25 Percent of All Computers in a Botnet?

Beckham's_Ponytail writes to mention an Ars Technica article, with some disturbing news out of the World Economic Forum in Davos, Switzerland. Vint Cerf, one of the 'fathers of the internet', has stated that the number of botnets online is larger than believed. So large, in fact, that he estimates that at this point one in four computers is infected with botnet software. We've discussed the rise of botnets numerous times here on Slashot, but the image of 150 million infected computers is more than a little bit sobering. With the extremely lucrative activities that can be done with botnets (such as password ripping, spamming, DDoSing), as well as reports of organized crime adopting 'cyber-terrorism' as a new line of income, is it likely that law enforcement will ever be able to curb this particular bane?

Law enforcement?

[countSudoku()]

Why not start with the ISPs? Have them start policing their own customers and shut off their connections when a compromised system is discovered, then help that poor, unconnected shmuck clean their PC so they can rejoin the world wide pr0n.

I spent two frickin' hours cleaning and protecting my sister's and niece's XP laptops over xmas. Pain in the ass, but at least they're running clean and happy now. This is after I said I'd never help them because they made the mistake of buying XP laptops instead of a Macs. What can you do? Gotta clean it, even if it's partially the cause of the problem and the people using them are not of the highest technical ilk.

Re:How to stop the bots

[x_MeRLiN_x]

25% does seem a little high, but then again it's not hard to imagine that people who this affects don't talk with too many people online who they haven't met in person. Just today I was playing Counter-Strike (1.6 of course) and a fellow player revealed the reason for them not moving or shooting; a pop-up. This is hardly a rare occurrence. I can't empathise in any way with those who are perfectly content to accept their computer is infected with some sort of adware and believe there is nothing they can do to prevent the infection of such malware.

Accountability

[DrLov3]

Accountability !!!
If I leave my car unattended with all doors opened, engine running in front of a bank. If this bank gets robbed, and my car is used by the robber as a getaway car, I'm accountable in front of a judge ..... right ??!?!

Why not the same with computers left unprotected and unattended ?

Re:Use the poison as the cure.

[Anonymous Coward]

Theoretically, the bot authors can just use public key encryption so that if the virus key doesn't match, the bot doesn't execute the program. In practice, they don't yet (I think), but if counterhacking becomes a problem, you'll bet they'll move to it quickly.

But then, maybe just DOSing the bot will work (since checking public key signatures is computationally expensive). As a "bonus", the user may notice that he's in a botnet because all his bandwidth and/or CPU power is being tied up.

Class action

[bigberk]

There could definitely be a class action lawsuit at some point facing Microsoft. That one company has a mass deployment of an operating system that is obviously dreadfully vulnerable to infection. Some might reasonably argue that Microsoft has an implied duty to provide a reliable operating system, as the backbone infrastructure of the modern computing world.

Among the victims of the easily infectable Windows platform are:
1) Large internet service providers, who suffer tremendous bandwidth costs due to DDoS attacks and spam
2) Sites that have been forced offline or had skyrocketing costs due to DDoS attacks
3) Businesses which suffer downtime due to networks congested with worm activity

I think it is time for an ambitious group of lawyers to start barking up this tree. It wouldn't be so big a concern if it wasn't for the fact that Microsoft has made a specific effort to rollout their operating system as a foundation of the world's business computing. They are providing faulty infrastructure.

Re:Bogus Numbers

[99BottlesOfBeerInMyF]

Now, to say that 1 in 4 machines are bots I would have to whole heartedly disagree with. This just isn't very likely. Especially since the lifetime of a specific botnet has gradually been decreasing. Faster AV responses, increased patching, and more bot competition will inherently decrease these odds. Sorry but the daddy of the internet or not.. I think he's off the mark.

I haven't found any sources for the data he cites, but I just happen to have some data in front of me that represents a significant chunk of all internet traffic and the best estimates I have show about .5% of all traffic is botnet traffic. When active bots send abnormally large amounts of traffic for a host, lets just say ten times as much to be very conservative. That would mean each bot would have to be actively spamming or sending an attack about 15 minutes a day on average assuming the 1 in 4 number he cites. Now these are really, really rough numbers, but that is not outside the realm of possibility.

I'll wait until I see real numbers and sources before judging his assertion.

