Zombie Network Explosion 262
anti-globalism writes "The number of compromised zombie PCs in botnet networks has quadrupled over the last three months. Shadowserver tracks botnet activity and the number of command and control servers. It uses a variety of metrics to slice and dice its figures based in part on the entropy of botnet infections. The clear trend within these figures is upwards, with a rise in botnet numbers of 100,000 to 400,000 (if 30 day entropy is factored into equations) or from 20,000 to 60,000 (for five day entropy)."
Comment removed (Score:5, Funny)
Re: (Score:2)
I thought Anonymous Cowards WERE zombies.
Interesting. (Score:5, Interesting)
Interesting. Far more interesting to me, however, is speculating on how botnets quadrupled in the part three months.
Re:Interesting. (Score:5, Informative)
I've seen a large increase in SPAM with virus payloads.
Re:Interesting. (Score:5, Funny)
That's odd.
I mostly have a email box full of messages that simply state...
BRAINS!!!!
I hate Zombie explosions, leaves festering goo all over the place.
Re: (Score:2)
So where do the gray hat ethics come into play with fixing these? I'm tired of spam. I've seen a huge spike recently, if I could figure out how to deliver a playload to these computers that would 'fix' them I'd do it in a second.
I can't imagine that there aren't more people out there with the know how that are annoyed by this.
Re:Interesting. (Score:5, Funny)
Yea but if you write a virus to kill their viruses, then your virus could mutate into something malicious and then spread. Then you'd need a bigger virus to kill those, and then those. Pretty soon you'd be emailing out blocks of code the size of an operating system.
It's like in Australia. The first farmers imported beetles to kill off the local locusts, then they found that the beetles didnt die and ate crops too. So they imported cane toads, which also ended up eating all the crops. They they tried cats, which ended up just running away and eating local fauna which were much tastier than cane toads, so they brought in foxes to prey on the cats. Then the foxes became a problem so they sent all the criminals there to kill the foxes. But the criminals got bored of that pretty quickly, and that's how we got Australian rules football.
Re:Interesting. (Score:4, Funny)
Dude, Ubuntu spam! Thats perfect! Just create an email virus that installs Ubuntu and the botnets will disappear!
So THAT"S how they're dong it! (Score:2)
I KNEW Microsoft was up to some new antivirus program [slashdot.org]. The logic is elegant, and brilliant:
- Design a new OS, oh, call it a browser if you want
- Make it a real heavyweight, more RAM used than the host, threads everywhere, screen candy layered over screen candy, shortcuts, you name it, all to consume cycles and starve the bot software (and the viruses, etc.)
- Botnets wither from lack of nutrition. Herders go broke. In fact, no one gets anything else done on their puters any more. No more harm! NO MORE HA
Re: (Score:2)
And that's why we sent possums to New Zealand because their flora and fauna weren't stuffed up at all!
Makes sense doesn't it?
Re: (Score:3, Interesting)
It did fix the problem, but also generated massive amounts of traffic and made systems unstable.
That's pretty much what all the spam and viruseseseses are doing already though. I'd be happy for a few days of slow 'net access every 6 months if it meant everyone was all patched up after that week. Would make it much more difficult for the spammers to get anything done, and most of them would hopefully give up anyway.
Reactive solutions are still not as good as actively educating computer users though. Before people are allowed to use guns and cars they generally have to get a license - well, computers ca
Re: (Score:2)
I assume you mean SPAM as per the currently common definition, unsolicited email. I'd like to add that I've seen a big increase in virus-laden spam (in the original electronic sense) in the form of postings to usenet binary groups.
I don't like this at all.
Easy (Score:5, Funny)
They've become self-aware. Run for the hills!
Re:Easy (Score:5, Funny)
They've become self-aware. Run for the hills!
Won't help, you will be found, in a week we are launching a satelite that has 41 centimeter resolution. The rocket will even have a google logo on the side.
