Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Worms The Internet

CA Warns Of Massive Botnet Attack 357

Posted by Zonk from the watch-your-heads dept.
m4dm4n wrote to mention a story running on The Register which describes a coordinated malware attack designed to establish a massive botnet. From the article: "The attack involves three different Trojans - Glieder, Fantibag and Mitglieder - in a co-ordinated assault designed to establish a huge botnet under the control of hackers. Computer Associates reckons that access to the compromised PCs is for sale on a black market, at prices as low as five cents per PC."
This discussion has been archived. No new comments can be posted.

CA Warns Of Massive Botnet Attack More

CA Warns Of Massive Botnet Attack

Comments Filter:

  • Now.. (Score:5, Funny)

    by Cruithne ( 658153 ) on Friday June 03, 2005 @10:34AM (#12714295)
    Now witness the power of this fully operational botnet... :/

    • Re:Now.. (Score:3, Funny)

      by drgonzo59 ( 747139 )
      But then again, post a link to the target on Slashdot and you got instant, free (less then 5c/machine) botnet attack.

      Come to think of it, the operator is probabil not from US or Western Europe, if they were, they would have had something like 25c/machine, maybe even have a deal: buy 100 for the price of 90. Or perhaps, offer coupons to the slashdot geeks or something.

      I personally would be interested and I would buy the botnet just so I can have it attack itself to see what happens.

      • Re:Now.. (Score:3, Funny)

        by yiantsbro ( 550957 )
        True, but if it truly were an American deal there would be a rebate involved somewhere (where you have to send in screenshots of the attack, printed MAC addresses from the machines, etc.).

    • Tickets? (Score:3, Interesting)

      by sofar ( 317980 )

      Where can I buy tickets to view the fireworks? I'm gonna get some beers and stakeout at my local backbone uplink =^D

      Sad but true is that this precisely gives governments the idea that they should limit and control international traffic. Freedom? not for long...
  • Welcome to Blackbeard's weapons emporium. You will see we have the finest collection of AK-47s, anti-aircraft missiles, and Airzookas [thinkgeek.com]. Oh, and over here we have wholesale zombie PCs.

  • Evolution, baby (Score:4, Insightful)

    by metlin ( 258108 ) on Friday June 03, 2005 @10:36AM (#12714307) Journal
    Cops and robbers, all the time.

    And in the meantime, technology gets more sophisticated. Progress eitherway.
    • Not to mention the upcoming movie with Russel Crowe as the private eye who goes deep underground to catch these murderous thugs. Hours of film with Mr. Crowe staring at a computer screen typing away with his shirt off while chatting with the evil villian played by some totally hot babe also sitting at a computer. So not only do the cops and robbers evolve but so does our entertainment industry. I can't wait...

  • This is interesting... (Score:3, Interesting)

    by under_score ( 65824 ) <mishkin@berteig. c o m> on Friday June 03, 2005 @10:36AM (#12714308) Homepage
    It's cool in a way: very William Gibson-esqe or something. A new battlefront. I've moved my servers to OpenBSD [openbsd.org] due to their incredible security record, and I'm going to be moving my desktops/laptops to Mac/Linux soon. I don't want to be part of the problem.
    • I have done this in the past, but there are some problems I keep running into regarding OpenBSD on my server.

      1. The MySQL Databases' Tables keep getting Corrupted
      2. The disk writes in OpenBSD are extremely slow.

      So I had decided the best approach is to use OpenBSD with (its wonderful) PF as my firewall and use FreeBSD as the actual servers (with the chroot trickery that OpenBSD does by default). This setup has been rock solid so far.

    • Re:This is interesting... (Score:5, Insightful)

      by cnelzie ( 451984 ) on Friday June 03, 2005 @10:44AM (#12714381) Homepage
      Moving to a new platform/OS without knowing all the ins and outs, could be just as dangerous as staying with Windows.

      I remember my early days with Linux, back when I used to futz around and actually made my machines less secure, before I learned a great deal more about the OS and its features.

      I am not saying that switching is bad, I am just saying that it is important to know what you are switching to before making the switch.

      Nobody should get caught with their firewall down holding their LAN cable in their hand...

  • Sweet (Score:5, Funny)

    by Quasar1999 ( 520073 ) on Friday June 03, 2005 @10:36AM (#12714309) Journal
    Do I have to buy the whole network at 5 cents a PC? Or can I just buy say a dollar's worth? I wouldn't mind having 20 PC's... I can force all those PCs to join my network games of Quake and Unreal... finally I'll have people to play with... gasp... maybe even online 'friends'! Mommy will be so happy... in fact I think I'll go upstairs right now and tell her the good news!
    • I'd buy a few to run eggdrop on, if they're really 5 cents each and not traceable. No more pingflooding me and taking my ops.