Yes it is possible to eliminate

[gurps_npc]

The single reason why spam and other net abuses go on is that there is no world wide laws. It is a public crime, people can click on the spam and hunt down the person committing the crime simply by following the money. They getaway with it because If one country creates an effective law and enforces it, the spammers can just move to another country.

You want to cure it? Have ICAAN come up with a set of standard, simple guidelines. Not censorship, just simple things like "No sending out spam emails", "No Zombie Bot". Then have ICAAN rule that failure to pass laws enforcing these guidelines (individual countries get to decide what the actual law would be) or failure to cooperate to enforce them results in disconnect for that country from the rest of the internet. That would be ICAAN's sole enforement power

Give people a 3 month warning, then start disconnecting the countries that are the worst violators, giving the secondary violators another warning. In one month, if they pass new laws or fund new enforcements, they get a trial hook up again.

I predict one year of nastyness, during which all countries scramble to create and enforce real laws.

The worst of the worst of the offending countries, might split off and form a secondary, 'dangerous' internet. But who would care.

EVEN MORE SCARY it's 1 in 2 windows computers.

[goombah99]

it says 1 in 4 are infected. But lets drill down. First take out all the mac and linux and Unix computers since the botnet rate, while not zero, is probably not signiciant. We can also exlcude most but not all embedded system. Since mac and linux and Unix , and embedded systems acocunt for more than a quarter of the market this means that most Windows computers are infected at a rate closer to 1 in 3.

Next remove all the server clusters and the majority of computers in highly active IT bussiness envirmonments. We can probably exclude most military computers. That takes out another quarter of the machines.

So basically your personal computer at home or poorly maintained bussiness machines are carrying the bulk of the infection and it's not entirely way off to say the botnet rate is 1 in 2 for windows.

The ISPs could help stop this

[vinn01]

I blame the ISPs for allowing traffic to leave their networks with spoofed IP addresses. That is - passing IP packets that are sourced within thier network with IP addresses that are not within their network.

Botnets spoof IP addresses to make if harder to track down the bots. But the IPS know where the bots are and could kill them, or filter them, if they had the testicles to do it. By pass the spoofed IP addressed traffic they make it harder for the rest of the world to filter the bots.

Botnets would be a heck of a lot easier to filter, and choke, if valid IP addresses were forced on all traffic.

Teenage Drivers

[goombah99]

Insurance rates on teenage drivers are higher. We don't say all cars must be accident free but we recognize group risks are higher for some identifiable groups. insurance rates are higher if you own a race car.

ISP connection fees should be regulated so that if you own a windows computer you are treated as astonomically more likely to poison the internet than if you don't.

Note I'm not saying that because that windows machines pay more because there are more windows botnets. That would not be fair since there are more windows machines out there so naturally they have more instances of botnets. The second thing is that windows Bot's hurt other windows users more than they hurt the rest of us. So they cant be penalized for that either.

What I am saying is that
1) per captita windows machines have more bots than other systems
2) that bots don't just hurt windows user but do affect others.

Re:How to stop the bots

[Anonymous Coward]

If you're counting all computers (including servers), 25 does seem a tad high. If you're counting only Windows desktops, that seems rather low. I'd be surprised if it's below 35%.

Re:Request

[FlashyGustaf]

Checking an anti-spam database for your IP won't tell you anything. Many major ISPs submit all of their non business customer IP ranges to those lists.

Re:Request

[rbochan]

The major ISPs are the problem...

A few months back, I did some work for some folks hat were getting phone calls and actual snail mail from their ISP (rhymes with load gunner) telling them to take their computer off line and have it repaired. The ISP actually did cut them off, because their machine was saturating the line all the time as a spambot and as a server for other bot infections.
The major ISPs will do it, but only if it's already costing them $$ in bandwidth.

Re:This will change with Vista

[Phroggy]

This is actually one of the features I like the most about Windows Vista so far.

Windows 9x had a well-deserved reputation for crashing all the time. Windows 2000 was barely usable when it first came out (because applications and drivers weren't written for NT), but once that got sorted out, it was pretty stable. Windows XP has that same level of stability, but it still crashes from time to time, not because of problems in the OS, but because of buggy drivers or third-party software - I've seen buggy drivers for a wireless NIC send a laptop into an endless BSOD loop, and video card drivers are notorious for causing problems.

