Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Crime Security IT

Are Computer Crooks Renting Out Your PC? 208

Posted by samzenpus from the let-me-see-that-a-minute dept.
An anonymous reader writes "Brian Krebs recently posted an interesting piece looking at an invite-only service marketed on shadowy underground forums that lets crooks 'rent' or 'buy' access to individual botted PCs that can be used to tunnel traffic. The story looks at the mechanics of renting out bots, and the author traces some of the infected systems back to real businesses. From the post: 'The Limited; Santiam Memorial Hospital in Stayton, Ore.; Salem, Mass. based North Shore Medical Center; marketing communications firm McCann-Erickson Worldwide; and the Greater Reno-Tahoe Economic Development Authority.'"
This discussion has been archived. No new comments can be posted.

Are Computer Crooks Renting Out Your PC? More

Are Computer Crooks Renting Out Your PC?

Comments Filter:

  • Re:Are Computer Crooks Renting Out Your PC? (Score:4, Interesting)

    by Gordonjcp ( 186804 ) on Sunday April 10, 2011 @05:22PM (#35776082) Homepage

    "Might want to use an alternate OS" because it's less bother to keep Linux secure than Windows?

    That's only one of the reasons I use Linux. Why would I go out of my way to use an OS that takes extra work to secure? I'm sure there's a car analogy in there involving buying a Yugo with no doorlocks, or being given a Mercedes with central locking and an alarm already fitted, but I can't be bothered making it.

  • Santiam Memorial Hospital in Stayton, Ore.

    I used to provide tech support for doctors offices and hospitals and I can tell you for a fact that their computer security ranges from "bad" to "OMFG!!".

    That happens for several reasons:

    • The software they use as part of their work requires admin access (bad vendor programming)
    • The hardware they need to access requires admin access (more bad vendor programming)
    • They consider needing an additional password for admin function to be "too inconvenient" (bad user education)
    • They didn't need to do it when they used 3.x/NT/98/etc ... why should they need it now? (also bad user education)
    • They were told that their anti* software would protect them, even without ever updating it - or anything else (bad vendors meeting up with badly educated users)

  • Need to go after them **AA-style (Score:1, Interesting)

    by mysidia ( 191772 ) on Sunday April 10, 2011 @06:29PM (#35776428)

    Since the ***AA's campaign was so effective... How about CUAA... Computer Users Associatlion of America

    The deal is, every computer joins this association, and grants the organization the right to sue on their behalf, to collect damages resulting from malware, in exchange for a percentage of the damages awarded.

    Once enough computer users join this association, the association goes after anyone making or distributing malware. (Including infected websites)

    Using **AA-style tactics, sending threatening letters to the ISPs of servers propagating malware, etc..

  • This is known in the gaming industry for a long ti (Score:0, Interesting)

    by Dainsanefh ( 2009638 ) on Sunday April 10, 2011 @08:30PM (#35776930) Homepage

    Go to utube, look up "Xbox host boot", you shall see ppl sellin bots for you to DOS your online opponent, gain level in Halo for example, for $2 a bot.

    Heck, I am a master admin in a peer-2-peer 3D game call Power Soccer [powerchallenge.com], and have cheaters who speed hack and hex edit our game etc. Guess what, I wrote a keylogger and send it to the dev team, every time when the game patches and installed, the thing will also install. Everytime we encounter a perpertual cheater will turn on the keylogger, colect all his infomation, and fight him back by loggin in to his facebook account and do shit. We release all real names of cheaters and hackers and we expose them, label them racist and myg0t etc.

    Here is one of our victims haha:

    http://learnaboutfabio.blogspot.com/ [blogspot.com] [blogspot.com]

    Without the keylogger we would never know who this person is!

    If you have questions or want my technology vist my website: http://dainsanefh.webs.com/ [webs.com] [webs.com] or email dainsanefh@gmail.com

    PS: sory for my bad ingles. I am immigrant from argentina.

  • Re:Hospitals are no surprise (Score:4, Interesting)

    by mjwx ( 966435 ) on Sunday April 10, 2011 @10:01PM (#35777288)

    I used to provide tech support for doctors offices and hospitals and I can tell you for a fact that their computer security ranges from "bad" to "OMFG!!".

    I provide tech support for a few local retail chains here, everything I've seen has made me _not_ want to use my CC anywhere. Senor POS terminals run Windows XP on Celeron Processors. Senor recommend turning off Windows update. Staff are typically too lazy to type in passwords so the default "senor" user is often left without a password. Access to USB simply requires you to open the access panel at the bottom (not even screwed into place)

    The EFTPOS system is a software client provided by the bank run on a Windows XP box out back which the staff use for general internet access. The client is SSL so it goes over the general internet.

    At least the Pronto system is relatively secure, running on AIX or Linux (prefer Linux, fewer things like backup clients run on AIX these days). of course the client wont update the software so I use the term "relatively secure".

    Of course the client in this case wont let us tighten security. Password everything, move the EFT client to headless machine, silicon up the USB ports, restrict internet access to 80,110 and 443.

    Sticking to cash, the AU banknote has more security measures built into it then Senor POS terminals.

Slashdot Top Deals

"God is a comedian playing to an audience too afraid to laugh." - Voltaire

Close