorism? (Score:5, Insightful)

    by MrChuck (14227) on Friday April 30, 2004 @07:49PM (#9024270)
    So how long before companies/gov't are taken "hostage" by rented DOS machines?

    Now, if we just BLOCK connections from windows boxes to our machines except for (say) WWW or DNS, then our lives are better. pf (in openbsd and now freebsd 5) can do it.

    Me? I'm pulling IPv4 stakes up. Only been spammed once by someone with an IPv6 address.

    • "I'm pulling IPv4 stakes up."

      Just curious, what do you mean by that?
    • by nil5 (538942) on Friday April 30, 2004 @07:56PM (#9024320) Homepage
      Me? I'm pulling IPv4 stakes up. Only been spammed once by someone with an IPv6 address.


      Looks like the only person using IPv6 is a spammer!
    • How can you determine what kind of machine a TCP/IP packet is sent from? Is it not possible to spoof this also? Also, allowing anything but www/dns traffic does nothing for a denial of service attack which targets a website... sort of like the ultimate slashdotting.
      • There are fingerprinting techniques based on things like sequence numbers which can identify some specific OS's. However, it is possible to spoof - but only if you are generting raw TCP packets. I'm not sure if windows supports this. Normally you just make an OS call to open a connection and give it the data to relay.
    • Re:Terrorism? (Score:5, Informative)

      by PurpleFloyd (149812) <zeno20@attbPASCALi.com minus language> on Friday April 30, 2004 @08:15PM (#9024448) Homepage
      So how long before companies/gov't are taken "hostage" by rented DOS machines?
      It's already happening [theregister.co.uk]. Plenty of online casinos have been the victims of blackmail from DDoS attackers - basically, the DDoS'ers are running a protection racket. I've heard that the Russian organized crime syndicates may be involved; obviously, this is only speculation by myself and others.
      • Re:Terrorism? (Score:5, Interesting)

        by SacredNaCl (545593) on Saturday May 01, 2004 @12:08AM (#9025662) Journal
        So how long before companies/gov't are taken "hostage" by rented DOS machines?

        That kind of thing already happens. A friend of mine does administration for a couple small and medium size ecommerce sites. The calling card is typically a 30 minute DDoS attack followed by an email and/or phone call saying "we can make this problem go away if you pay us".

        If you don't pay them they DDoS you a few more times. If you pay them, they DDoS you a few more times and demand more money. Only option is to go to the Feds with it and hope they use attacks your upstream provider can help filter.

      • by Anonymous Coward
        this is Vladimir Borshevski
        we have noted your slashdot identification number
        if you do not stop suggesting in your slashdot posts that legitimate russian business men are involved is such illigitimate adtivities then we will be forced to post a link to your personal homepage on slashdot front webpage (we own taco). you can avoid such unplesantness by sending me check for 200 american dollars.
        Vladimir
    • Re:Terrorism? (Score:5, Insightful)

      by dustmite (667870) on Friday April 30, 2004 @08:36PM (#9024588)

      Distributed DDOS on an organization's servers IS NOT TERRORISM already (unless explicitly accompanied by physical violence or threats of physical violence). Sheesh, have we all been that brainwashed already by Bush and things like Patriot Act?

      If DDOSing some servers is "terrorism", then so is almost every single crime in the book.

      • Re:Terrorism? (Score:4, Insightful)

        by Glamdrlng (654792) on Friday April 30, 2004 @11:03PM (#9025401)
        Distributed DDOS on an organization's servers IS NOT TERRORISM already
        But that nice man Mr. Ashcroft already told me that selling the pot was domestic terrorism...

        Actually, what I'm waiting for is not only for DDOS attacks to count as cyberterrorism, but for downloading pr0n to be considered "moral terrorism".

