Forgot your password?
typodupeerror
Crime Security IT

Are Computer Crooks Renting Out Your PC? 208

Posted by samzenpus
from the let-me-see-that-a-minute dept.
An anonymous reader writes "Brian Krebs recently posted an interesting piece looking at an invite-only service marketed on shadowy underground forums that lets crooks 'rent' or 'buy' access to individual botted PCs that can be used to tunnel traffic. The story looks at the mechanics of renting out bots, and the author traces some of the infected systems back to real businesses. From the post: 'The Limited; Santiam Memorial Hospital in Stayton, Ore.; Salem, Mass. based North Shore Medical Center; marketing communications firm McCann-Erickson Worldwide; and the Greater Reno-Tahoe Economic Development Authority.'"
This discussion has been archived. No new comments can be posted.

Are Computer Crooks Renting Out Your PC?

Comments Filter:
  • by WrongSizeGlass (838941) on Sunday April 10, 2011 @05:09PM (#35775998)
    No. I'm so busy surfing /. that I don't have any spare CPU cycles to rent out.
    • by Tablizer (95088) on Sunday April 10, 2011 @06:31PM (#35776434) Homepage Journal

      That "Web 2.0" /. interface indeed is a CPU hog, full of polling JavaScript. Fortunately, they still allow the old-style as an option.

  • by 1s44c (552956) on Sunday April 10, 2011 @05:13PM (#35776020)

    Are Computer Crooks Renting Out Your PC?

    No, I don't run windows and I set it up right.

    • Re: (Score:2, Insightful)

      by rockfistus (1445481)
      Oh god, here come the douche bag linux comments. If you can't secure a windows box enough to stop this sort of thing then yes, you might want to use an alternate OS. It ain't Windows' fault.
      • Re: (Score:3, Insightful)

        by 1s44c (552956)

        Oh god, here come the douche bag linux comments. If you can't secure a windows box enough to stop this sort of thing then yes, you might want to use an alternate OS. It ain't Windows' fault.

        Actually it is window's fault that it's insecure by design. Sure you can work around the problems but it's not 100% effective. Adobe also deserves some of the blame and their flash nightmare is more or less the same on all OS's.

        • by fuzzyfuzzyfungus (1223518) on Sunday April 10, 2011 @05:28PM (#35776132) Journal
          Don't forget Adobe Reader. I've lost count of the number of Reader security advisories that apply to basically every OS they release binaries for. It isn't often you see news of an exploit vector for Solaris; but Adobe manages it.
          • Re: (Score:3, Insightful)

            by Mashiki (184564)

            Don't forget about java. I mean who was the genius who thought that code that's remote should be executable outside of a sandbox? Oh and .net too. Personally it seems like the entire software industry needs a swift kick in the face.

          • by Nerdfest (867930) on Sunday April 10, 2011 @09:33PM (#35777172)
            I actually have an RSS feed [adobe.com] just for Adobe security updates. It's kind of sad.
        • by PopeRatzo (965947) * on Sunday April 10, 2011 @05:31PM (#35776154) Homepage Journal

          Actually it is window's fault that it's insecure by design.

          It's not so much that Linux is necessarily more secure, just that the botnets can't get their software to run on it. Something about not having the right drivers, is what I heard.

          Yep, that's what I heard all right.

          Oh, take it easy...

        • "100% effective"? I doubt that anything is.

      • Re: (Score:3, Funny)

        Yo dog, I herd you like zero-days, so I put a zero day in your box so somebody else can compute while you compute...
      • by Gordonjcp (186804) on Sunday April 10, 2011 @05:22PM (#35776082) Homepage

        "Might want to use an alternate OS" because it's less bother to keep Linux secure than Windows?

        That's only one of the reasons I use Linux. Why would I go out of my way to use an OS that takes extra work to secure? I'm sure there's a car analogy in there involving buying a Yugo with no doorlocks, or being given a Mercedes with central locking and an alarm already fitted, but I can't be bothered making it.

