Infected PCs for Rent 281
prostoalex writes "UK authorities are raising concerns about entire networks of infected and compromised PCs (BotNets) being available for sale or rent to the highest bidder. The Register quotes a detective from Hi-Tech Crime Unit saying 'The trade of BotNets of compromised machines is becoming an industry in itself. Organised crime is making use of this industry.'"
I'm going to rent a bunch of these (Score:5, Funny)
Re:I'm going to rent a bunch of these (Score:5, Funny)
Re:I'm going to rent a bunch of these (Score:5, Funny)
Re:I'm going to rent a bunch of these (Score:3, Funny)
Gives a whole new meaning (Score:5, Funny)
Kinda sad to see IBM, HP, and others lagging so badly in commercializing this important new technology.
Shouldn't the vice department handle this? (Score:4, Insightful)
The real culprits... (Score:5, Funny)
Re:The real culprits... (Score:2)
What ever could I mean by big industry players [microsoft.com]?
Damn (Score:5, Funny)
Blessing in disguise? (Score:5, Insightful)
Re:Blessing in disguise? (Score:4, Insightful)
SB
Re:Blessing in disguise? (Score:4, Interesting)
Now if these machines were being used to do something illegal then the buyers of the service could be held accountable, and the money trail makes it trivial to track down.
Terrorism? (Score:5, Insightful)
Now, if we just BLOCK connections from windows boxes to our machines except for (say) WWW or DNS, then our lives are better. pf (in openbsd and now freebsd 5) can do it.
Me? I'm pulling IPv4 stakes up. Only been spammed once by someone with an IPv6 address.
Re:Terrorism? (Score:2)
Just curious, what do you mean by that?
Re:Terrorism? (Score:5, Funny)
Looks like the only person using IPv6 is a spammer!
Re:Terrorism? (Score:2)
Re:Terrorism? (Score:2)
Re:Terrorism? (Score:5, Informative)
Re:Terrorism? (Score:5, Interesting)
That kind of thing already happens. A friend of mine does administration for a couple small and medium size ecommerce sites. The calling card is typically a 30 minute DDoS attack followed by an email and/or phone call saying "we can make this problem go away if you pay us".
If you don't pay them they DDoS you a few more times. If you pay them, they DDoS you a few more times and demand more money. Only option is to go to the Feds with it and hope they use attacks your upstream provider can help filter.
Re:Terrorism? (Score:3, Funny)
we have noted your slashdot identification number
if you do not stop suggesting in your slashdot posts that legitimate russian business men are involved is such illigitimate adtivities then we will be forced to post a link to your personal homepage on slashdot front webpage (we own taco). you can avoid such unplesantness by sending me check for 200 american dollars.
Vladimir
Re:Terrorism? (Score:5, Funny)
Jeez, you must be really new here, huh?
Re:Terrorism? (Score:5, Insightful)
Distributed DDOS on an organization's servers IS NOT TERRORISM already (unless explicitly accompanied by physical violence or threats of physical violence). Sheesh, have we all been that brainwashed already by Bush and things like Patriot Act?
If DDOSing some servers is "terrorism", then so is almost every single crime in the book.
Re:Terrorism? (Score:4, Insightful)
Actually, what I'm waiting for is not only for DDOS attacks to count as cyberterrorism, but for downloading pr0n to be considered "moral terrorism".
One add-on though, I would assert that cracking or DDOSing that results in intentional harm to someone (bringing a 911 center down or targeting a hospital network, for example) can pretty easily be considered terrorism. Blackmailing an online casino? Not so much.
Re:Terrorism? (Score:5, Informative)
18 USC 1030a [house.gov] refines this:
The courts have been very liberal in how they define damages to computers; shutting down a government department for a few hours would easily meet this criteria.
So if they're the government's and you say "do this thing or else I'll DDOS your computers", it's definitely terrorism.
The interesting question is, under this law, would it be terrorism for me to say "Senator Levin (our excellent senator from Michigan), if you don't vote against DMCA II, I'm going to have all of my friends email your office" if doing that results in crashing their mail server, forcing them to buy a new one for more than $5K? I guess ambiguities like that are what you end up with when you write a several hundred page law in a few days, as the Patriot act was written.
Re:Terrorism? (Score:3, Insightful)
At what cost? Maybe your 500mhz k6-2 can block your sister and moms wintendo box from accessing kazaa, or even route all windows wifi users to a page that autoexploits all ie versions, but what kind of cpu power do you think it will take for an entire ISP to start routing tens of thousands of hosts based on OS version? I'll give you a hin
Re:Terrorism? (Score:3, Interesting)
Mom? Bro? MacOS thank you. OSX means I can fix mom's machine from 3000 miles away.