        One add-on though, I would assert that cracking or DDOSing that results in intentional harm to someone (bringing a 911 center down or targeting a hospital network, for example) can pretty easily be considered terrorism. Blackmailing an online casino? Not so much.
      • Re:Terrorism? (Score:5, Informative)

        by sgifford (9982) <sgifford@suspectclass.com> on Saturday May 01, 2004 @01:40AM (#9025975) Homepage Journal
        It depends on whose computers they are. 18 USC 2332 (b) [house.gov], as modified by the Patriot act, defines terrorism as:

        (5) the term ''Federal crime of terrorism'' means an offense that -

        (A) is calculated to influence or affect the conduct of government by intimidation or coercion, or to retaliate against government conduct; and

        (B) is a violation of ... 1030(a)(1) (relating to protection of computers), 1030(a)(5)(A)(i) resulting in damage as defined in
        1030(a)(5)(B)(ii) through (v) (relating to protection of computers),

        18 USC 1030a [house.gov] refines this:


        (5)(A)(i) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

        (ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or

        (iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; ...
        (B) by conduct described in clause (i), (ii), or (iii) of subparagraph (A), caused (or, in the case of an attempted offense, would, if completed, have caused) -

        (i) loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $5,000 in value;

        The courts have been very liberal in how they define damages to computers; shutting down a government department for a few hours would easily meet this criteria.

        So if they're the government's and you say "do this thing or else I'll DDOS your computers", it's definitely terrorism.

        The interesting question is, under this law, would it be terrorism for me to say "Senator Levin (our excellent senator from Michigan), if you don't vote against DMCA II, I'm going to have all of my friends email your office" if doing that results in crashing their mail server, forcing them to buy a new one for more than $5K? I guess ambiguities like that are what you end up with when you write a several hundred page law in a few days, as the Patriot act was written.

    • "Now, if we just BLOCK connections from windows boxes to our machines except for (say) WWW or DNS, then our lives are better. pf (in openbsd and now freebsd 5) can do it."

      At what cost? Maybe your 500mhz k6-2 can block your sister and moms wintendo box from accessing kazaa, or even route all windows wifi users to a page that autoexploits all ie versions, but what kind of cpu power do you think it will take for an entire ISP to start routing tens of thousands of hosts based on OS version? I'll give you a hin
      • Re:Terrorism? (Score:3, Interesting)

        by MrChuck (14227)
        Not ISPs. Not them. You! Just each of us personally. Of course this is slashdot. Where most of y'all are running Windows. (Me? I count 12 working boxes in sight, with 4 Intel now (none 4 years ago). And no MS software in the house.)

        Mom? Bro? MacOS thank you. OSX means I can fix mom's machine from 3000 miles away.

        So yeah, my boxes that serve and relay mail (80% spam) can just block SMTP connections with Windows fingerprints. Perhaps just bump it up to port 26 and a listener with much more rig

  • by datastalker (775227) on Friday April 30, 2004 @07:49PM (#9024272) Homepage
    While it is deplorable that it takes criminal action (or porn) to move technologies to the forefront, it does happen. This, to me, seems like the famed "Grid Computing", and whilst stopping criminals, I hope law enforcement learns enough to pass the knowledge on so that others can use it for legitimate computing.
    • by Abcd1234 (188840) on Friday April 30, 2004 @08:01PM (#9024366) Homepage
      Bah, this is definitely *not* grid computing. Grid computing is sorta like clustered computing, but not quite, where it's possible to purchase CPU cycles from the grid for use in high-performance computing applications. Think a beowulf-for-hire, only the nodes aren't necessarily commodity hardware (for example, here in Western Canada, there's a project to build a grid connecting various academic supercomputing resources).

      These zombie-nets, OTOH, are simply large networks of computers that can be asked to do the same thing on a large scale. BFD. Hell, I wrote some Perl code to do just this for administration of a testbed during one of my previous jobs. It's nothing new, and most definitely not an advancement of technology.
      • by Paul Townend (185536) on Friday April 30, 2004 @08:37PM (#9024596) Homepage
        I think that's a really dodgy view of Grid computing. Grid computing is essentially resource/service sharing across heterogeneous nodes (i.e. different types of machines - macs/pcs/microscopes/etc). To do that, the Global Grid Forum [ggf.org] are developing a load of standard protocols and methods for getting everything to inter-communicate.

        As far as I'm aware, there is currently no standard way of purchasing CPU cycles or similar, although there are a number of working groups whose remit probably covers this.

        The beauty of the Grid is more in being able to seamlessly connect to pretty much any hardware resource you want - I suspect that in reality, the actual economics will be dictated more by existing commercial agreements more than anything else.
        • by walt-sjc (145127) on Friday April 30, 2004 @09:03PM (#9024773)
          Where grid starts taking off is in corporate (or educational) environments where you have tons of hardware on desktops all over the place that spend 99% of the time doing nothing.