        • by Threni (635302) on Sunday April 10, 2011 @05:50PM (#35776272)

          Exactly. "Are Computer Crooks Renting Out Your Windows PC?" would be a better headline.

        • Why would I go out of my way to use an OS that takes extra work to secure?

          Because you want it to use for 3D design, music/film production etc.

        • by Raenex (947668)

          That's only one of the reasons I use Linux. Why would I go out of my way to use an OS that takes extra work to secure?

          What distribution do you use? Could you describe, precisely, in what way it is more secure than Windows 7?

          • by Gordonjcp (186804)

            Well, I've never used Windows 7 and it's unlikely I ever will. The distro is unimportant; the fact that it doesn't have secret closed-source software and therefore is less likely to have hidden sneaky backdoors in it makes it more secure.

            The main reason I use Linux is because the software I use simply isn't available for Windows.

            • by Raenex (947668)

              So in other words, you don't really know if it is more secure or not. You claimed it took extra work to make Windows more secure. The general problems with Windows security hasn't been because of backdoors put in by Microsoft.

              Now, installing random software and having unpatched software with security flaws, that's a problem that both operating systems have in common.

              • by Gordonjcp (186804)

                No, the original poster claimed it took more work to secure Windows than Linux.

                 

                If you can't secure a windows box enough to stop this sort of thing then yes, you might want to use an alternate OS.

                That suggests it takes extra work to secure Windows, beyond the work required to secure other OSes. Who's got time to fiddle about that that stuff? Just get something that works.

                • by Raenex (947668)

                  No, the original poster claimed it took more work to secure Windows than Linux.

                  And you agreed with it and said that's one of the reasons why you use Linux. So you can't just pass it off now that you can't defend your statement.

                  Who's got time to fiddle about that that stuff? Just get something that works.

                  And there you go again.

                  • by Gordonjcp (186804)

                    I don't really need to defend anything. People keep harping on about things like virus scanners and firewalls and anti-malware and stuff like that, but they are running Windows. I run Linux on my computers, and have never needed to use a virus scanner since the Atari ST days. If Windows is so secure, why do you need to bother with things like virus scanners and firewalls?

                    • by Raenex (947668)

                      Linux has something like 1% of the desktop market. It just isn't a target. Now if everybody switched to Linux because of mythological security, it would be a different story.

                      I ran for years without a virus scanner on Windows without a problem, but then I know basic computer security. A firewall is just good hygiene, whether it's Windows or Linux, though most home routers have one built-in nowadays anyways.

                    • by Gordonjcp (186804)

                      By Microsoft's own figures, Linux has the majority of server market share. Why are there no viruses for Linux, exactly?

                    • by Raenex (947668)

                      Servers don't run web browsers and email clients, and in general don't have consumers who know next to nothing about security, like installing random video codes.

                      However, for sure there are Linux servers out there running unpatched software, and there have been plenty of security issues released over the years for Linux.

                    • by Gordonjcp (186804)

                      It must be hard work running around with those goalposts like that ;-)

                      Anyway, as I mentioned earlier, Windows 7 is irrelevant since it cannot run the software I use daily. That's my main reason for using Linux instead of Windows.

                    • by Raenex (947668)

                      Who's moving the goalposts? You are the one who started talking about Linux servers, when before we were talking about desktops. They're different markets with different attack vectors.

                      However, just search for "linux botnet" if you don't think that Linux servers aren't compromised.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        Yes, but windows does have some rather lax security out of the box. Linux (for the most part) keeps privileges to a minimum unless needed. Your average user doesn't know how, and doesn't want to know how, to secure his windows box.

    • OS and setup notwithstanding, it's entirely possible for you(and yes, even the l33t3s7 of beings) to be tagged by a botnet. People speak the truth when they say that only an disconnected computer is completely safe.
      • by John Hasler (414242) on Sunday April 10, 2011 @05:38PM (#35776202) Homepage

        Possible, but very, very unlikely. Attacking home Linux boxes just isn't cost-effective. There aren't enough of them. Sometimes security through obscurity actually works.

