Infected PCs for Rent

prostoalex writes "UK authorities are raising concerns about entire networks of infected and compromised PCs (BotNets) being available for sale or rent to the highest bidder. The Register quotes a detective from Hi-Tech Crime Unit saying 'The trade of BotNets of compromised machines is becoming an industry in itself. Organised crime is making use of this industry.'"

Re:A preview for Grid Computing?

[Abcd1234]

Bah, this is definitely *not* grid computing. Grid computing is sorta like clustered computing, but not quite, where it's possible to purchase CPU cycles from the grid for use in high-performance computing applications. Think a beowulf-for-hire, only the nodes aren't necessarily commodity hardware (for example, here in Western Canada, there's a project to build a grid connecting various academic supercomputing resources).

These zombie-nets, OTOH, are simply large networks of computers that can be asked to do the same thing on a large scale. BFD. Hell, I wrote some Perl code to do just this for administration of a testbed during one of my previous jobs. It's nothing new, and most definitely not an advancement of technology.

Re:Terrorism?

[PurpleFloyd]

So how long before companies/gov't are taken "hostage" by rented DOS machines?

It's already happening [theregister.co.uk]. Plenty of online casinos have been the victims of blackmail from DDoS attackers - basically, the DDoS'ers are running a protection racket. I've heard that the Russian organized crime syndicates may be involved; obviously, this is only speculation by myself and others.

Re:A preview for Grid Computing?

[Paul Townend]

I think that's a really dodgy view of Grid computing. Grid computing is essentially resource/service sharing across heterogeneous nodes (i.e. different types of machines - macs/pcs/microscopes/etc). To do that, the Global Grid Forum [ggf.org] are developing a load of standard protocols and methods for getting everything to inter-communicate.

As far as I'm aware, there is currently no standard way of purchasing CPU cycles or similar, although there are a number of working groups whose remit probably covers this.

The beauty of the Grid is more in being able to seamlessly connect to pretty much any hardware resource you want - I suspect that in reality, the actual economics will be dictated more by existing commercial agreements more than anything else.

Re:please infect a PMG5 and sell it to me cheap!!

[MrRuslan]

RTFA!!!...virus writers are renting out control of infected machenes whos users are clueless...OMG

WTF, you call this "news"?

[Anonymous Coward]

You've NEVER used EFNET, have you?

This shit has been happening for years, virtually unchanged. The only difference is that now it's slightly more automated than it used to be, slightly more publically visible, and slightly more capitalist in nature. But what this article is describing was totally standard for the botnet wars in 1997, just then it was Wingates and "shells" instead of worm infections and "Zombies".

(Posted AC because I'm paranoid.)

Re:Immense power.

[walt-sjc]

My guess by looking at the reject logs of my mail server is that it is at least an order of magnitude larger. These machines are not "owned" by all the same hackers / spammers though, so the impact that one hacker has is not as large as you would think.

Re:Terrorism?

[sgifford]

It depends on whose computers they are. 18 USC 2332 (b) [house.gov], as modified by the Patriot act, defines terrorism as:

(5) the term ''Federal crime of terrorism'' means an offense that -

(A) is calculated to influence or affect the conduct of government by intimidation or coercion, or to retaliate against government conduct; and

(B) is a violation of ... 1030(a)(1) (relating to protection of computers), 1030(a)(5)(A)(i) resulting in damage as defined in
1030(a)(5)(B)(ii) through (v) (relating to protection of computers),

18 USC 1030a [house.gov] refines this:

(5)(A)(i) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

(ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or

(iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; ...
(B) by conduct described in clause (i), (ii), or (iii) of subparagraph (A), caused (or, in the case of an attempted offense, would, if completed, have caused) -

(i) loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $5,000 in value;

The courts have been very liberal in how they define damages to computers; shutting down a government department for a few hours would easily meet this criteria.

So if they're the government's and you say "do this thing or else I'll DDOS your computers", it's definitely terrorism.

The interesting question is, under this law, would it be terrorism for me to say "Senator Levin (our excellent senator from Michigan), if you don't vote against DMCA II, I'm going to have all of my friends email your office" if doing that results in crashing their mail server, forcing them to buy a new one for more than $5K? I guess ambiguities like that are what you end up with when you write a several hundred page law in a few days, as the Patriot act was written.

I run a British email server

[CdBee]

I'm the helpdesk for a medium-sized enterprise and I look after the MIMEsweeper and Exchange boxes

Since about 3 months ago we have been receiving an infected email approximately every other second, mainly during office hours

It's mainly Netsky, or similar and the balance of versions is leaning heavily toward the new 69 and 70kb versions, meaning a lot of people are getting "upgraded" to the latest release. The timing suggests it's mainly office PCs
We're frantically telling all our group companies and contractors to virus-check, and calling-in our laptops, but it is still flooding in.

I'm starting to make a case for using Linux on every PC that doesn't require a Win32 application, as all the usual hassles of managing a linux roll-out pale into insignificance compared to the virus danger our systems are currently under.

Re:I run a British email server

[pe1chl]

We block all executable attachments, zip (etc) attachments containing executables, and password-protected zips.
Additionally we check for known viruses.

No virus has made it past that check yet, even when the "known virus" check did not yet identify it.
(re-scanning the captured mail a day later would identify a new version of one of the wellknown viruses)