          I really don't see it as a "public" resource kinda thing where you sell your bit of CPU for a couple bucks.
          • "Where grid starts taking off is in corporate (or educational) environments where you have tons of hardware on desktops all over the place that spend 99% of the time doing nothing."

            University computers: queues for PCs at any hour of the day or night, and 80% CPU when they're being used because they're 500MHz pentiums running Windows.

            Normal corporate computers: okay, these aren't being used at night, but remember they're being maintained by petty little people whose ideal day at work involves imposing a
        • The problem is, the term 'grid computing' has been hyped into meaningless.

          CPUs on demand? Clusters? Beowulf? Supercomputers? They all use the term 'grid' to describe themselves, even though they all are different things.

    • Sorry, but no. Very little "computing" would be taking place as the basic function of the zombies is to send large amounts of data to unrelated hosts. It's not as if the controlling computer is asking for computed results...
  • Immense power. (Score:5, Interesting)

    by nil5 (538942) on Friday April 30, 2004 @07:50PM (#9024277) Homepage
    With the number of known vulnerabilities in Microsoft operating systems, (not to mention the ones we don't even know about) it is really not hard to imagine these botnets being frighteningly large. I read one article that estimated the current number at something like 100,000! I'm doubt it's enough to bring down the entire Internet, but this could still be capable of providing some crushing DoS attacks, a la SCO.

    Gives some merit to distributed hosting companies like akamai, etc.
    • Re:Immense power. (Score:3, Informative)

      by walt-sjc (145127)
      My guess by looking at the reject logs of my mail server is that it is at least an order of magnitude larger. These machines are not "owned" by all the same hackers / spammers though, so the impact that one hacker has is not as large as you would think.
  • by Anonymous Coward on Friday April 30, 2004 @07:51PM (#9024284)
    I'm sure this will be redundant by the time it's posted, but at the bottom of the article:

    The new Microsoft Partner Programme is here. Bringing all the advantages of previous programmes into a single framework, we've made it easier than ever for Partners to engage with Microsoft.

    With three levels to choose from, you can select the one that works best for your organisation.

    Become a Registered Member today. No fee. No obligation. Just clear business benefits, including:

    Free business-critical telephone support (charged at national rate)

    Free online technical support

    Online sales and marketing resources

    Sales and technical training

    For more information, please visit: www.microsoft.com/uk/partner/programme
  • 'The trade of BotNets of compromised machines is becoming an industry in itself. Organised crime is making use of this industry.'

    How? Am I confused by think of organised crime like the New York or Russian Maffia.

    • by Carnildo (712617) on Friday April 30, 2004 @07:56PM (#9024327) Homepage Journal
      Think "protection racket":

      "Nice e-business you've got there. Be a shame if it got DDoS'd into oblivion by some unscrupulous types, wouldn't it? We'll protect you against that, for only $50,000 a month! How about it?"
      • I'm definately still more worried about someone showing up at the storefront with six thugs behind him saying they have my girl in the trunk of their cadillac.
      • That'll be SCO's next business venture...after all, they're already experienced, neh?

        SB
      • The problem with this racket is that it offers no more protection than not paying them. If this was a physical case, and you pay protection money to your local crime syndicate, should some other criminals try to get protection money from you the guys you are already paying off will protect you, so that he can protect his income (and territory). When online there is nothing stop you getting DDoS'd by a different group every month. The group you are already paying off have no means of stopping the others, ot
        • Rumor has it, in fact, that some banks have paid blackmail money to gangs in Russia only to discover that blackmail gangs in Russia share lists of suckers.

          The banks would get a message like "we've found $HUMILIATING_SECURITY_BREACH but for $25,000 we won't tell the press". Then they'd pay, and in a week would get a bunch more messages from other places making the same threat and demand.

          Different kind of threat, but the same underlying problem.
  • by Anonymous Coward
    what we need is a good destructive worm to take care of these. "sorry, you're too stupid to use the internet, deleting harddrive."
    • by jrockway (229604) *
      I would flash the BIOS, myself. Then they're *REALLY* fucked. Wipe the FAT (or whatever the new windows FS is) for good measure as well. Maybe that "HEY EVERYONE, IM LOOKING AT GAY PORNO" every other reboot would be good as well (if you don't feel like flashing the BIOS).