        • by Anonymous Coward on Sunday April 10, 2011 @05:55PM (#35776300)

          You forgot to mention that:
          Linux users have a better common sense then the rest.
          Linux users use legitimate repos when they install any software.

          I think the mac users fit in there as well, but with only linux and windows as experience, I really can't speak for them.

        • by setagllib (753300)

          The article itself mentions that many of these machines belong to businesses, where Linux has a higher share. And while servers are more difficult to attack in general (well, they don't have Adobe Flash or Reader...) they make better targets, and servers are where Linux is the higher profile target. Its heterogeneity and timely security updates save it a lot there. We can expect more effort given to attacking Linux over time, but for sure it will *take* more effort.

        • by JamesP (688957)

          Actually, I've seen my share of linux boxes with malware on them

          Either scanning my servers or actually being in my servers - saw a CPU surge in a box, lasted an hour before I just 'destroyed' the (virtual) box

          So yeah, there are worms that make their way across linux boxes

        • by PNutts (199112)

          Attacking home Linux boxes just isn't cost-effective. There aren't enough of them. Sometimes security through obscurity actually works.

          That doesn't make sense in the context of TFA.

      • by DarkOx (621550) on Sunday April 10, 2011 @06:07PM (#35776342) Journal

        Right on I am getting real tired of "I run X" where X is most of Linux therefor I am secure. That attitude alone tells me you are probably making big mistakes all over the place. Arrogance does that. Its true people writing those comments are probably safer than Joe Public with his OEM crap ware laden Windows XP installation, out of date virus defs, and default Windows firewall configuration, 3000 never applied updates waiting, and logged in as an Administrator, but that is pretty low bar to be above!

        I do IT security for a living, here is a hint. Whatever software you are using take steps we all read about, firewall, antivirus if that makes sense for your platform, don't elevate permissions when your don't have to, keep your box update, and after you have done all those things continuously check to make sure you are still doing them and above all use common sense at all times, always think before you click!

        • That last part is always the most important. One of my siblings tried to download a game just earlier on a different computer, I'm still trying to dig out the trojan. Even if I've got NOD32 running properly and ports properly secured, that one click will break down any effort made. Wish me luck...
      • by CastrTroy (595695)
        A lot of these machines could just be beginners setting up Linux boxes, and not knowing what they are doing. They have the SSH server on, and a weak password, and they are easily pwned. I think that most of these computers probably aren't compromised through people installing unknown software, but rather through bad configuration of servers, that are easily broken into.
    • Are Computer Crooks Renting Out Your PC?

      No, I don't run windows and I set it up right.

      You left out: "And I check on it once in a while.". You are not running a completely secure OS.

  • I knew it (Score:5, Funny)

    by fwarren (579763) on Sunday April 10, 2011 @05:14PM (#35776028) Homepage

    Windows Vista was not that bloated. Microsoft was just monetizing spare CPU cycles on the Russian Black Market.

    • by Anonymous Coward

      And they have the cheek to STILL sell at that price! The greedy bastards! Honestly!

    • by zill (1690130)
      I'm just glad Microsoft didn't charge extra for this involuntary cloud computing client feature.
  • If you outlaw renting computer bots only criminals will rent computer bots. ...profit
  • How did Krebs get access to an "invite only" service? I can't help but feel this is someone's shrewd way of advertising the illegal. Either that or someone is getting whacked for bragging about knowing too much.

    • by Haedrian (1676506)

      I would expect just like policemen have contacts in the criminal underworld, I would assume security researchers would do the same thing.

  • The news on computer security is usually relentlessly bad. It is nice to see an instance where the economic realities of non-targeted attacks make the bad guys slightly more vulnerable. Even if our antivirus overlords are pitifully incapable of keeping us from getting 0wn3d, which seems to be the case, they are in a fairly good position to monitor the 'underground' marketplace and reduce the value of compromised PCs. That won't save the strategically valuable targets; but anything that reduces the rental value of Joe Broadband's horribly compromised porn box is good for Joe, and for the internet generally.
  • by HangingChad (677530) on Sunday April 10, 2011 @05:24PM (#35776102) Homepage

    >Santiam Memorial Hospital in Stayton, Ore.

