Botnet on Botnet Action 187
Dausha writes "The Tech Web news site reports a story about Botnet turf wars. Botnets have been around for a while, and are increasing in severity. The latest innovation finds Bots capturing and securing host computers from other bots. Security includes installing software patches, shutting down ports, etc."
The fat years are over (Score:5, Interesting)
So the maximum amount of machines to have is pretty much reached. Now the battle for the precious dimwits started. Well, it started some time ago, but we now get a lot of bot malware that actually tries to kick out the competition.
What for, one may ask. Why the overhead? I mean, what's wrong with 2 competing botnetters controlling a computer?
Bandwidth. You can only pump so much spam out of a machine with a given bandwidth. If two try that at the same time, they have to share. And sharing is not really a trait of a botnetter.
So, let the games for the herd begin. If anyone's looking for me, I'm in the lobby getting popcorn.
What I want to see is a Botnet that (Score:3, Interesting)
With all the punk 1eet programers out there, you would think that someone would spend time writing this instead of silly viruses.
I am tired of having pop-up advertisements beat my pop-up blocker.
Meme Wars (Score:1, Interesting)
Re:Note to Editors (Score:5, Interesting)
When you're working for evil, you don't have to worry about collateral damage. If you cause one system out of 100 to stop working completely, or just have some incompatibility that makes it less useful to the user, you don't care. If they didn't want to be infected, they'd have better security. Propagating evil viruses, trojans and worms is easy because you can be careless and expect the rest of the world to reboot if you have a bug.
This is also why large organizations have people to test that patches don't break the necessary functionality in their supported applications. If something breaks, they have to support it, so they make sure it's not going to come back to bite them. This takes a fair amount of time, people, and all of the supported configurations to ensure that things are safe. It's a real pain in the neck (or other body part) to do a good job at this.
The most secure machine is one that is turned off, unplugged and locked in a room that has an armed security guard with standing orders to shoot everyone. That's not the computer usage model that any of the companies listed want to encourage. They want the user to be insecure to different degrees.
Re:This has been going on for years, (Score:3, Interesting)
Windows is the primary target simply because it has a market share of roughly 90% in the consumer area. You may safely assume that a business server is administrated by someone who has at least half a clue and uses security features, no matter how lenient, so the consumer is the core target group for botnetters.
Since most modern attack schemes rely not on system weaknesses but on user stupidity, this would work in every environment.
What it really has to do with is users clicking on everything and allowing everything their (rarely but still sometimes existing) security tools ask them to allow.
Unfortunately, this is not true (Score:3, Interesting)
With profits already dwarfing that of the global drug business, there is every incentive for these tech savvy mafias to continue their heavy investment in improving their infrastructure. Most people in IT do not even yet realise the scope of the threat we are facing.
Re:Unfortunately, this is not true (Score:3, Interesting)
Corporate networks are largely unintersting. Few people store their personal information on their corporate machines, simply because it would be against their working contract in most places to use the machine for personal business. At best such networks would be interesting for their bandwidth, but they are usually a lot closer monitored than private machines and nets.
Yes, the stealthyness will increase. It already does. 2 years ago the average malware was an easily detectable process, now it is a thread in a running process and will evolve into a full blown rootkit in no time. I give us about 6 months tops before rootkits become a real problem. The trials are already out and running.
AV tools are improving, too. But there is no replacement for brains and common sense. Unfortunately, a lot of machines are lacking in the user department. And what's worse, they're not upgradable.
Re:The fat years are over (Score:3, Interesting)
Re:Note to Editors (Score:5, Interesting)
The internet is still pretty much wide open, with no single governing body. A vigilante group could operate out of any number of less-than-cooperative countries. And this vigilante group does NOT have to be 100% good or careful. These zombies exist because their owners don't know or care enough to keep their machines safe, and now they're out attacking the rest of us. I have about zero tolerance for dangerously ignorant people or their hardware when it's threatening mine.
In medical terms, these zombies would be defined as malignant cancerous cells, and botnets as tumors. And to carry the medical analogy further, the treatment is to kill the rogue cells. We don't contact them, and ask "hey, Mr. Cancerous cell, you're hurting the rest of us, would you please stop?" No, we use chemo and radiation and surgery and remove and destroy the tumors so they don't spread further.
I really don't see why a vigilante group can't send out "good-faith" efforts to patch bad machines. If those machines die as a result of a bad patch, well, perhaps its because they deserved to die. I certainly wouldn't complain if someone started actively dismantling these networks.
Map? (Score:3, Interesting)
Re:Note to Editors (Score:5, Interesting)
Some of us try.
A while ago, I got a spam message, trying to infect me and connect me to a botnet - the software was a hacked up mIRC client with some DLL plugins. The client would automatically open a second connection, connect to a random network and channel, and proceed to spam people with virus messages on join. ("Type
After talking to the admins, we banned the owners (only certain nicknames were allowed to control the bots), and replaced them with an eggdrop that had the infected people download and install an automatic cleaner. Thousands of infected computers were cleaned overnight, and hundreds more over the next few weeks. Is it possible that the cleaner broke a machine or two in the process? Possible, but unlikely (would be most likely due to a variant of the bot). Oh well - it made the IRC servers I used a lot more useful.