      These days I don't even understand why viruses are illegal. You have to type in a *password* in order to be infected (the file is encrypted to avoid scanners). That sounds like consent to run to me (bye BIOS).
  • Sorry Kids. (Score:2, Funny)

    by platypibri (762478)
    You cannot rent these to get those outrageous URT2K4 frame rates you all crave so much. However, it does make me think about writing a "bail me out" script to log some of these machines on a game server as my "back up". Hmmm....
  • by Anonymous Coward on Friday April 30, 2004 @08:00PM (#9024363)
    In Soviet Russia computers rent you.
  • Seriously guys. . . (Score:4, Interesting)

    by UFNinja (726662) on Friday April 30, 2004 @08:00PM (#9024364)
    We need to start beating the living crap out of people who mess with our stuff. Spammers, malware writers, black hats, you wouldn't put up with the neighborhood kid stealing your bike would you? No. You'd go kick his ass and take back your back. It's time to start kicking ass and taking back our Internet.
    • There is a solution (Score:5, Interesting)

      by osjedi (9084) on Friday April 30, 2004 @08:21PM (#9024487)
      I strongly believe that the most effective way to end this would be to scan for compromised nodes, identify them, and KNOCK THEM OUT. Then the user can call the local home-computer fixit guy to come fix their computer. He'll see it's infected with malware and fix it. User gets his computer fixed, fixit guy makes a buck, and one less node is spewing out sh*t.
      Yes, I know this approach would be illegal. A felony computer crime in fact. I want legislation to make it legal and justified. I see it as self defense. Compromised nodes are clogging the internet with crap and the best defense is to knock them off-line. If I were standing in the middle of the freeway, clogging traffic and causing accidents the police would come remove me, by force if necessary. I see zombie nodes on the internet the same way.
      • Sounds like a "preemptive strike", shouldn't have trouble getting that one through congress ;-)
      • I want legislation to make it legal and justified. I see it as self defense

        Yes and no. It wouldn't work. You are giving way too much power to a group that already has too much power. The good effects would be far out wieghed by the negative. Soon after something like this was passed it would be seen as an intrusion of electronic rights, which to some degree it would be. Good on paper, bad in practice. Oh hum, back to the drawing board.
        • You are giving way too much power to a group that already has too much power.

          And which group is this? Computer nerds with too much time on their hands? (Not that that's a bad thing... ) Your "rebuttal" looks good on paper, but I think it might be bad in practice.
      • by Caraig (186934) on Friday April 30, 2004 @08:49PM (#9024670)
        Reaching out and clobbering computers is exactly the same thing that the RIAA wants the legal power to do.

        The only real solution is an ISP-side one. The ISP says, 'If your computer is spewing out malware broadcasts, we have the obligation to kick you off the internet and then help you clean up your computer. If something happens, contact our customer care department or go to the other ISP down the street.' Yes, it inconveniences users but I'd rather see some users inconvenienced than Big Government give legal power to ANYONE to clobber a node without recourse.
      • Scanning for compromised nodes is an aggressive and dangerous activity. But the compromised nodes you care about are already scanning you (like Soviet Russians) so you're safer just scanning the machines that contact you with spam or viruses. It's still Not Recommended, and it's somewhat susceptible to Joe Jobs if not done carefully, but there are days that it's got some appeal. Mostly you ought to feed the results to blacklists.

        Some of the viruses leave easy-to-locate proxies or back doors, which let

      • Freedom of Association Act for Computing Devices

        Computers, like their human masters, have a right to determine who (or what) they will connect to, establish communications with, and direct packets for.
        The inundation to the internet and World Wide Web of infected and compromised machines forces machines to perform operations at odds with the equipment owners' will.

        Therefore, it is proposed that subnets have the ability and the obligation to other community members to detect and destroy packets which
  • Awesome (Score:4, Funny)

    by shadowmatter (734276) on Friday April 30, 2004 @08:01PM (#9024367)
    Whole warehouses of infected PCs for sale? Sweet. I think I'm gonna hit up this place right after I swing by the used syringe lot.