(OK, que the "now they can see my penis(ego) from space" jokes)
Re: (Score:3, Informative)
Cue. Cue the jokes.
Re:Easy (Score:5, Funny)
No, queue the jokes. I'll process them as quickly as a feel like, thank you.
Re: (Score:3, Funny)
Colonel? You'd better take a look at this radar..
What is it, son?
I dunno, sir.. but it looks like a giant-
Dick!
Yeah?
Take a look out to starboard.
Oh my god, it looks like a huuuuge-
Pecker! Wait, that's not a woodpecker, it looks like someone's-
PRIVATES! We have reports of an unidentified flying object! It has a long, smooooth shaft! Complete with-
Two balls!
What is that? It looks just like an enormous-
Wang! Pay attention.
I was distracted, by that enormous, flying-
Willy!
Yeah?
What's that?
Well, it looks like a g
Re: (Score:2)
Um, Skynet [skynet.net] is already active. You can see one of the human zombies on their main page.
Re:Interesting. (Score:5, Insightful)
Probably safe to assume a new hole was found in something windows-ish and is making the rounds, gathering up all the vulnerable machines.
We're likely to see the number decline gradually as people patch up the hole. Trends like this have a sawtooth pattern to them. Sudden jump up, and then gradual decline over time back down to where they started, and then repeats with the next new vulnerability making the rounds.
Re: (Score:3)
i am sure everyone here remembers the code red worm.. few remember the code green worm (the one that spread the same way the code red did but it patched the infection and prevented further infection once it made it in)
i honestly thing it would be a good idea to start doing this - to have a group write patchs that spread in the same way the viruses do
Re:Interesting. (Score:5, Insightful)
Re: (Score:3, Interesting)
yea i know it is almost a taboo thing.. everyone thinks about doing it .. but no one does.. but in reality.. if they can monitor these bot nets and the command and control servers.. why not hijack the command and control servers to distribute the patchs to the bots it controls.. use their own power to take them out.
while the idea of spreading them in the wild seems bad because of the load on nutral or non effected hosts.. if they used the botnet to patch the botnet.. then that should elminate the issue wit
Re: (Score:3, Interesting)
yea i know it is almost a taboo thing.. everyone thinks about doing it .. but no one does.. but in reality.. if they can monitor these bot nets and the command and control servers.. why not hijack the command and control servers to distribute the patchs to the bots it controls.. use their own power to take them out.
A fair idea, but it's not that simple... modern botnets use encryption... the controller and bots share an encryption key... without proper encryption, the bot will ignore all orders because they know they didn't come from the original controller...
So all the controller would need to do... is patch the problem that got them in the system in the first place... that'll stop others from exploiting it to put new instructions in... then, by encrypting all their commands... they ensure... insofar as they can do s
Re: (Score:2, Insightful)
It's a poor idea because of liability issues, and the fact that altering the data in a computer without authorization is illegal. It also provides a defense for the bad guys (e.g. they write a "patch" with a subtle flaw in it, then claim it was with the best of intentions).
What if a "benign" patch takes a server down and it was performing a critical function, and lives are lost (e.g. an ambulance routing service) - who is liable? Arguing that the server was vulnerable anyway to some other malware won't ge
Re:Interesting. (Score:4, Insightful)
i am sure everyone here remembers the code red worm.. few remember the code green worm (the one that spread the same way the code red did but it patched the infection and prevented further infection once it made it in)
i honestly thing it would be a good idea to start doing this - to have a group write patchs that spread in the same way the viruses do
I'd never heard of Code Green, but I do recall Welchia [wikipedia.org].
And that was terrible. It did bizarre things to some people's computers, crushed LANs as it tried to spread, and as bonus made up a substantial amount of net's traffic for a while.
While it's a cool idea in theory, in practice it ends up very inelegant, very fast.
Re:Interesting. (Score:5, Insightful)
Probably safe to assume a new hole was found in something windows-ish and is making the rounds, gathering up all the vulnerable machines.