So yeah, my boxes that serve and relay mail (80% spam) can just block SMTP connections with Windows fingerprints. Perhaps just bump it up to port 26 and a listener with much more rig
A preview for Grid Computing? (Score:5, Insightful)
Re:A preview for Grid Computing? (Score:5, Informative)
These zombie-nets, OTOH, are simply large networks of computers that can be asked to do the same thing on a large scale. BFD. Hell, I wrote some Perl code to do just this for administration of a testbed during one of my previous jobs. It's nothing new, and most definitely not an advancement of technology.
Re:A preview for Grid Computing? (Score:5, Informative)
As far as I'm aware, there is currently no standard way of purchasing CPU cycles or similar, although there are a number of working groups whose remit probably covers this.
The beauty of the Grid is more in being able to seamlessly connect to pretty much any hardware resource you want - I suspect that in reality, the actual economics will be dictated more by existing commercial agreements more than anything else.
Re:A preview for Grid Computing? (Score:4, Insightful)
I really don't see it as a "public" resource kinda thing where you sell your bit of CPU for a couple bucks.
Re:A preview for Grid Computing? (Score:3, Interesting)
University computers: queues for PCs at any hour of the day or night, and 80% CPU when they're being used because they're 500MHz pentiums running Windows.
Normal corporate computers: okay, these aren't being used at night, but remember they're being maintained by petty little people whose ideal day at work involves imposing a
Re:A preview for Grid Computing? (Score:3, Insightful)
CPUs on demand? Clusters? Beowulf? Supercomputers? They all use the term 'grid' to describe themselves, even though they all are different things.
Re:A preview for Grid Computing? (Score:2)
Immense power. (Score:5, Interesting)
Gives some merit to distributed hosting companies like akamai, etc.
Re:Immense power. (Score:3, Informative)
Kiss Me, I'm Redundant (Score:5, Funny)
The new Microsoft Partner Programme is here. Bringing all the advantages of previous programmes into a single framework, we've made it easier than ever for Partners to engage with Microsoft.
With three levels to choose from, you can select the one that works best for your organisation.
Become a Registered Member today. No fee. No obligation. Just clear business benefits, including:
Free business-critical telephone support (charged at national rate)
Free online technical support
Online sales and marketing resources
Sales and technical training
For more information, please visit: www.microsoft.com/uk/partner/programme
How is that possible? (Score:2, Insightful)
How? Am I confused by think of organised crime like the New York or Russian Maffia.
Re:How is that possible? (Score:5, Insightful)
"Nice e-business you've got there. Be a shame if it got DDoS'd into oblivion by some unscrupulous types, wouldn't it? We'll protect you against that, for only $50,000 a month! How about it?"
Re:How is that possible? (Score:2)
Re:How is that possible? (Score:2)
SB
Re:How is that possible? (Score:3, Insightful)
Re:How is that possible? (Score:3, Interesting)
The banks would get a message like "we've found $HUMILIATING_SECURITY_BREACH but for $25,000 we won't tell the press". Then they'd pay, and in a week would get a bunch more messages from other places making the same threat and demand.
Different kind of threat, but the same underlying problem.
destructive worm (Score:2, Funny)
Re:destructive worm (Score:3, Insightful)
These days I don't even understand why viruses are illegal. You have to type in a *password* in order to be infected (the file is encrypted to avoid scanners). That sounds like consent to run to me (bye BIOS).
Sorry Kids. (Score:2, Funny)
Despite all this ... (Score:5, Funny)
Seriously guys. . . (Score:4, Interesting)
There is a solution (Score:5, Interesting)
Yes, I know this approach would be illegal. A felony computer crime in fact. I want legislation to make it legal and justified. I see it as self defense. Compromised nodes are clogging the internet with crap and the best defense is to knock them off-line. If I were standing in the middle of the freeway, clogging traffic and causing accidents the police would come remove me, by force if necessary. I see zombie nodes on the internet the same way.
Re:There is a solution (Score:3, Funny)
Re:There is a solution (Score:2, Insightful)
Yes and no. It wouldn't work. You are giving way too much power to a group that already has too much power. The good effects would be far out wieghed by the negative. Soon after something like this was passed it would be seen as an intrusion of electronic rights, which to some degree it would be. Good on paper, bad in practice. Oh hum, back to the drawing board.
