New Botnet Dwarfs Storm 607
ancientribe writes "Storm is no longer the world's largest botnet: Researchers at Damballa have discovered Kraken, a botnet of 400,000 zombies — twice the size of Storm. But even more disturbing is that it has infected machines at 50 of the Fortune 500, and is undetectable in over 80 percent of machines running antivirus software. Kraken appears to be evading detection by a combination of clever obfuscation techniques that hinder its detection and analysis by researchers."
How does it get in? Duh! (Score:5, Informative)
Re:I am not trying to obnoxious. (Score:4, Informative)
Re:Spamming (Score:4, Informative)
Yet another reason why you shouldn't be opening e-mail on a production server. Even if you are, the server admin at a Fortune 500 company ought to be smart enough to not click on the latest "Anna Kournikova pics!" e-mail.
Maybe this is my MS says that Outlook on an Exchange server is an unsupported configuration.
Re:Detection? (Score:1, Informative)
Ok 2 more words: watchfor blinkenlights.
My blinkenlights are going crazy right now! Oh, I should stop all my torrents, too?
Re:I am not trying to obnoxious. (Score:3, Informative)
Oh good, nothing running. wineserver runs when you start a program and ends when the last process is closed. Nothing will simply start on its own (unless the process running under wine is aware that is being run under wine and can somehow write to rc.local...even then, you need root privs for that).
Re:I am not trying to obnoxious. (Score:5, Informative)
Re:I am not trying to obnoxious. (Score:3, Informative)
Re:How does it get in? Duh! (Score:3, Informative)
Re:Scary (Score:3, Informative)
The final word is that most people are connected directly to the internet without any firewall or anything else between them and the unwashed masses.
Re:Scary (Score:3, Informative)
You get spyware and crap TELLING you to click on the prompts--and people blindly follow it. Why? They don't know any better.
"For your Free iPod, click the Accept button, and then on the Allow Program dialog."
So, your logic fails.
Re:I am not trying to obnoxious. (Score:5, Informative)
Re:Or Unix or Mac ... (Score:5, Informative)
I assume that I found the correct contest, it fits the description.
They did however get the Vista box, by exploiting a flaw in Flash (from the same article). Both successful cracks was only achieved after the rules had been relaxed to allow exploits by "tricking" the judges into clicking on links to malicious web pages created by the contestants.
On the first day only direct attacks over the network was allowed, and all OSes survived that.
Re:Need to start over (Score:3, Informative)
The same operating systems are in use on businesses all over the planet and no company in their right mind would simply dump the computer on the user's desk with a note saying this was theirs now and they should figure it out.
The second problem is the software. You hear about some game or whatnot from a friend who says they is really great and you have to have it. OK, so it gets downloaded and installed. How was it qualified as being suitable for that computer? How was it qualified as not containins malicious content? Well, neither qualification happened, it was just installed. Period. Whatever operating system administration is required to install the program is done. Without consulting anyone else.
Of course, if two weeks later you discover that your computer isn't working so good then it is time to call in the "expert". And often pay someone to remove whatever it was that is causing all the trouble. Not just reactive but long-time-after-occurrence reactive.
I know of no operating system today that doesn't work in this mode when self-administered. I assure you that if you give a program to an average user that requires both access to all the files on the computer and network access it will be granted, by whatever procedure requires this. Sure, someone clever might wonder why this is necessary but most clever geniuses distributing such malware will have some utterly wonderful sounding total BS answers to such questions.
Sorry, you can't escape the trap that is where we are today. If your computer isn't administered by a competent administrator and you install random crap on it that "Internet friends" tell you about, you are going to have troubles. No question about it. And no "security model" is going to change that. Locked-down machines that cannot be compromised by rogue software being installed will change that. And 90% of home users have no need of something they personally can install software on. Random software. Potentially harmful software.
Re:Designate Windows OS as Terrorist Tool (Score:3, Informative)
Re:Designate Windows OS as Terrorist Tool (Score:5, Informative)
You can make system files immutable in Linux with chattr, an immutable file may not be overwritten by root unless chattr is first run, to remove the immutable flag.
furthermore, you can during install, use chattr to set files immutable, and then set user:owner of chattr to user chattr and set permissions to only allow user chattr to read or execute chattr as well as making chattr immutable so root can't replace it.
So yes, you can idiot proof a Linux system. Even if they still have sudo permissions so they can install new programs.
the basic point of this would be to have some type of chrontab based scanner, a remote administrator (eg: the guy who set it up for mr. i love porn and am stupid) and basically is mr idiot isntalls bad software mr remote admin can remove it, and make fake files in his owner/user group so that mr idiot can't install it again (although without access to chattr it might be hard to prevent mr idiot to find out how to use sudo to delete those files when he asks on a message board how to get around this 'error' when he tries to install software etc..)
although it's SO much easier to just not give Mr idiot sudo permissions and allow mr remote administrator approve any software Mr idiot wants on his system. the point was can linux be idiot proofed, and yes it can, in many functional ways.