Before someone jumps on the "everyone should use Linux" bandwagon, Windows has over 90% of the market. Windows also has much more of the casual user market and much less of the enthusiast market - and the casuals don't keep a hawklike watch on their system.
Therefore, if you want to make a big botnet, compromising Windows is the way to go.
Someone found a new vulnerability, but didn't publicize it. Or they're exploiting the same old vulnerabilities (PICNIC, blank admin passwords, etc) and just stepped up their efforts again.
If your machine's admin password is blank and you're not behind a NAT, you are completely exposed. All the botnet guys have to do is get into the system through XP Pro's originally configured default drive shares and replace one commonly used file (say, a favorite new video game) with their payload. The user reinstalls the game figuring it got corrupted and it wipes out how they originally got in - but they're already in the system with a rootkit installed from the time the user tried to run your game, and it's a bot.
The unfortunate reality is that the largest vulnerability is, and will be, the human element. They want their login to be "easy" - so anyone who gets physical access to the machine gets root access with no password credentials, or they use a trivially-cracked password. They want to "simplify" their security arrangements. They trust an email sent by their friends (or sometimes even spoofed to look like it came from themselves) or "system administrator at your domain."
End result? More vulnerabilities.
Unfortunately, the "solution" involves either telling a lot of crybabies "no, you can't have it this way" or else changing human nature. And it's not in human nature to stand up to the crybabies (actually, an actual corporation never would - it's "bad customer relations.")
Not quite THAT bad (Score:3, Informative)
>If your machine's admin password is blank and you're not behind a NAT, you are completely exposed.
As of XP Service Pack 2, the built-in software firewall is on by default, and blank passwords disable network logins. Not that the security posture of the typical home machine is anything we'd consider decent, but it's not the same as running sshd with a blank root password would be.
Re: (Score:2, Informative)
Yep. It's called "users." If I had a dollar for every time a relative or friend downloaded free animated smileys or a free game that completely compromised their system, I'd be able to, well, buy an iPod Shuffle. "Why is my system running so slow?" And that's just the stuff they invited into their machines.
Re:Interesting. (Score:4, Insightful)
Why would you need a hole? All you need to do is write the executable, put it on the web, and send out an email about "greeting cards" or "photos of hot chicks." When all users run as admin by default then there's really no reason to go for anything than a simple download. This is why companies take away admin access from their users and why XP is much, much worse than Vista, by default.
Nah, it's just stupid users (Score:3)
There's that new "antivirus XP" thing doing the rounds. I bet loads of people have been stupid enough to click on that.
Not really (Score:2, Troll)
How can you tell if a box is zombied? (Score:5, Interesting)
Re:How can you tell if a box is zombied? (Score:5, Funny)
"if it's not running Linux it's zombied"
It isn't that easy. It might also be running BSD.
Re: (Score:2)
Zombies are corpses that have been revived and BSD is said to be dying [[Netcraft citation needed]]. I'm pretty sure they can meet somewhere in the middle. ;-P
Re: (Score:2, Funny)
Comment removed (Score:5, Funny)
Re:How can you tell if a box is zombied? (Score:4, Insightful)
With botnets, you can get a pretty good idea by comparing external network logs to user-initiated communication. If they're not talking to their C&C, they're not doing much.
Re:How can you tell if a box is zombied? (Score:4, Interesting)
In fact, I am working on just such a case. By dormant, I mean the initial infection was removed, but the virus added some changes to IE so searches almost exclusively go to infected websites and exploit a java bug to reinfect the machine.
The PC in question was my wife's, and she had followed a link to an unknown sender's e-card (which happened to arrive on her birthday) and it exploited her gullibility and a java bug to install the trojan XP Antivirus '08. I managed to eradicate that virus, but it made a change to IE that I missed initially that takes searches to infected websites and exploits the java bug again to reinfected the machine (mainly with other viruses - Virtumunde has been the latest - both of these are Russian Federation originating). Antivirus software doesn't catch the infections because they happen in resident memory, but the software does find them after they've written files.