  • SETI (Score:5, Funny)

    by dmauro ( 742353 ) on Friday June 03, 2005 @10:36AM (#12714313)
    Maybe the SETI program should invest in some of this cheap computing power...

  • Wrong career (Score:5, Funny)

    by Itchy Rich ( 818896 ) on Friday June 03, 2005 @10:37AM (#12714323)

    Glieder, Fantibag, Mitglieder?

    These guys shouldn't be writing code, they should be writing Harry Potter novels.

  • Highest bidder? (Score:5, Funny)

    by syntap ( 242090 ) on Friday June 03, 2005 @10:38AM (#12714335)
    access to the compromised PCs is for sale on a black market, at prices as low as five cents per PC.

    Heck, that's five cents more per PC than SETI@Home pays me, and they won't eat me when I find them like the aliens will.

  • How does the money change hands? (Score:3, Interesting)

    by Nf1nk ( 443791 ) <nf1nk@@@yahoo...com> on Friday June 03, 2005 @10:40AM (#12714347) Homepage
    We have two people, both scumbags that the authorities would like to catch, who most likly would prefer to never meet of know each others names. Niether one is trustworthy (even with nasal mist).
    They can't meet because they are likley in widely separated areas.
    They can't use a electronic transfer because it leaves a paper trail.
    how do they move the money around?
  • Is 5 cents per PC the regular rate, or just the Memorial Day Weekend Sale price?

  • Ideal opportunity to disinfect the internet (Score:4, Insightful)

    by technogogo ( 708973 ) on Friday June 03, 2005 @10:43AM (#12714369)
    1. Get every compromised PCs to join the same botnet.
    2. White-hat hack into the botnet.
    3. Tell all compromised PCs to wipe their hard drives.
    4. No more compromised PCs! Well... not for a while anyway!

  • Many Bothans died . . . (Score:3, Insightful)

    by WhiteWolf666 ( 145211 ) <[sherwin] [at] [amiran.us]> on Friday June 03, 2005 @10:43AM (#12714375) Homepage Journal
    ... Bringing us this information.

    Bah. Big Deal!

    If you run Windows, you PC will be owned at some point. (Yes, yes, I know some of you out there are perfect, and haver *never* messed up *anything* security wise) This happens to me, this happens to less computer literate people, and this happens to large organizations with IT staffs, like the U of Chicago and Allstate.

    The solution is the same as always. Switch OSs.

    The hotfix is the same as always. Backup data, use your restore disk. Rinse, lather, repeat.

    I don't understand why zombie networks are news. The only way that they should be news is when they are used to DDOS major targets. Then, someone should be held accountable. Software manufacturers? Zombie PC owners? ISPs?

    I'm not sure. But just like the guy with the TV that summoned the coast guard, (http://www.syncmag.com/article2/0,1759,1781135,00 .asp [syncmag.com]), someone needs to be held accountable, or no-one will fix their behavior.
    • The hotfix is the same as always. Backup data, use your restore disk. Rinse, lather, repeat.

      I hate to nitpick, but it's not rinse, lather, repeat. First you lather, THEN you rinse. Repeat as desired. Maybe that's why you could never get the shine and manageability that you see in the commercials.
      • > I hate to nitpick, but it's not rinse, lather, repeat. First you lather, THEN you rinse.

        Well damn, that sure saves me some shampoo. Because I figured I could just skip the "repeat" step sometimes, but when I got to lathering, the only way I could get that damn shampoo out was to rinse it, and then I was back in the middle of the instructions, and the next step was lather and then I just ran out of shampoo when I got to the lather and then I had to stop but wow now I can skip just the repeat part and

    • Then, someone should be held accountable

      I nominate the politicians who were paid by lobbyists to write the laws to help the lawyers to convince the judges to uphold EULAs that divest companies like MIcrosoft from accepting any responsibility for selling software which allows these sorts of things to happen.