Re:There is a solution (Score:2)
And which group is this? Computer nerds with too much time on their hands? (Not that that's a bad thing... ) Your "rebuttal" looks good on paper, but I think it might be bad in practice.
Re:There is a solution (Score:5, Insightful)
The only real solution is an ISP-side one. The ISP says, 'If your computer is spewing out malware broadcasts, we have the obligation to kick you off the internet and then help you clean up your computer. If something happens, contact our customer care department or go to the other ISP down the street.' Yes, it inconveniences users but I'd rather see some users inconvenienced than Big Government give legal power to ANYONE to clobber a node without recourse.
Careful with that Vax, Eugene.... (Score:2)
The alternative reference is something about "Restaurant at the End of the Unibus"
Technical Difficulties Hijacking Botnets (Score:2)
Some of the viruses leave easy-to-locate proxies or back doors, which let
Re:There is a solution (Score:2)
Computers, like their human masters, have a right to determine who (or what) they will connect to, establish communications with, and direct packets for.
The inundation to the internet and World Wide Web of infected and compromised machines forces machines to perform operations at odds with the equipment owners' will.
Therefore, it is proposed that subnets have the ability and the obligation to other community members to detect and destroy packets which
Awesome (Score:4, Funny)
- sm
Infected PC's for Sale??? (Score:5, Funny)
Welcome!
This PC is for rent.
Please contact us at
www.Claria.com [claria.com]
Distributed Malware. (Score:5, Insightful)
The scope of this is huge - true - I'm no industry player or top level developer - but still - we can all see the scope of this.
distributed applications are the killer app of the internet - XAML, .net, Java - all buzzwords. Grid computing - thanks to Oracle - The Internet - so much scope it created the biggest financial bubble in the history of capitalism.
Now - the corporates (MS?) are getting so inept that criminal gangs are stealing our future off us. Please - let's start stopping them.
microsoft (Score:5, Interesting)
Re:microsoft (Score:3, Insightful)
Re:microsoft (Score:3, Insightful)
Re:microsoft (Score:5, Insightful)
Which is why there's a case to be made for producing malware that's really mal. Perhaps even grand mal.
In a weird sort of left-handed logic, certain people would be doing the computing community at large a MAJOR favor if only they'd take the time to write viruses, worms, and trojans that would be so kind as to format hard drives!
Re:microsoft (Score:4, Insightful)
"This is a Virus. If You do not click Cancel in the next 30 seconds, You computer will be formated!"
And went the user click cancel, present them an explanation on WHY this happened. Or something like that... Something with REAL infection-properties, but with only purpose to SCARE the user...
Re:microsoft (Score:3, Funny)
Re:microsoft (Score:3, Insightful)
Re:microsoft (Score:2)
This is more reason to point some of the blame right at Microsoft. For releasing a product so buggy it needs dozens of patches in the first place. I understand no one is perfect, and no coder will think of everything, but with the number of people Microsoft hires to write code and so on they should be d
Re:microsoft (Score:5, Insightful)
Consider the phone. People just want to be able to pick up the receiver, dial the number, and talk to their friend/family/co-worker/etc... They don't want a phone switch in their house, sitting under their desk. They don't want all of the burdens involved in maintaining complex hardware.
I'm willing to bet that the first person/company who can provide people with a computing experience without a computer stands to make a lot of $$$. If they can provide the system maintenance, installation of applications, protection from viruses, protection from hardware failure - they will be able to open a huge market, and cash in.
This is where I think Linux will prove pivotal, because this is where we lead Microsoft. Our thin client paradigm is so different, that we lead in many areas. Consider how Microsoft does thin clients - 256 colors only, 800x600 max, 8 fps - all rendered on the terminal server where the "picture" of the desktop is sent down the wire to the thin client who displays the "picture" and sends feedback of mouse clicks and key presses to the terminal server. Linux, and X, render everything on the X terminal, and send back and forth on the pipe application information. What does this all mean? You can play quake 3 on a linux X terminal but you couldn't on a Microsoft solution. And it would take YEARS to fix that gap. We lead here, and we could exploit it if we jumpped on this opportunity.
Did I say World Domination? Oops...now you all know my plans...
Re:microsoft (Score:5, Insightful)
I told you!!! (Score:4, Funny)
I TOLD YOU!!!