The problem is, she needs to have her java patched to remove the java back door, but the virus seems to have tampered with java and it will not patch. I'm going to try a manual uninstall and reinstall tonight. I also likely need to reinstall IE (will try a registry fix first using my XP box as a reference), but MS has made that impossible by design, so I'll probably need to reinstall the entire OS.
Re: (Score:2, Interesting)
Actually being able to turn off my modem by putting it on stand by, and using zonealarm to monitor outgoing traffic requests, lets me see what sort of traffic i have, if I am owned, then it will not be communicating, and I usually do a full reinstall from my backup cds every 3 months, so that in the event i did get owned, i will be only for a short time. At the 3 month interval i also change all the passwords to my accounts. So if someone did have access, they are cut off.
Now however, I do use vmware, and a
Re:How can you tell if a box is zombied? (Score:5, Insightful)
If their internet activity light is flashing when they're not doing anything.
It's surprisingly accurate.
Re:How can you tell if a box is zombied? (Score:5, Insightful)
How can you know that they're not "doing anything" ? They could be downloading patches, an e-mail client could be checking for new mail, an instant messenger client could be exchanging "are you still there" packets with the server, the DHCP client could be renewing the lease, etc.
This is in the same category than "there's hard drive activity when you're not doing anything". It's fine for DOS, but near useless for modern multitasking machines.
Re:How can you tell if a box is zombied? (Score:5, Informative)
This is in the same category than "there's hard drive activity when you're not doing anything". It's fine for DOS, but near useless for modern multitasking machines.
Not really. Most operating systems allow you to monitor disk activity in software. If this is showing nothing, but the disk light is on, then there's a good chance there's a rootkit hiding certain activity. Same with network usage. If your operating system thinks there's no activity, but the network card thinks there is, something very bad is probably going on. If your OS and your network card agree that there is network traffic, then you can try identifying it. Once you shut down everything that ought to be generating traffic, then you can analyse the rest quite easily (on a big network, expect around 10KB/s of multicast DNS).
Of course, this doesn't help if it's an application that's been trojaned. You probably wouldn't notice if your IM client, for example, has been infected and patched to initiate secondary connections. You can try using something like netstat (no idea what the Windows equivalent is) and find every remote host each application is connecting to, and check them against what you expect (if your IM client is connecting anywhere other than your IM server in the background it's probably malware or skype, but I repeat myself).
Re:How can you tell if a box is zombied? (Score:5, Informative)
netstat (no idea what the Windows equivalent is)
It's the same. You can even use "netstat -b" to see which processes are using which connections, which can be quite handy.
Re: (Score:2)
Works well enough on a single non networked box, and apart from the DHCP the rest are easy enough to switch off for a few minutes. Had a similar concern a few days ago when I noticed a lot of traffic going through my router even though I knew I was not running anything that should be using it - process manager didn't show any of the usual culprits (auto updates) so I checked the network traffic with a network monitor. It showed a ton of traffic hitting my router on the port that my torrent client (which I h
Uh, no (Score:5, Informative)
Because plenty of windows core services still send traffic even if there's not an obvious "app" in charge of them (there are a bunch of normal system processes that tend to run services underneath them, some of which involve networking).
And that doesn't count traffic on your network as well. Even if your computer isn't sending anything out, it may be responding to other traffic on the network depending on how things are configured, even if it's just to say "this is not the machine you're looking for."
Re: (Score:2)
I'm running a fairly standard XP install, and when my machine is idle, so is my network. It's not foolproof, but seeing a blip on my router once an hour is not going to make me think my box is compromised. A network monitor helps to see whether unexpected traffic is originating from my box or not in the rare case I need to check.
Re: (Score:2)
That is ALL broadcast traffic, which is why all ISP's should block those ports at the customer premise equipment, as well as subnet the customers to keep them from easily spreading their junk.
Such broadcast traffic typically won't be going out the WAN port (ie: "internet activity").