      It's because they put distribution above the product. They were in it for the money more than the product quality. As a consequence they paid the lawyers to shield them from users with stolen i

  • Does this make anyone else think of the X-Files episode where they created AI by combining 12 different viruses on the net? Scarier still, does this mean that the first AI will appear on Windows!?! And am I just that old of a geek? Oh well, its Friday, give me a beer.
    • Oh well, its Friday, give me a beer.
      Real geeks don't drink beer. Their parents wouldn't allow such things to happen in their basement.
  • 'Five cents per PC'? - just follow the money, pal - just follow the money ;-)

  • As I've been saying for years: (Score:3, Insightful)

    by grasshoppa ( 657393 ) on Friday June 03, 2005 @10:44AM (#12714390) Homepage
    Most, if not all, ISPs need to lock down the end user's access to ports. Give them the basics ( outgoing 80, 110 and 143 ), but lock everything else down. In this case, I'd say everyone is guilty until proven innocent. Then, when someone calls in, you simply open the port they request.

    This is more work for ISP support staff, but it would dramatically reduce network traffic; I bet it'd be an even flush as far as overall cost.
    • Don't even have to have them call-in.

      Have a sign-up page. You could even make it automatic.

      "You recognize X-Y-Z, and confirm that you will be held responsible in the case of abuse, and confirm that you will be responsible for your own security, yadda yadda"

      Then, if abuse is detected, cut'em off, and force them to call in to get off the blacklist.

      Personally, I don't really like this. Better to make OS manufacturers accountable, methinks.

      If your car could be infected with a 'virus', via Bluetooth, which
      • Meanwhile, I'm trying to do work towards something that will fix the problem instead slacking the responsibility for it off on someone else.

        Have a sign-up page. You could even make it automatic.

        So the latest and greatest virus can automatically open it's own ports. Yeah! No.

        Personally, I don't really like this. Better to make OS manufacturers accountable, methinks.

        That's great in theory, but the reality is this:

        1) The government isn't going to do anything to MS or anybody else for making insecur
    • Even better - continue to charge the users the monthly fee, but don't let the users connect to anything, and don't let anything connect to the users. This is a win-win situation. The users' PCs don't turn into automatons, and the ISP still gets the money.
    • Where did I put the tar and feathers?

      If you want to be protected from the big bad Internet, signup with AOL. Some of us just want IP dialtone. Route the damn packets and leave us alone. I certainly don't want my ISP passing judgement on what ports they'll allow in packets that traverse their network.

      • If you want to be protected from the big bad Internet, signup with AOL. Some of us just want IP dialtone. Route the damn packets and leave us alone. I certainly don't want my ISP passing judgement on what ports they'll allow in packets that traverse their network.

        Quite frankly, I don't care what some of you want. Some/most of you are on machines that try just about every available exploit against my web/email server, and chew up a significant portion of my bandwidth with spam forwarded through your roote

        • Re:As I've been saying for years: (Score:4, Insightful)

          by Detritus ( 11846 ) on Friday June 03, 2005 @11:57AM (#12715342) Homepage
          Sounds like a personal problem. You are free to buy a firewall and any other toys you need to harden your network and systems to the level that makes you happy. You are free to file complaints with other ISPs about systems that are trying to abuse your systems. You can even hire a lawyer to take legal action against their owners. Lobby your legislature for new laws and/or increased funding for enforcement. Just don't ask my ISP to cripple their network because you can't take the heat.
        • Nice double-standard there, O King of the Internet. "I want to run my servers without having them spammed" -- fair. "I think that we should do so by preventing the rest of you from having proper Internet access because my servers are more important than you unwashed masses" -- not fair.

          The Internet is used for more than web and email. Do you think that all those 'random ports' were invented just because "hey we need a new way for viruses to propagate!!!" Do you think that the Internet should be locked down
      • A-fucking-men. My ISP blocks outbound SMTP, the useless belgian twats. Except on their 'professional' (i.e. twice as expensive) package, of course. If they were really concerned about pwn3d machines spamming they could measure the bandwidth, which they already do anyway because there's a monthly quota.
    • How would this solve anything?

      many virii get their foot in the door, so to speak, with an email. once something has executed, eg opening a document or some other vbscript, or an exe, it'll pull its full payload down from the web. and that can then sit and listen on one of those standard ports.

      all this will do is interfere with people who need things other than you deem "necessary", eg streaming audio, online gaming, p2p, or ANYTHING bespoke whatsoever. i don't want my ISP to treat me like an infant, es
      • many virii get their foot in the door, so to speak, with an email. once something has executed, eg opening a document or some other vbscript, or an exe, it'll pull its full payload down from the web. and that can then sit and listen on one of those standard ports.

        That's the other half of it: Block all incoming ports. You can make connections out, and they can make it back to you, but that's it.

        all this will do is interfere with people who need things other than you deem "necessary", eg streaming audio

    • Re:As I've been saying for years: (Score:5, Interesting)

      by metsu ( 601943 ) on Friday June 03, 2005 @10:59AM (#12714539)

      I would suggest using user levels.

      regular customers would get level 1 or level 0. (Web and mail access, no incoming ports, etc.)

