Autonomous Intelligent Botnets Bouncing Back

coomaria writes "Thought that 2009 was the year botnets died? Well, think again: compromised computers were responsible for distributing 83.4% of the 107 billion spam messages sent around the world every single day this year, and it's going to get worse if intelligent and autonomous botnets arrive in 2010 as predicted."

What OS?

[Jurily]

Any data on how much of those are running Windows?

Re:What OS?

[Anonymous Coward]

but that's more a testament to the poor development practices of the GNOME project.

Its actually more a testament to the fact that malware can be written for any OS.

Re:"Thought that 2009 was the year botnets died?"

[hatemonger]

I came in here to say this. What idiots thought that botnets died? Oh, wait, I forgot that MSM sometimes pretends they can report on technology without making fools of themselves.

Re:What OS?

[Lord Ender]

I doubt that. I've caught viral botnets that spread via weak SSH passwords. They scan for port 22, try "root/root" and "guest/guest" etc. until they go through their entire username/password dictionary file, then they move on to the next host...

Once they pwn a box, they of course connect out to IRC or whatever to start hosting warez (or whatever else their masters desire). And they continue scanning for 22 and cracking when they see it...

Congrats to the Ubuntu team for disabling ssh by default. You can't get a more secure desktop system than that. But there are datacenters and datacenters full of improperly configured unix servers out there.

Re:What OS?

[Tim C]

One of my friends used to run a Linux server at hone, a couple of years ago.

One day on MSN we were chatting, and he told me about how his server had been rooted. Turns out he'd not kep up to date on his patches, and a vulnerable service had been compromised.

But you're right, Windows is the only OS vulnerable to remote attacks.

Re:What OS?

[AlXtreme]

The discussion is the botnets, and I haven't seen any running on Linux. Those are more of one-off, defacing attacks, or somewhere to run an IRC bot. If you intend on running a botnet for spamming, Windows users are the best targets.

I have. Over the recent years I've seen many automated attacks that target a range of IP addresses, searching for vulnerable SSH accounts, Apache installs with old PHP crapware and various other vulnerabilities. 9 times out of 10 they will start IRC bots or another process that phones home and the botnet operator can use them as he pleases. An IRC bot is not the goal, it is a means to control many such compromised servers at once.

Think that running Linux makes you invulnerable? It doesn't. Linux servers are vulnerable if only due to the large amounts of unmaintained boxes out there. A compromised Linux box is much more useful to a botnet operator than a Windows box, simply because the former will stay online 24/7 and is likely on a high-speed network.

There are companies out there that sell pre-loaded Linux boxes to SMB's as a black-box, not understanding that without maintenance or a proper firewall those boxes will be compromised within a few years. The SMB employees wonder why their network connection is so slow, blaming their computers, while the compromised box pumps out spam as fast as it can... *shiver*

Linux, Windows, BSD or OS X: be vigilant, install updates regularly and check your security.