Media-whoring (Score:3, Interesting)
I just wrote a (bad) paper on a networking structure for games systems. I give it three weeks from when I hand it in until Organised Crime get their hooks into it. Apparently film piracy is also part of Organised Crime, and not my mate Donn, as I have previously thought.
Call me a cynic - but it seems to me that anyone who wants to get the media in on their thing cites Organised Crime as a benefactor and watches the links roll in.
OK - I'm done.
A comedy in One Part. (Score:4, Funny)
Scene: A Courtroom
Bailiff swears in J.R.H.
... write your own ending.
I think a good path for D. to take would be to show that P. does not have standing to bring the case in the first place, but that probably would have come up in pretrial motions... I have to go work
... the dark side of distributed computing :-) (Score:5, Interesting)
Really, I do find this fascinating, albeit in an underhanded way.
Regards,
John
question (Score:5, Interesting)
Presumably the exploitation of these victim-lists will proliferate with all the automated efficiency that is the spammer's hallmark. At its logical extreme, there'll soon be multiple spammers descending simultaneously en masse onto each listed victim, which one way or another results in the victim being shut down (presumably).
So, might the predators eat themselves out of existence?
(I know. I've been watching too much sci-fi.)
Re:question (Score:5, Interesting)
An interesting idea.
If we take our cues from nature, I would expect that long before the predators exhaust their supply of prey, they will turn on each other. Each predator's worms/virii/malware will begin to not only infect machines, but destroy competitors' malware that has already infected the machine.
In fact, come to think of it, the most effective way to own a box is to infect it, destroy any competing malware, and then patch the exploit that allowed you to infect it in the first place! We may begin to see host-healing worms that do just this. (Without the ability to kill off competing infections, however, this practice is only marginally useful.)
Re:question (Score:2)
Re:question (Score:5, Interesting)
This begs the question: will viruses ever stop being viruses and start being symbiotic entities that live in our computers similar to the e. coli bacteria in our intestines (which we need to digest food properly)?
Someone earlier mentioned that there are few viruses out there that reformat hard disks, because doing so puts people on guard, preventing future infections. And someone else mentioned that he knows someone whose hard drive is full of strange executables that are undoubtedly of malicious origin, but the person doesn't care as long as the computer still runs the same.
Following these trends to their head, I believe the "virus" (if you want to call it that) of the future will be something that infects a machine, and then does everything it can that is invisible to the user to improve the state of the computer: it would run windows update periodically to defend against other worms, perform hard disk defrags and other performance optimizations to give it more computing resources to work with, all the while giving the user's packets and tasks a higher priority so as to not set off any alarms. This is the type of worm that would "earn" its place on the computer by being so inocuous that the user wouldn't even have to worry that it's there.
Viruses have already evolved to parasites, and soon they will be symbiotes.
WTF, you call this "news"? (Score:5, Informative)
This shit has been happening for years, virtually unchanged. The only difference is that now it's slightly more automated than it used to be, slightly more publically visible, and slightly more capitalist in nature. But what this article is describing was totally standard for the botnet wars in 1997, just then it was Wingates and "shells" instead of worm infections and "Zombies".
(Posted AC because I'm paranoid.)
I'm selling mine (Score:2, Funny)
the only answer (Score:5, Interesting)
unfortunately, this would be illegal. however, that won't stop anyone; what's stopping people from doing this is that to someone who could do it it's a waste of resources. if you have all those machines out there you can get your hands on, why not use them for your own nefarious purposes, since the people who own them neither have the common sense nor the ability to control their own machines.
Re:the only answer (Score:3, Interesting)
Re:the only answer (Score:2)
Here at Miami University (in Oxford, Ohio)... (Score:5, Interesting)
We estimate anywhere between 400 and 1500 of the ~10,000 on campus (student resedential) machines have some sort of back door installed.
We have blocked any incoming traffic to any dorm machine (regrefully) so they can't be controlled from outside because we mostly are tired of getting blacklisted for DoSing people or for spamming.
The saving grace has been TippingPoint, a network traffic analysis tool that sits behind the backbone routers and adds a latency-free checkpoint dropping traffic related to the M$ft security exploits. And when they get Blaster, Bagle, Nachi, etc etc etc they get automatically disabled by the routers and we (IT Services Support on campus) either fix their issues for them or they have to fix them themselves. When fixed they are automatically re-enabled.
Re:Here at Miami University (in Oxford, Ohio)... (Score:4, Insightful)
Re:Here at Miami University (in Oxford, Ohio)... (Score:3, Insightful)
Here's a solution. Enact a policy that allows you to block all traffic to *and from* any machine you detect to be infected until that machine has been fixed. Block it at the router nearest them, and only allow traffic to and from your local mirror that has all necessary fixes on it.