Of course any OS will have trouble with bad hardware. I've killed a Linux box just by trying to read a scratched CD.

Anyway, in Windows Vista, whenever a program crashes, or you get a BSOD, Vista sends an error report to Microsoft, and a couple of days later, you get a little popup message that they've identified the problem. It tells you what caused the problem, and what to do to fix it. It actually works!

Please note that I am not a Windows fanboi - I'm typing this in Firefox on my iBook running Mac OS X, and there are three Slackware servers, an iMac, and an old laptop with Ubuntu in the next room. Also note that I wouldn't recommend Windows Vista to anyone for their primary computer until Service Pack 1 has been out for at least a month or so; not only is the OS currently rather broken, but third-party support is crap right now. By the time SP1 comes out, things should generally work (and the extra month is to account for problems and incompatibilities introduced in SP1).

Re:This is a feature of WINDOWS - fix summary

[Phroggy]

Linux machines can participate in botnets too. I found this out when my ISP forwarded a complaint to me. Get off your high horse.

Re:You Are Required by Law

[Watson Ladd]

It's easy to tell that you have a rabid dog, a toxic waste spill, a bad phone line. It's hard to tell if your computer is part of a botnet, esp. if you only have 1 and your ISP is uncooperative. Also, insecure computers don't join botnets by themselves, they get hacked. Saying the owner needs to fix it is going to lead to a lot of outcry about how people who don't understand computers are getting jailed for something they aren't responisible for. They won't get one iota of sympathy from me, but all other lusers will oppose these laws.

Re:How to stop the bots

[MysteriousPreacher]

If he's talking about home-computers then I'd say he's probably not far off based on my experience with users of varying age ranges (from early 20s to 50s) spread between several European countries. Larger businesses shouldn't be so bad off (since the firewalls should protect the users from casual intrusions) but unless the IT department is up to speed, their users are still going to find it alarmingly easy to install malware. Networks are going to have to locked down pretty tight to stop those office PCs from becoming bots.

What about a broadband users license?

[bdwoolman]

There are ham licenses, Why not license high-speed access in some way? It is also powerful. The process does not have to be hard, but at least one person, say, at home or in the SOHO should demonstrate he or she knows how to secure the computer (to some minimal standard) and keep it that way before a broadband install is allowed to the address. You can create all the fine security software and solid OSs you want, but unless the users are clued in then it is hopeless. The bar does not have to be set that high. But there is nothing like a license to motivate a little learning.

Or at least require ISPs to provide minimal security training to their broadband customers. As has been said: Most infection is self inflicted through ignorance. Some people might welcome the chance to learn. I know I did not want to scuba dive without some training. A lot of parents would be motivated to learn about filtering software etc. A license should be grandfathered in of course. This problem will worsen in direct proportion to bandwidth. And certainly there should be citizens' band speeds. (TBD)

People might grumble, but if it is sold as a community responsibility a license track might fly. Most (well, many) people are motivated by a sense of community responsibility. I had a young friend whose computer was a viral soup. Infected beyond redemption. Ruined. I reinstalled Windows for her, which cleaned up the mess, but she was resistant to the idea of anti-virus software because she claimed she did not do anything serious with the computer and did not want to hassle. Her current mess had taken years to build. And, she asked, couldn't she just redo the box again when it tanked? But I pointed out to her that it wasn't just her that suffered, it was the whole community that suffered when she left her computer vulnerable. (I explained a little about bots) The idea that she could be hurting others through inaction really upset her (she had never thought it through) and so we were downloading Zonealarm, AVG and AdAware in no time. In the end she bought a subscription to a suite. McAfee I think.

Before anyone starts screaming about rights and freedoms being taken away, please think about this: A license is a way that a civil society makes its members accountable, from food vendors to electricians. I am less free because of all the bots out there. If people can't get on the highway without demonstrating some knowledge, Why should they get on the information highway in a state of ignorance, especially now that we are banking and shopping there?

Re:Request

[wordsnyc]

This is the ONLY method that will ever put a dent in this crap. Hold the user reponsible. In NY State, every motor vehicle has to pass an inspection, including pollution abatement. Fail, and you're not getting registered until it's fixed. Why not apply the same standard to net pollution? I sure as hell don't know how to fix my catalytic converter, but it's up to me to pay someone who does.