      Then it would be a customer's decision to apply for a higher level. maybe pass a test, portscan, etc. sign something that gives them responsability for the services running on their box.

      They could even make higher levels cheaper, as an incentive for customers to educate themselves. like level 4's get 15% off their monthly bill.

    • So basically you want me to give my ISP a list of ports I may require so they can white list them for my machine?
      I'm sure my ISP would love it if I would say ask for ports 4662 to 4672 and 6881 to be unlocked.
      I wonder what they'd think I was planning with those...and I'm sure the new knoppix iso would not be their theory.

      Now after having edonkey and bittorent work,
      I'll only need
      5800 for VNC
      21 & 22 anybody?

      How about this idea, everyone has complete access privileges. The isp notices for common characte
      • How about this idea, everyone has complete access privileges. The isp notices for common characteristics of a bot net and common malware

        And how is this easy for an ISP to implement? This would require realtime scanning on the streams coming and out of their network. My solution blocks first, askes questions later. Much easier for an ISP to impement, especially given that almost all their equipment can do this already.

        And the best part is, most users wouldn't notice the difference. Those that do would
    • I like the policy of my current ISP Andrews & Arnold [aaisp.net.uk] (UK).

      You have full access, with real IPs for all your machines, and no restrictions on running servers.

      If they get any abuse reports you have 3 strikes - first and second report they'll e-mail you. Third report they'll kill your connection, and call you up to let you know what happened.

      It's then up to you to fix the problem before they reconnect you.
    • Yeh right... here's what would REALLY happen. If you need your port re-opening all you'd have to do is call the ISP, navigate a large and confusing IVR system, get routed to an overseas callcenter, discover that you're 18th in line (but your call is important to them), and finally get to speak to a script-droid who has no idea what a port is but suggests that you should reinstall Windows. No thanks mate I'll stick with my real internet.
    • How about we filter telephone frequencies so that you can't use your modem unless you tell us first? How about that one? How did that one go over in the courts? They tried it. Eventually we beat it, or else everyone would've been paying $100/mo. for dialup service and anyone using a computer online would've immediately been marked for extra "consideration".

      My ISP me with an IP, DNS services, routing services, and a bare wire with a signal. How about we leave it that way?

      Please. Think before you spea
    • Thing is, most ISPs would be thrilled with an excuse to block all ports and DENY requests to open them on a per-individual basis. This is namely due to their hatred of private servers, which devour all upstream bandwidth. In addition to that, the firewall rules needed to block ports on a user-basis would probably be a significant burden on their systems.

      All inbound ports 1024 are blocked on my net connetion, but I don't dare ask for an exception because they'll hit me with the no-servers clause in their t
    • Its way too late, not to mention disingenious to do this. First off, most users are using p2p, bitorrent, IM, etc which all require open ports for full functionality. Shutting them out or just approving Kazaa and a handful of apps is silly. The phone traffic from someone wanting to open a port would be ridiculous. Imagine how many times a PC wants to listen legitimately. Warcraft update? Call your ISP. IM file receive? Call your ISP. etc.

      If you read the article, its not the ports thats the problem its

  • So Microsoft is telling the truth... (Score:5, Funny)

    by Weaselmancer ( 533834 ) on Friday June 03, 2005 @10:47AM (#12714414)

    ...at five cents per computer, they do have a lower TCO after all!

  • The most unsettling thing... (Score:5, Interesting)

    by pschmied ( 5648 ) on Friday June 03, 2005 @10:48AM (#12714431) Homepage
    This is really starting to smack of organized crime. A friend of mine forwarded an article to me on this last night.

    If you are an end user who just wants to use your computer, it may be time to look at getting a Mac. The bar for information security in the face of this level of organization is getting too tall for your average end user.

    If you are in an enterprise situation and have a usage policy that allows users to use corporate equipment for personal banking on breaks, you may want to reconsider that policy.

    Oftentimes, computer usage is negotiated by labor unions and you cannot simply change computer use policy out from underneath users. In this case, I wonder what the legal responsibilities of the company are to exercise due dilligence in protecting its end users?

    If you haven't already done so, it's time for a lesson in defense in depth. That means IDS, IPS, Firewalls, Antivirus, Spam blockers, AV web proxies, etc. And because perimeter defense is all but a quaint memory in today's more agressive world, you may want to look at host-based firewalls and other AntiWorm systems [intrinsicsecurity.com].