    - sm

  • by WwWonka (545303) on Friday April 30, 2004 @08:01PM (#9024372)
    I find this article on infected PC's/networks for rent so full of sh..#$.\10# \AE \3H......

    Welcome!

    This PC is for rent.
    Please contact us at

    www.Claria.com [claria.com]

  • by Leonig Mig (695104) on Friday April 30, 2004 @08:06PM (#9024404) Homepage Journal

    The scope of this is huge - true - I'm no industry player or top level developer - but still - we can all see the scope of this.

    distributed applications are the killer app of the internet - XAML, .net, Java - all buzzwords. Grid computing - thanks to Oracle - The Internet - so much scope it created the biggest financial bubble in the history of capitalism.

    Now - the corporates (MS?) are getting so inept that criminal gangs are stealing our future off us. Please - let's start stopping them.

  • microsoft (Score:5, Interesting)

    by stfubye (775997) on Friday April 30, 2004 @08:14PM (#9024446) Homepage
    A guy I know runs his unpatched Windows XP computer 24/7, and never does virus scans. The other day he got 1000+ (around 400mb) executable files in his C home directory. I asked him what he plans to do about it, and surprisingly enough he didn't want to apply critical updates. He said he doesn't care what people do to his computer, because he does nothing important on it. It amazes how many people must think like him.
    • Re:microsoft (Score:3, Insightful)

      As much as I'd like to blame Microsoft for creating the security holes in the first place, no ammount of patches can make up for a user who won't keep his machine secure. I don't think he'd be so complacent if one day he found someone had deleted his files, erased his hard drive etc.
      • Re:microsoft (Score:3, Insightful)

        by Mesaeus (692570)
        But that's the point. They won't do that. Instead of having the one time small pleasure of torturing ONE imbecile, they'd rather use him as part of their undead legions, who can smite anything on the Net that even looks funny at them. His pc is far more interesting as a launch platform for attacks against people who do try to secure their networks and who (usually) DO have something worthwhile to attack. Morons like this are quite a bit more rare than 'normal' people, who will try to protect their pc's even
      • Re:microsoft (Score:5, Insightful)

        by DoraLives (622001) on Friday April 30, 2004 @09:08PM (#9024809)
        I don't think he'd be so complacent if one day he found someone had deleted his files, erased his hard drive etc.

        Which is why there's a case to be made for producing malware that's really mal. Perhaps even grand mal.

        In a weird sort of left-handed logic, certain people would be doing the computing community at large a MAJOR favor if only they'd take the time to write viruses, worms, and trojans that would be so kind as to format hard drives!

        • Re:microsoft (Score:4, Insightful)

          by Sepper (524857) on Friday April 30, 2004 @10:56PM (#9025356) Journal
          Or simply a pop-up window that says:

          "This is a Virus. If You do not click Cancel in the next 30 seconds, You computer will be formated!"

          And went the user click cancel, present them an explanation on WHY this happened. Or something like that... Something with REAL infection-properties, but with only purpose to SCARE the user...
          • by BenjyD (316700)
            Security guards in my building (university engineering dept) do this - they test the doors of all the offices they walk past. If one is unlocked, they walk in and leave a note on the desk saying "I could have been a thief - keep your door locked when you're not in"
      • Re:microsoft (Score:3, Insightful)

        by walt-sjc (145127)
        Which is exactly why MS machines should update themselves automatically by default. Power users can turn that off. Considering that the average user of XP Home is totally clueless, MS needs to take the higher ground. They know better.
      • Actually I believe your premis actually supports the obverse of your conclusion. Well here's my thinking on it anyway.

        no ammount of patches can make up for a user who won't keep his machine secure.

        This is more reason to point some of the blame right at Microsoft. For releasing a product so buggy it needs dozens of patches in the first place. I understand no one is perfect, and no coder will think of everything, but with the number of people Microsoft hires to write code and so on they should be d

    • Re:microsoft (Score:5, Insightful)

      by D.A. Zollinger (549301) on Friday April 30, 2004 @09:17PM (#9024861) Homepage Journal
      Well, that's the problem. People don't want to know about viruses, trojans, zombies, etc. They want their desktop. They want their applications. They want it to "just work."