Re: (Score:2)
Um, broadcast traffic won't spread outside the subnet by design?
Which means it wouldn't flash the "internet" activity light, only the "network" activity light.
Re:How can you tell if a box is zombied? (Score:5, Informative)
Honest question - without resorting to answers like "if it's not running Linux it's zombied" I'd be curious to know how the average user can even determine whether their box is pwn3d.
No, but you could teach them quickly even if they didn't fully understand what they are doing. Simple recipe
1. Turn off PC for half an hour
2. Start it up, and start your network connection. Do not start web browsers or other happs
3. Open up a command prompt from Start-Run
4. Type netstat -a and look for connections
5. Repeat step 4 several times over an one hour period
Now some connections may be software updating (eg. antivirus) but discounting that if you have lots of open connections or they're regularly changing, you have to assume it's probably owned.
Re: (Score:3, Interesting)
Re:How can you tell if a box is zombied? (Score:5, Insightful)
If you are only interested in actively used botnets (for DDoS and spam for example) then when you plug in the ethernet cable the router lights go mad, that's a good sign its pwned.
You can't really look at the network usage using tools ON the machine, as rootkits are designed to hide all their activity from the system tools by modifying them. So the owned windows box may show little or no network traffic while your router is nearly catching on fire. But the lights on the switch/router don't lie.
Comment removed (Score:4, Interesting)
Re: (Score:2)
Microsoft Update has periodic monthly tools that are supposed to give the user a feeling of security.
Re: (Score:2)
Re: (Score:2)
Malwarebytes is much better and gets rid of everything (not root kits though)!
Give up - The performance hit is inevitable (Score:5, Interesting)
Speaking as someone that regularly works on number processing and real-time applications, I've given up on Windows machines. I just assume every Windows box is running ample code that is outside my control, and that code will make the machine much slower for any mathematically intensive computations, especially if they involve disk access or network access. All of the anti-virus code designed to stop viruses and bot-nets is killing Windows as a platform.
One way or another, you pay your speed and uptime penalty. You either pay in downtime caused by the "bad" guys writing bot-nets, malware or viruses, or you pay in slow speed caused by the "good" guys like Microsoft, Symantec, and McAfee, who are trying to stop the bot-nets, malware and viruses. The modern "good" vs. "bad" arms race is resulting in anti-virus software that is so slow that it is strangling the Windows platform with endless code bloat. If you want to prove this to yourself, get an older PC with a fresh Windows installation. Start installing software on it, one package at a time. As the newer service packs are applied, the anti-virus software installed, and the software packages installed, the PC will actually slow down!
Building better anti-virus software for Windows is self-defeating. It slows the computer down to the point that Windows is useless.
Run Linux. Take control of your own computer.
Comment removed (Score:3, Insightful)
Re: (Score:3)
"He often speaks of the coming war between man and the brotherhood of machines."
This makes me sad actually... (Score:3, Interesting)
Re: (Score:2)
The latest hurricane has given birth to a variety of phishing sites, it wouldn't surprise me if better targets to redirect suckers to inspired them to ramp up their efforts, or perhaps these sites are hosting malware to retruit more zombies.
Re: (Score:2)
Re:This makes me sad actually... (Score:5, Funny)
Never underestimate the predictability of stupidity.
I knew you'd say that.
Re: (Score:3, Insightful)
I think I played that (Score:4, Funny)
Re:I think I played that (Score:5, Funny)
All I know is that I saw the words "zombie" and "explosion", and thought This is it! Finally! and grabbed my shotgun. So disappointed.
I wonder if it had to do with... (Score:2, Interesting)
Vista's Security Rendered Completely Useless [slashdot.org] leading more machines (with Vista) open to drive by downloads, etc, becoming zombies?
Re: (Score:2)
I'm sure Microsoft will blame it on the fact that a massive number of machines shipped with Vista are getting upgraded to XP. Vista adoption numbers look great until you subtract all the those...
