The World's Biggest Botnets 243
ancientribe writes "There's a new peer-to-peer based botnet emerging that could blow the notorious Storm away in size and sophistication, according to researchers, and it's a direct result of how Storm has changed the botnet game, with more powerful and wily botnets on the horizon. This article provides a peek at the 'new Storm' and reveals the three biggest botnets in the world (including Storm) — and what makes them tick and what they are after."
Does it run on Windows? (Score:3, Insightful)
Well.... (Score:2, Insightful)
You dont know how much I would appreciate a "Internet License" to show basic security and protections on the net. WIth the financial nets and traffic nets as they are, I'd say that hauling a 2 tom missle down a highway and doing this would be similar.
Imagine if you will (Score:5, Insightful)
Comment removed (Score:5, Insightful)
You know the answer. (Score:3, Insightful)
We have heard that line saying it's the fault of the novice computer.
I did not believe that 10 years ago. I still don't believe it.
10 years ago, I thought that Microsoft would fix the bugs that created this Anti-Virus business.
I was wrong. Microsoft never saw a business reason to fix those bugs. Instead they increase the "It's not our fault" marketing, and even got into the [Anti]Virus business themselves.
The Windows Virus-prone bugs 10 years ago were:
- System access/execution from Office templates.
- System access/execution from Active X.
- System access/execution from Browser in general.
- System access/execution from Email attachments.
These features I suppose are there for novices. The same novices that are blamed for perpetuating "viruses" by using these "features".
These "features" have never existed in Linux.
Re:Note total absence of word "Microsoft" (Score:5, Insightful)
Probably because it's not the heart of all these problems. The heart of all these problems is that a billion security-unaware people operate computers that are connected to the internet.
No, the heart of the problem is that windows, despite what M$ claims, was not be designed for those people and as a result those people make mistakes.
Software is soft, it can be anything we want it to be, and assholes who claim that "software can't do software related things" are lying through their teeth.
If thirty odd years ago windows had been designed responsibly we wouldn't have the mess that we have now. Amongst many other things when connected to the net they deliberately confused static data with executables and deliberately ran all programs as administrator. Things that mainframe OS' and Unix had understood and solved decades before. I can remember the very first time I saw a web page with an executable and thinking "you stupid fucking idiots". The ramifications were obvious right from the start; M$ just chose to ignore them.
The marketing parasites, and their patsies, who to this day continue to claim that windows was not a large part of the problem are lying arseholes. M$ is slowly improving their security but they still have a long, long way to go with a culture that still tries to test for security rather than building for it. And yes, despite what some idiots claim, security and user friendliness are not mutually contradictory. In fact they are more complimentary than contradictory with well built security systems helping users to make good choices for their own safety as well as everybody else's.
---
Flash = blink tag = incompetent web designer.
Re:Yes, free software would fix the problem. (Score:3, Insightful)
There are millions of Macs out there, and growing. But they're harder to compromise by design. The elusive "Mac virus threat" remains largely a marketing device for Symantec.
Re:Well.... (Score:5, Insightful)
Re:Well.... (Score:3, Insightful)
Re:Does it run on Windows? (Score:3, Insightful)
Re:Well.... (Score:3, Insightful)
To be honest, I'd even go a step further: I'd make people liable for the actions of their computer, unless they can somehow show that they had taken reasonable steps to prevent desaster from striking.
I don't require people to go through some IT course, but I want them to at least take precaution and not click like braindead monkeys on every piece of junk sent to them because it doesn't hurt them, to hell with the rest. These infected machines hurt the net. They can be used to disrupt communication, they can be used for blackmail, for spam distribution, for crimes. And yet nobody holds those idiots responsible for their foolish behaviour.
To use an ever popular car analogy, if people drove like they use the net, a mass accident with hundreds of people killed would not make it into the evening news. It would be an ordinary everyday matter.
Now, I don't want to create more criminals. I also don't want to discourage people from using the net. I want people to use brains when they do it, I want people to keep their machines clean. That's why I'm in the AV business (certainly not for the money, trust me on that one).
Yes, I want people to use AV tools. I know the dominant stance towards AV kits here, many here never used one and never needed one either. Yes, YOU don't. You know when not to open some mail, you know how to keep your machine clean, you know that something's fishy when your browser acts funny, crashes and then suddenly your HD starts rattling. You care and you act accordingly when something like that happens. The average computer illiterate doesn't. He just stares at his machine, waits for the rattling to stop, sighs in relief when it doesn't seem to be damaged and goes on with his life.
One thing I don't understand is why ISPs don't try to get some deals with AV vendors to bundle it with their access. I'm fairly sure a lot of AV companies would jump on that idea immediately, and the ISP can maybe reduce his traffic load with fewer infected machines spewing less botcrap through the net.
Anyway. What I want is to hold people liable for the damage they do. But try to get a majority for that...
Re:Well.... (Score:3, Insightful)
By participating in a DDoS against me. Can happen easily to you if you're in malware research.
Re:Note total absence of word "Microsoft" (Score:1, Insightful)
Yes, Linux would fix 99% of the problem, the same way not smoking crack will cure a drug problem. Did you think the world's biggest monopoly can't make a secure system if they want to? So why don't they? Because they make more money when it breaks beyond fixing and you have to buy a new one.
Check the literature from before Windows 3.1 spread everywhere, and contrast it with today. Stupid users did not cause Windows. Windows caused stupid users.
Age discrimination and I object! (Score:5, Insightful)
The sophistication of this Storm "application" is much more indicative of a mature elder programmer, who probably has read the complete cypherpunks archives. We talked about stuff like this long ago. Compare to things like the Morris worm, the two Manila children, etc. Those were intense, but brief due to coding errors and the like.
Bah. No, these people are not children and they do know what they're doing.
Re:Well.... (Score:5, Insightful)
Basically, an internet license is a bunch of computer guys telling the rest of the world that the internet is an infrastructure made for the geeks, by the geeks, and of the geeks. If you really want to join the club you can take a test so we can determine if you're suitable, but otherwise, you're unfit to participate.
Look, you're not going to kill anyone being a bumbling participant on the internet, they way you might in a car or with a gun. Yes, it is possible that you unwittingly might cause some economic impact to someone, but is that a flaw of the user or the system? I submit a banking system that lets an ignorant user leak his personal information which can then be used to ruin their credit is broken. I further submit that a system that lets a zombie computer join thousands of other computers in a criminal enterprise is broken.
The problem doesn't just exist between the keyboard and chair, but also in the policies, protocols, and systems that allow a new or ignorant user to fail so spectacularly.
We should be striving to increase internet penetration to the young, the old, and the impoverished, not locking out those who can't understand our poorly built toys.
Typical snob response (Score:4, Insightful)
Because someone does not know much about computers, and specifically computer security, does not make them "stupid". It most often means that they have things they they are skilled to deal with. Because you probably cannot perform open heart surgery does not make you stupid either. It means that you probably know about computers and their security. We all have our areas of expertise and interest and they cannot be everything-there is only so much time and mental capacity.
This type of attitude I find prevalent among people who know a bit about computers. This is one of the reasons that Linux has taken so long to be usable for the masses. Most people do not want to build their own computers and most people don't want to have to learn about computer security. They want the people who specialize in it to make it where it works for them.
Start planning for Linux and Mac variants (Score:4, Insightful)