      Consider the phone. People just want to be able to pick up the receiver, dial the number, and talk to their friend/family/co-worker/etc... They don't want a phone switch in their house, sitting under their desk. They don't want all of the burdens involved in maintaining complex hardware.

      I'm willing to bet that the first person/company who can provide people with a computing experience without a computer stands to make a lot of $$$. If they can provide the system maintenance, installation of applications, protection from viruses, protection from hardware failure - they will be able to open a huge market, and cash in.

      This is where I think Linux will prove pivotal, because this is where we lead Microsoft. Our thin client paradigm is so different, that we lead in many areas. Consider how Microsoft does thin clients - 256 colors only, 800x600 max, 8 fps - all rendered on the terminal server where the "picture" of the desktop is sent down the wire to the thin client who displays the "picture" and sends feedback of mouse clicks and key presses to the terminal server. Linux, and X, render everything on the X terminal, and send back and forth on the pipe application information. What does this all mean? You can play quake 3 on a linux X terminal but you couldn't on a Microsoft solution. And it would take YEARS to fix that gap. We lead here, and we could exploit it if we jumpped on this opportunity.

      Did I say World Domination? Oops...now you all know my plans...
    • Re:microsoft (Score:5, Insightful)

      by Rude Turnip (49495) <valuation@[ ]il.com ['gma' in gap]> on Friday April 30, 2004 @09:30PM (#9024929)
      He'll care when there is kiddy pr0n on his computer that was put there by a hijacker and he takes the heat.
  • by DAldredge (2353) <SlashdotEmail@GMail.Com> on Friday April 30, 2004 @08:15PM (#9024449) Journal
    I told you /. was a DDOS front! Most of these 'stories' are placed by competiors of the companies linked from the stories...

    I TOLD YOU!!!
  • Media-whoring (Score:3, Interesting)

    by Pike65 (454932) on Friday April 30, 2004 @08:18PM (#9024471) Homepage
    Is there anything that Organised Crime isn't making use of these days?

    I just wrote a (bad) paper on a networking structure for games systems. I give it three weeks from when I hand it in until Organised Crime get their hooks into it. Apparently film piracy is also part of Organised Crime, and not my mate Donn, as I have previously thought.

    Call me a cynic - but it seems to me that anyone who wants to get the media in on their thing cites Organised Crime as a benefactor and watches the links roll in.

    OK - I'm done.
  • by YankeeInExile (577704) * on Friday April 30, 2004 @08:24PM (#9024509) Homepage Journal

    Scene: A Courtroom

    Bailiff
    The first court of Onlineia is now in session, Honorable Judge Foo presiding.
    Judge
    I have read your complaint. Let's hear from the plaintiff.
    Plaintiff
    Thank you, your honor. In our case, we intend to prove that the defendant, in violation of our terms of service, removed the viruses we had gone through great trouble to install and operate on a network of computers, leading to considerable monetary damages in the sum of $1.2 million
    Judge
    You may call your first witness
    Plaintiff
    Thank you, your honor. We call J. Random Hacker

    Bailiff swears in J.R.H.

    Plaintiff
    Mister Hacker. Did you, on 21 May 2004 rent for exclusive use, twenty-four hours of access to our BotNet DeLuxe service?
    JRH
    I did
    Plaintiff
    And what was your intention when you rented use of the cluster?
    JRH
    Well, at first I just wanted to set up a program to repeatedly check the home page on slasdot, trying to get first post
    Plaintiff
    And how did you go about that?
    JRH
    Well, I wrote this monster of a VB Program, but it was really buggy and I could not get it to work, so I decided to switch to Ruby
    Plaintiff
    And what happened next?
    JRH
    Well, I chose to install Geekdist Linux 12.11 because it came with the toolchain I was accustomed to
    Plaintiff
    But, did you not agree, when you rented this exclusive access not to damage our network in any way?
    JRH
    I guess so ...
    Plaintiff
    And would you not consider removing our access to these machines a form of damage?
    JRH
    No, sir, I do not. I consider the machines upgraded
    Plaintiff
    No further questions.

    ... write your own ending.