Vigilante developers (Score:4, Interesting)
I'm actually surprised that we don't see any vigilante developers actually developing something that in some way or another disable or display information about the serious state the infected machine is in.
Of course, I see the problems with doing so (hasn't there been an article about this topic earlier?), but still, there are a lot of infected machines that have been so for ages are not likely to vanish. Bandwidth and cpu cycles can definitely be spent on better things than spam.
Re:Vigilante developers (Score:4, Interesting)
Re: (Score:2)
code green .. was a vigilante patcher virus for code red.. it used the same exploite to infect and patch..
i agree we need more of this realy.. cause damnit.. even if MS does patch all the holes people arn't going to install them.. even the OEM's arnt' going to do it.
i recently got a laptop from dell that was running an over 1 year out of date on patchs image driectly from them.. there is no excuse for that.. they should be patching their images monthly at the least
Re:Vigilante developers (Score:5, Insightful)
I'm actually surprised that we don't see any vigilante developers actually developing something that in some way or another disable or display information about the serious state the infected machine is in.
As a network admin, I would love to see someone write code to destroy the boot sector of an infected machine and then run a shutdown. (No data is lost, but the system is offline)
As a system admin, I would hate to see code out there that does damage to any process on the system, infected or not.
As a developer, I won't go anywhere near that type of software.
As an end user, I want better antivirus with better alerting that doesn't require a full core of my processor to run.
Insane increase in SSH attacks (Score:5, Informative)
Re: (Score:2)
...upon looking at what DenyHosts is...
Neat idea. Thanks!!
Re: (Score:3, Informative)
Same here, for some reason one of our servers on our subnet is a frequent attack for distributed SSH attacks, and there has been an explosion of them in the past few days for us. I've been collecting IP addresses and locking them out via firewall, but more just keep coming.
A Zom Comm Bomb? (Score:2)
What else!
Riddle me this... (Score:5, Interesting)
So if researchers can detect these things with apparent reliability in their process, why can't ISPs detect them the same way and cut the bastards off?
If Comcast and ilk such as that were really interested in conserving network bandwidth, they'd be cutting off zombies instead of putting on bandwidth caps.
Re: (Score:2, Interesting)
ISPs can, and it was something I used to do as an "added feature" at the wireless ISP I used to work for.
It can be construed as an invasion of privacy, and I was yelled at plenty by some of my former customers. While a pain to administer, it had an incredible impact on our network's performance, and a decrease in customer complaints for individual towers being slow, etc.
The same technology Comcast uses (used?) to throttle Bittorrent users most likely could kill off zombies and DoS attacks. It's a shame th
Re: (Score:2)
The same technology couldn't be used to stop DoS attacks -- the connections are broken by forging TCP RST packets. Most DoS attacks don't use TCP. They're also doing a particular sort of network pattern detection that catches BitTorrent but won't necessarily catch a bot.
Granted, there are methods for detecting bots and methods for silencing their traffic.
Re: (Score:2, Informative)
By "technology", I was referring to the black box that sits inline with the uplink(s) to the internet.
The system I used to maintain was such a beast, and it did everything from real-time AV scanning, SPAM scanning, and IDS/DoS functions. It could in fact be used to detect DoS attacks, and send alerts via SMS/email to us. I also used it to shape/limit Bittorrent and other P2P protocols.
http://www.fortinet.com/ [fortinet.com] is where you can find one example of such "technology".
Re: (Score:3, Insightful)
The cost of monitoring, administering, taking action and fielding the incoming support calls from irate customers who have had their service suspended is probably more than simply capping bandwidth and charging for over runs.
Re:Riddle me this... (Score:4, Interesting)
The cost of monitoring, administering, taking action and fielding the incoming support calls from irate customers who have had their service suspended is probably more than simply capping bandwidth and charging for over runs.
You are on to something, but take it up a notch...
The bots are a potential revenue source. The zombie traffic could push normal users over the caps resulting in extra usage fees. How long till an ISP exploits this intentionally (hijack or buy a botnet and make them send files back and forth)?
