Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Botnet Security IT

Cleaning Up Botnets Takes Years, May Never Be Completed 74

Once a botnet has taken root in a large pool of computers, truly expunging it from them may be a forlorn hope. That, writes itwbennett, is: the finding of researchers in the Netherlands who analyzed the efforts of the Conficker Working Group to stop the botnet and find its creators. Seven years later, there are still about 1 million computers around the world infected with the Conficker malware despite the years-long cleanup effort. 'These people that remain infected — they might remain infected forever,' said Hadi Asghari, assistant professor at Delft University of Technology in the Netherlands. The research paper will be presented next week at the 24th USENIX Security Symposium in Washington, D.C. (And "Post-Mortem of a Zombie" is an exciting way to title a paper.)
This discussion has been archived. No new comments can be posted.

Cleaning Up Botnets Takes Years, May Never Be Completed

Comments Filter:
  • Golly Gee! Neither will garbage collection... Let's just let it pile up, eventually it will collapse by its own mass.

    • I think it would be easier to simply take command/control of those bots and start flushing hard drives (or whatever else will ensure it never reboots), then shut it down remotely.

      Or, if you don't feel that destructive? Drop a small executable that removes all networking/modem/etc capabilities upon boot, then remotely restart the machine. They keep their cat pictures, and we don't have to deal with it being on the public network.

      Yes it's completely unethical, etc... but maybe that's the one thing that will g

      • by Alok ( 37687 )

        I've long thought of this (removing networking from the bots) as being the best actual solution, too bad that there is no way to do so legally. Maybe use the bots to scan for 0-day vulnerabilities, and forcibly upgrade or configure security FW/AV etc. to deal with it :D

        Well, I also wondered why no black hat ever tried it, but I guess all of them are busy making a lot of $$ selling exploits to various agencies rather than disrupting other black hats.

  • by Gordo_1 ( 256312 ) on Tuesday August 04, 2015 @11:33AM (#50249573)

    well before 10 years is up.

    • by swb ( 14022 ) on Tuesday August 04, 2015 @02:38PM (#50250949)

      I wonder how many infected systems either were originally VMs or physical systems turned into VMs that will live on in VM farms far longer because they support some obsolete or unupgradeable system or because nobody wants to turn them off.

      It's not hard to see systems that should eventually die off live on far longer thanks to virtualization.

  • I'm really impressed that so many modern computers are lasting so long and that so many people are using them. Use it up, make it do, or do without is a good policy for things that aren't mission critical
  • ... they might remain infected forever ...

    Nothing lasts forever: The infected computers will eventually cease to function. It would have been more accurate (and less of an inflammatory panic reaction) to suggest that the infected computers might remain infected for the remainder of their active life.

    • Diamonds are... ;)

      Even if some component of the computer, say the power supply, ceases to function, the hard drive or flash chip is still technically infected. Rather than making a more accurate statement, what you have done is make a different but also accurate statement that we don't care if it's infected but not in use currently.

      • ... say the power supply, ceases to function, the hard drive or flash chip is still technically infected. Rather than making a more accurate statement, what you have done is make a different but also accurate statement that we don't care if it's infected but not in use currently.

        I stand by my previous statement: the hard drive (or flash drive) will eventually fail. That said... I agree with your conclusion, even if I'm inclined to nitpick the details: an infection which is contained -- ergo, can no longer spread nor do anything harmful -- is really not worth worrying about.

  • The news article claimed that researchers had control over the botnet, but the research paper implies otherwise, simply that the control network was rendered inaccessible.

    Did Conficker have something to prevent a takeover, such as using a public key signature to verify update code?

    If they were able to inject a popup window informing the user of the infection, surely disinfection rates would have been much higher. The research paper says that millions of users bought phony security software via Conficker, so

    • by Zocalo ( 252965 )
      They have control over the Bot*Net*, but the actual bots are continuing to operate on autopilot searching for and attempting to infect other hosts. Short of sending a "shutdown" command - assuming Conficker has one - and potentially assuming liability for any PCs that might be in life-safety applications (common sense says there shouldn't be any, however reality says otherwise) there's not a lot else they can do but wait for their owners to replace them. Given how long PCs tend to stay in use outside the
  • by Minwee ( 522556 ) <dcr@neverwhen.org> on Tuesday August 04, 2015 @01:30PM (#50250497) Homepage

    Isn't this why we have Internet Cleanup Day?

    Really, why is it so hard for everybody in the world to just take one day out of the year to shut down all of their systems, wipe the hard drives and re-install everything from the installation media?

    • Re:I'm confused (Score:4, Insightful)

      by ThatAblaze ( 1723456 ) on Tuesday August 04, 2015 @01:45PM (#50250579)

      Anyone who has a 8 year old computer has probably lost the installation media for it. Many of them might be running POS systems that don't work past win95. We're not talking about office or home computers here, those have all been changed out long ago. These are mostly old computers in a back room that have been plugging away at a single task for years.

      • A lot of these might be embedded devices as well. Windows XP embedded was quite popular among manufacturers for all kinds of devices, before the Android age.

  • So the only ones infected are the ones who don't run or keep their PCs up to date correct? Just like the Yahoo Flash exploit, wouldn't antivirus software be blocking that exploit as it is not a new exploit? what about people who don't run Flash with the default setting? i don't allow flash to save any data i don't let sites save data in it and so on.
  • Hyperbole like "forever" has no place in a professional treatment of the situation. May take a decade or two though.

  • it's pretty simple, if you are coughing up blood, you dont go to work and then infect your coworkers with ebola. why should we allow computers that are doing the same thing to come to the internet? people mostly dont know they are infected, so injecting a little HTML into served pages that will help them disinfect their computer would be a good start. if it's been a week and they are still infected, it's time to serve them pages only on how to disinfect their machine and close any unrelated ports.

    there i

  • ROFL, from the article:
    Sometimes, it was hard for ISPs to help consumers clean up their infected computers. Asghari said he spoke to one ISP that contacted the same customer 36 times in an effort to get rid of Conficker.
    “Every time the customer would say I’ve cleaned it up, but the infection would return,” he said.

  • ...instead of "going after" the infection, you go after the humans that deployed it.
    Recognize the MASSIVE damage/vulnerability these people are exploiting, and the threat it poses to our modern society. Act accordingly.

    When you have them arrested, randomly decimate them.

    If they are arrested a 2nd time for the same offense, they will be the first in line to be decimated.

    I suspect that botnet attacks would decrease.

    • by Anonymous Coward

      You would be wrong: the death penalty doesn't discourage violent crime, either.

    • How about simply putting them in a jail cell with a computer terminal. Their task is to use their own network to go in and disinfect each and every last machine. They don't see the light of day again until they accomplish this task, and if it's longer than their lifetimes, so be it.

Fast, cheap, good: pick two.

Working...