    I think a good path for D. to take would be to show that P. does not have standing to bring the case in the first place, but that probably would have come up in pretrial motions... I have to go work

  • by JMZorko (150414) on Friday April 30, 2004 @08:27PM (#9024533) Homepage
    I find this fascinating. Programs like SETI@home use the CPU of millions of distributed nodes to crunch SETI data -- a far more scalable solution to computing problems like this than running a big machine / cluster of your own. This article describes the same thing, except on the opposite side of the line -- millions (potentially?) of distrbuted nodes being used to do the will of spammers / virus writers / etc., a far more scalable solution than running your own spamming system.

    Really, I do find this fascinating, albeit in an underhanded way.

    Regards,

    John

  • question (Score:5, Interesting)

    by moviepig.com (745183) on Friday April 30, 2004 @08:28PM (#9024543) Homepage
    So there's a new micro-ecology of predators (spammers) and prey (vulnerable machines).

    Presumably the exploitation of these victim-lists will proliferate with all the automated efficiency that is the spammer's hallmark. At its logical extreme, there'll soon be multiple spammers descending simultaneously en masse onto each listed victim, which one way or another results in the victim being shut down (presumably).

    So, might the predators eat themselves out of existence?

    (I know. I've been watching too much sci-fi.)

    • Re:question (Score:5, Interesting)

      by Xeger (20906) <slashdot.tracker@xeger@net> on Friday April 30, 2004 @08:48PM (#9024664) Homepage

      An interesting idea.

      If we take our cues from nature, I would expect that long before the predators exhaust their supply of prey, they will turn on each other. Each predator's worms/virii/malware will begin to not only infect machines, but destroy competitors' malware that has already infected the machine.

      In fact, come to think of it, the most effective way to own a box is to infect it, destroy any competing malware, and then patch the exploit that allowed you to infect it in the first place! We may begin to see host-healing worms that do just this. (Without the ability to kill off competing infections, however, this practice is only marginally useful.)

      • I hope instead that we see something like a better-coded variant of Welchia, which infect, patch, spread, and then delete itself or go dormant.
      • Re:question (Score:5, Interesting)

        by tunabomber (259585) on Saturday May 01, 2004 @12:34AM (#9025752) Homepage
        This thread is getting really bizarre. This "host-healing worm" you describe reminds me of that episode of Futurama where Fry gets infected with space worms that turn his body into their palace and treat it as such, giving him superhuman healing abilities, as well as increasing his intelligence and muscle build.
        This begs the question: will viruses ever stop being viruses and start being symbiotic entities that live in our computers similar to the e. coli bacteria in our intestines (which we need to digest food properly)?
        Someone earlier mentioned that there are few viruses out there that reformat hard disks, because doing so puts people on guard, preventing future infections. And someone else mentioned that he knows someone whose hard drive is full of strange executables that are undoubtedly of malicious origin, but the person doesn't care as long as the computer still runs the same.
        Following these trends to their head, I believe the "virus" (if you want to call it that) of the future will be something that infects a machine, and then does everything it can that is invisible to the user to improve the state of the computer: it would run windows update periodically to defend against other worms, perform hard disk defrags and other performance optimizations to give it more computing resources to work with, all the while giving the user's packets and tasks a higher priority so as to not set off any alarms. This is the type of worm that would "earn" its place on the computer by being so inocuous that the user wouldn't even have to worry that it's there.

        Viruses have already evolved to parasites, and soon they will be symbiotes.
  • by Anonymous Coward on Friday April 30, 2004 @08:53PM (#9024702)
    You've NEVER used EFNET, have you?

    This shit has been happening for years, virtually unchanged. The only difference is that now it's slightly more automated than it used to be, slightly more publically visible, and slightly more capitalist in nature. But what this article is describing was totally standard for the botnet wars in 1997, just then it was Wingates and "shells" instead of worm infections and "Zombies".

    (Posted AC because I'm paranoid.)
  • ... for $12/h. Who wants it?
  • the only answer (Score:5, Interesting)

    by pizza_milkshake (580452) on Friday April 30, 2004 @08:55PM (#9024715)
    the only real answer would be to write a worm to wiggle its way onto exploitable machines, patch known holes, i.e. turning off most services, setting common application settings to common-sense ones and then delete itself.

    unfortunately, this would be illegal. however, that won't stop anyone; what's stopping people from doing this is that to someone who could do it it's a waste of resources. if you have all those machines out there you can get your hands on, why not use them for your own nefarious purposes, since the people who own them neither have the common sense nor the ability to control their own machines.