Re: (Score:2)
So if researchers can detect these things with apparent reliability in their process, why can't ISPs detect them the same way and cut the bastards off?
If Comcast and ilk such as that were really interested in conserving network bandwidth, they'd be cutting off zombies instead of putting on bandwidth caps.
Oh come on, they are all evil, they leave em alone through professional courtesy!
Re: (Score:2)
Botnets account for less traffic than P2P file sharing (a few percent).
Re: (Score:2)
How is that possible when I keep seeing figures, from supposedly reliable sources, that spam email accounts for anywhere from 60 to 80 percent (depending on who's figures you want to use) of net traffic? That's not coming from bots?
some do (Score:2)
They can, and sometimes do.
One time a friend of a friend brought her PC over for me to look at. She said it wasn't working well, and wanted me to fix it. I plugged it into my internet connection just to check a few things, and then went about reformatting it. Later, when I plugged my machine into the net and tried to access the web, I got a default ISP web page telling me to call network security. It turns out that her machine had sent out
why can't ISPs detect them .. ? (Score:2)
If they did, they risk cutting off their own spamVertisers, there's no money in protecting their own customers, it would break stuff, they can't be bothered
Re: (Score:2)
That is false (Score:2)
I don't doubt it (Score:5, Interesting)
I don't doubt it at all. My computer, which is usually the epitome of clean, caught a worm the other day. It was automatically downloaded and executed (no clicks or dialogs) from one of the top 10 mainstream news websites, no less. Most likely one of the injection attacks. Had to really dig into it to find out that it somehow got downloaded by prefetch in Firefox (which has been promptly disabled now).
The ironic part... with all of the precautions I take, it wasn't detected at the router level nor the virus scan level. Windows firewall caught it before it could download its payload. As I manually removed it and restored from yesterday's registry copy, I had to chuckle a little.
But now that I've seen first-hand an unrequested .exe not only downloaded into ./system32 but executed - both without user approval or so much as a dialog box - I can only imagine how many zombies have popped up in the last few weeks.
Re: (Score:2)
Got any more details?
Microsoft Windows Zombie Network Explosion (Score:4, Informative)
Botnet Entropy? (Score:2, Interesting)
The end is a new beginning (Score:2)
If things continue to get worse the year of the Linux desktop will come sooner than you'd expect. I know people who won't do a thing on their computer without worrying about viruses. I think at some point when the concerns and the solutions will have reached a certain point Windows will have irremediably lost its OS monopoly and it won't matter what OS you run anymore.
Not like it matters much anymore for most people anyways, most of what they do involves just a web browser.
Zombie Network Explosion (Score:5, Funny)
Best band name ever!!
microsofts new software (Score:2)
It's all because of Microsoft's new software release, WindowsXP Anti-Virus 2008. Everybody's getting it, microsoft sends them an email telling them to click a link to get the new download. The damn thing won't run on my linux box though, i feel left out... sigh.
Oh, clients, why must you want the silly shit you want?
Love the tag (Score:3, Funny)
security, windows, brains. The three words that have the least in common.
Re:clear sign that (Score:4, Funny)
I wonder if it has more to do with bored students writing malicious code, or bored students downloading "suspicious" content.
Re: (Score:3, Informative)
I wonder if it has more to do with bored students writing malicious code, or bored students downloading "suspicious" content.
I'm pretty sure it isn't the latter, these botnets are not the work of "bored students", they are controlled by organized crime and their ilk.
Re:clear sign that (Score:5, Funny)
Not only did loads of Windows users run the damn thing, but we got loads of helpdesk tickets from Mac users asking for a Mac version.
Re: (Score:2)
Not only did loads of Windows users run the damn thing, but we got loads of helpdesk tickets from Mac users asking for a Mac version.
That has got to be the most depressing thing I've read in some time. There really is no hope for the great unwashed masses, is there?