    I used to provide tech support for doctors offices and hospitals and I can tell you for a fact that their computer security ranges from "bad" to "OMFG!!". Seriously, there were places I wanted to take a shower after leaving because their workstations were so riddled with spyware and trojans.

    • by damn_registrars (1103043) <damn.registrars@gmail.com> on Sunday April 10, 2011 @05:53PM (#35776284) Homepage Journal

      Santiam Memorial Hospital in Stayton, Ore.

      I used to provide tech support for doctors offices and hospitals and I can tell you for a fact that their computer security ranges from "bad" to "OMFG!!".

      That happens for several reasons:

      • The software they use as part of their work requires admin access (bad vendor programming)
      • The hardware they need to access requires admin access (more bad vendor programming)
      • They consider needing an additional password for admin function to be "too inconvenient" (bad user education)
      • They didn't need to do it when they used 3.x/NT/98/etc ... why should they need it now? (also bad user education)
      • They were told that their anti* software would protect them, even without ever updating it - or anything else (bad vendors meeting up with badly educated users)
      • also some vendor hardware / systems block windows updates / are setup so they can't be installed / the vendor has to do the admin work on them.

      • by dwarfsoft (461760) on Sunday April 10, 2011 @06:55PM (#35776556) Homepage

        Most of the "Bad Vendor Programming" I've seen in this situation did not actually require Admin Access, but required specific permissions set for Users to be able to get the programs to function. The reason that these users were ever added to Local Admin was due to "Bad IT Admin" more than anything else.

        After I re-trained the one guy who kept adding users into Local Admin on how to determine (regmon/filemon/procmon) which folders/files/regkeys needed additional permissions (and how to manage a local group for those settings) and he continued to do it, I was only too happy to remove his access to be able to change any security settings or add any users to any groups. Problem was solved.

        It wouldn't surprise me if far too many people in those Workstation Admin roles don't fully understand security, particularly in places like Hospitals where Doctors think they have the authority to tell everybody how things should be done.

        • Most of the "Bad Vendor Programming" I've seen in this situation did not actually require Admin Access, but required specific permissions set for Users to be able to get the programs to function. The reason that these users were ever added to Local Admin was due to "Bad IT Admin" more than anything else.

          While I would agree that just granting admin access is Bad IT Admin, the fault still lies with the vendor, who usually shrugs and says that admin access is necessary even though they are the ones in the position to know exactly what folder/file/regkey access is necessary.

          Since we are usually talking proprietary software, the Good IT Admin's only option is to apply reverse engineering (regmon/filemon/procmon).

          So the fundamental problems are "Bad Vendor Programming" and especially "Bad Vendor Documentation an

      • by jd2112 (1535857)
        And any patches applied to computers attached to medical equipment must have FDA approval.
      • by swb (14022)

        The other reason left out are the number of doctors who are prima donna assholes and insist that going to med school has made them CERTIFIABLE GENIUSES IN EVERY FIELD.

        I work for a small consulting firm and we've had a half-dozen clients in the medical & dental fields and without exception they have all been complete assholes, the dentists worse than the doctors.

        One guy literally tried to physically intimidate me to the point I had to actually push him away. I walked from the office 20 minutes later an

        • It sounds to me that you were doing consulting for physicians in private practice. By my experience they are egotists to a much larger degree that those associated directly with hospitals. I attribute this in part to the dilbert factor that plays in when a physician pursues private practice - now they are business managers as well as physicians. By my experience most physicians who work primarily at or with hospitals are much better grounded (especially teaching or research hospitals).

          On a related obse
    • by hedwards (940851)

      It depends how they're set up, but I wouldn't be surprised if that was often the case. The computers that they use at the clinic I go to are pretty locked down, they only seem to run one program, and they don't seem to do anything else. It's a lot easier to harden a system if there's only one application that's allowed and it's one that you control.