    • Eh? And what happens when you need to fix next week's patch after already releasing last week's worm? Are you going to flood the net with crap for each Microsoft update? Leave a 'back door' in your worm that no bad guys will find? It wouldn't work in the long run (and I'm being generous and allowing that there's a small chance in hell it might work short-term to patch a few current holes), and it'd be at least as annoying as the previous viruses. We already have NetSky et. all and a worm war - and I haven'
    • If you're going to do something illegal, go whole hog & just nuke infected machines. Not only would it be less work, but it would also teach people to do their own damned updating.
  • by ToadMan8 (521480) on Friday April 30, 2004 @09:56PM (#9025051)
    We have a bot network problem like everyone else... these things riding in on the coat-tails of the M$ft vulnerabilities has given us the 'ol one-two punch.

    We estimate anywhere between 400 and 1500 of the ~10,000 on campus (student resedential) machines have some sort of back door installed.

    We have blocked any incoming traffic to any dorm machine (regrefully) so they can't be controlled from outside because we mostly are tired of getting blacklisted for DoSing people or for spamming.

    The saving grace has been TippingPoint, a network traffic analysis tool that sits behind the backbone routers and adds a latency-free checkpoint dropping traffic related to the M$ft security exploits. And when they get Blaster, Bagle, Nachi, etc etc etc they get automatically disabled by the routers and we (IT Services Support on campus) either fix their issues for them or they have to fix them themselves. When fixed they are automatically re-enabled.
    • by davisk (664811) on Friday April 30, 2004 @10:14PM (#9025134)
      Blocking incoming connections won't help terribly much when the backdoor is a bot that connects to an irc channel and receives its commands from there.
    • We estimate anywhere between 400 and 1500 of the ~10,000 on campus (student resedential) machines have some sort of back door installed.

      Here's a solution. Enact a policy that allows you to block all traffic to *and from* any machine you detect to be infected until that machine has been fixed. Block it at the router nearest them, and only allow traffic to and from your local mirror that has all necessary fixes on it.

      Believe me, people will get their machines fixed pretty quick smart when they can't get a

  • Either we need for users to be forced into securing their boxes (which can't happen) or someone needs to write a bot/virus/trojan that downloads and shares 'illegal' software, music, and movies.

    At this point, mandatory DRM will be lobbyslated by our congresswhores or the RIAA/MPAA/BSA will be made powerless, as everyone with a pOwnzored box is currently not held responsible for computer maintenance - lawsuits would come to a head, and the wrong person will finally be sued, who will take them on. Either w

  • by The Master Control P (655590) <<ejkeever> <at> <nerdshack.com>> on Friday April 30, 2004 @11:56PM (#9025619)
    When I play BZflag, if you do certain activities too often (teamkilling, usually) the server will usually automatically kick you.

    If your computer is infected with malware (spamware, adware, spyware, trojans, viruses, etc), it will constantly be generating large amounts of traffic on seemingly random ports. Your ISP will kick you for being a danger to the rest of the Internet. If you attempt to reconnect without cleaning your computer, you will be kicked again.
  • by CdBee (742846) on Saturday May 01, 2004 @04:05AM (#9026376)
    I'm the helpdesk for a medium-sized enterprise and I look after the MIMEsweeper and Exchange boxes

    Since about 3 months ago we have been receiving an infected email approximately every other second, mainly during office hours

    It's mainly Netsky, or similar and the balance of versions is leaning heavily toward the new 69 and 70kb versions, meaning a lot of people are getting "upgraded" to the latest release. The timing suggests it's mainly office PCs
    We're frantically telling all our group companies and contractors to virus-check, and calling-in our laptops, but it is still flooding in.

    I'm starting to make a case for using Linux on every PC that doesn't require a Win32 application, as all the usual hassles of managing a linux roll-out pale into insignificance compared to the virus danger our systems are currently under.
    • We block all executable attachments, zip (etc) attachments containing executables, and password-protected zips.
      Additionally we check for known viruses.

      No virus has made it past that check yet, even when the "known virus" check did not yet identify it.
      (re-scanning the captured mail a day later would identify a new version of one of the wellknown viruses)

When you don't know what to do, walk fast and look worried.

Working...