Believe me, people will get their machines fixed pretty quick smart when they can't get a
How to (not) fix this problem (Score:2)
At this point, mandatory DRM will be lobbyslated by our congresswhores or the RIAA/MPAA/BSA will be made powerless, as everyone with a pOwnzored box is currently not held responsible for computer maintenance - lawsuits would come to a head, and the wrong person will finally be sued, who will take them on. Either w
Something has to be done... (Score:3, Insightful)
If your computer is infected with malware (spamware, adware, spyware, trojans, viruses, etc), it will constantly be generating large amounts of traffic on seemingly random ports. Your ISP will kick you for being a danger to the rest of the Internet. If you attempt to reconnect without cleaning your computer, you will be kicked again.
I run a British email server (Score:4, Informative)
Since about 3 months ago we have been receiving an infected email approximately every other second, mainly during office hours
It's mainly Netsky, or similar and the balance of versions is leaning heavily toward the new 69 and 70kb versions, meaning a lot of people are getting "upgraded" to the latest release. The timing suggests it's mainly office PCs
We're frantically telling all our group companies and contractors to virus-check, and calling-in our laptops, but it is still flooding in.
I'm starting to make a case for using Linux on every PC that doesn't require a Win32 application, as all the usual hassles of managing a linux roll-out pale into insignificance compared to the virus danger our systems are currently under.
Re:I run a British email server (Score:3, Informative)
Additionally we check for known viruses.
No virus has made it past that check yet, even when the "known virus" check did not yet identify it.
(re-scanning the captured mail a day later would identify a new version of one of the wellknown viruses)
please infect a PMG5 and sell it to me cheap!! (Score:2)
Re:please infect a PMG5 and sell it to me cheap!! (Score:2, Informative)
Re:Blaming the user (Score:4, Insightful)
Anyway that analogy can go on forever, but you should be able to see the point. MS has a responsibility to put out reliable, secure software just as much as Ford, Mazda, whatever has to put out safe, reliable vehicles. The patch-as-you-go thing doesn't cut it, and it's made obvious by things like this botnet problem.
Re:Blaming the user (Score:5, Insightful)
A thief is a thief. An extortionist is an extortionist. A duck is a duck.
Re:Blaming the user (Score:5, Interesting)
Installing anti-virus & firewall software are basic computer security measures, like closing the windows & locking your doors. Neither are foolproof, but both are simply a matter of training the user. Unfortunately, its been my experience that installing anti-virus & firewall software tends to be a much more painful process.
And of course - downloading updates would be analogous to putting fuel in the car: it is basic maintenance that needs to be done relatively frequently.
Re:Blaming the user (Score:5, Insightful)
Re:Blaming the user (Score:3, Interesting)
Fourtunately getting the fi
Re:Blaming the user (Score:2)
Also, one reason why I won't ever use McAfee is that they want your email address or you don't get the auto-updates.
Either ship a full AV which updates by itself without the user's interaction, or don't fool the user into thinking they're protected.
Re:Blaming the user (Score:2)
Re:Blaming the user (Score:2)
Re:Blaming the user (Score:3, Insightful)
Dumb, maybe, but you are still on the wrong side of the law when you take it.
This is the royal you, of course.
Re:Blaming the user (Score:4, Interesting)
For the sake of arguement, let's say currently a full 90% of users are totally clueless, and it is somehow possible to wave a magic wand and make 90% clueful, leaving only 10% of them blameworthy.
What happens?
DDoS type attacks can't find nearly as many machines to work from. So the writers use a trojan, and have to increase the delay between propagation and activation. Because infection is typically a non-linear process, often approaching a square or logarythmic function for some parts of the process, the delay has to be increased from, say, a week to two weeks. Meanwhile, the patch for the trojan takes its usual month to develop, and the social structures that be are reluctant to tell even the clueful about a threat that is still unpatched as yet.
So long as the Trojan writer has abundant extra time to maneuver within, 'he' isn't strongly affected by the improvement in user cluefulness. Yes, it creates some extra stumbling blocks, such as a better chance of the Trojan being detected earlier in the process, but professional Trojan writers have shown serious ability to work around these obstacles.
In addition, although its an unrelated point to yours, these particular attacks are also supposed to be related to blackmail. Successful blackmail doesn't require a real threat, but merely one the victim believes is real.