    • by mjwx (966435) on Sunday April 10, 2011 @10:01PM (#35777288)

      I used to provide tech support for doctors offices and hospitals and I can tell you for a fact that their computer security ranges from "bad" to "OMFG!!".

      I provide tech support for a few local retail chains here, everything I've seen has made me _not_ want to use my CC anywhere. Senor POS terminals run Windows XP on Celeron Processors. Senor recommend turning off Windows update. Staff are typically too lazy to type in passwords so the default "senor" user is often left without a password. Access to USB simply requires you to open the access panel at the bottom (not even screwed into place)

      The EFTPOS system is a software client provided by the bank run on a Windows XP box out back which the staff use for general internet access. The client is SSL so it goes over the general internet.

      At least the Pronto system is relatively secure, running on AIX or Linux (prefer Linux, fewer things like backup clients run on AIX these days). of course the client wont update the software so I use the term "relatively secure".

      Of course the client in this case wont let us tighten security. Password everything, move the EFT client to headless machine, silicon up the USB ports, restrict internet access to 80,110 and 443.

      Sticking to cash, the AU banknote has more security measures built into it then Senor POS terminals.

  • Well not so cheap, Call me and we can discuss terms. If you're a crook, I don't want to know, OK? Oh, and I do run windows, and its set up right, just sose ya know...
  • by rudy_wayne (414635) on Sunday April 10, 2011 @06:41PM (#35776476)

    If Brian Krebs can figure out that The Securities Group LLC, The Limited; Santiam Memorial Hospital, North Shore Medical Center; McCann-Erickson Worldwide; and the Greater Reno-Tahoe Economic Development Authority are part of a botnet, then the ISPs used by those companies can do the same. Which points out the real problem with spam, malware and botnets: ISPs refuse to lift a finger to secure their networks.

    Every person or business identified as being part of a botnet should be notified that their Internet access is being terminated immediately and will not be restored until they fix the problem.

    • by loftwyr (36717)

      Then they go beyond "Common Carrier" status and become responsible for the traffic on their network. That would include all the illegal software/media/etc. downloaded through that.

      They'd rather die that have to police your downloads, so they let you have your viruses.

  • by bogie (31020) on Sunday April 10, 2011 @10:52PM (#35777610) Journal

    There I said it. Cut the balls off enough of these people who treat millions of people's important personal property like a plaything and maybe they'll start having second thoughts. I'm tired of it being so easy to reach out an fuck with something that at this point is so critical to most individuals daily lives. And while we can blame MS and the user, lets not forget who the real culprit is. The time and money and IT frustration that results from the work of these assholes is immeasurable.

    You don't see criminals thinking they can walk down the street and then try to break into every single house in a city and then squat in every one that has an unlocked door. I don't know why anyone ever thought it was ok to do the equivalent in the digital domain. I blame not strong enough penalties at the start of pc hacking. If we had started with fingers we probably wouldn't have ever even had to go to balls. But here we are so I vote, balls.

    Can you tell I had to deal with with someone's malware infested pc who had no backup recently?

    • by gl4ss (559668)

      you think some deterrent is going to stop 14 year olds from hacking? because they do hack too. and you can't hold them responsible legally for it.. only for damages, which are pretty hard to convert to cash.

      just run your systems better, m'kay? obscurity wont help you when the shit hits the fan for real and it would be pretty harsh to take away fingers just for messing with your library that you left open and connected to other people. sometimes it's hard enough to try to tell which part was supposed to be f

  • I have a Mac.

    Now before you punish-mod me into oblivion; let me explain:

    I just happened to look at my security logs about a week ago, and there has been a steady (and I DO mean steady!) stream of ne'er-do-wells banging on my ssh port (yes, I use port 22. Call me smug).

    The logfiles (that only went back to January, mind you) had SO many login attempts that I literally couldn't email them to a friend due to a 15 MB email attachment limit!

    I gave up trying to convert the logs to PDF at 6,000+ pages (!!!

Never say you know a man until you have divided an inheritance with him.

Working...