    Good luck. We all need it.

    -Peter
    • I hate this sort of reply. You don't need a mac, hell you don't even need Linux/bsd/whatever.

      You just have to be "not a moron". Granted security is easier if you

      a) Know what you're doing
      and
      b) Use the right tools...

      That said you can secure a windows box so that not every little worm that gets loose can have a feast on your computing resources....

      This "oh buy a Mac they're secure" bullshit is really annoying. Yes they're cool, but I'd rather have a Venice AMD64 based system anyday. They're cooler, fas
      • And I hate the kind of knee-jerk "oh, that's crap, just secure windows better". Haven't you noticed that there's all kinds of problems out there that haven't been patched yet that are still causing ownings? Haven't you noticed that the average idiot just uses whatever OS comes on their computer? Given that most computers come with winblows on them, guess what, most people will use that unsecure piece of junk (and it's still not really secure even if you try to keep up with the patches).

        People are stupid, d

      • You missed my point. (Score:5, Interesting)

        by pschmied ( 5648 ) on Friday June 03, 2005 @11:10AM (#12714648) Homepage
        Yes, you can secure a windows box.

        But, does every end user need to be a damned security expert? Sorry, but the average Joe shouldn't have to know what the hell a host based firewall is, much less if it's a good one.

        Sorry, cowboy, if you are looking for easy (Gentoo doesn't cut it) and reasonably secure, the Mac is a pretty good option.

        Now, if you notice, the second part of my post dealt directly with defense in depth for enterprises that pay for real, professional security experts to mitigate the risks of running Windows. Windows can be managed, but it's expensive and requires more due dilligence than some other platforms that ship with a better default security posture.

        Congrats on the purchase of your Venitian AMD64. When *you* get off your duff and provide support to *my* extended family's fleet of PCs at slash-rate prices, I'll list you as an alternative to buying an Apple.

        Cheers!

        -Peter
    • This is really starting to smack of organized crime.

      Starting to? You haven't been paying attention. Botnets, phishing, traditional shipping scams and spam are not-even-terribly-new 'business' growth areas for organized crime 'gangs'. Many of the current attacks take a degree of sophistication and persistence not usually exhibited by your average script kiddie.

      Not that it's shocking - people looking to make a buck are going to try just about anything that might work, and refine their efforts on the things

  • My kids like to play Gunbound. http://gunbound.net/ [gunbound.net]
    They weasled my wifes login, and loaded it onto her PC. I found out why the other day, because they were having trouble installing the "upgrade".
    Trouble was, my wifes login no longer has "Administrator Access". So I elevated the privs, did the upgrade, and downgrade the privs.
    Gunbound don't run.
    So I uninstall, and try to delete the program folder, and get Access Denied.
    Long story short, even after uninstall, Gunbound left a process running on the com
    • If you actually READ what the update does, you would realize that its a anti cheating software that checksums the programm (actually, you can see it at startup before the main exe is run).
      And that you cant delete the program folder: smarty, you installed an update as administrator, OF COURSE a user cant delete the files... i suggest get them off the way you got them on...

      And yeah, because NOBODY would have detected a trojan that is installed by a game with >100.000 players...
      • Addition:
        While you were looking at their site, you may have noticed the "softsynx fights hackers" news item giving a hint about the "mystery program".

        And btw: they make money by selling ingame currency (something you would have found if you had really looked), and IIRC the korean equivalent isnt free of montly charge and was widely successfull 5 years ago or so)

  • Read: Spam (Score:2, Interesting)

    by Brent Nordquist ( 11533 )
    And of course a flood of spam will follow this like night follows day. This has been going on for some time; LURHQ wrote up some good articles about the virus/spam connection: Sobig.a and the Spam You Received Today [lurhq.com], Sobig.e - Evolution of the Worm [lurhq.com], and Sobig.f Examined [lurhq.com].

  • Get the Facts (Score:5, Funny)

    by mcleodnine ( 141832 ) on Friday June 03, 2005 @10:53AM (#12714477)
    In a recent survey of BotNet administrators, hosts running Microsoft Windows operating systems were found to have at least a 40% less TCO than a comparable Linux offering.

    "With volume discounts and integrated tools, we can now offer "managed" remote hosts as low as 5 cents per unit."
  • Clearly I was wrong when I reckoned that the word "reckon" was most popularly used in the South.

  • Racketeering? (Score:2, Insightful)

    by StormShadw ( 686387 )
    Could this be considered racketeering somehow? Prosecution under RICO would be interesting.

  • Security guy cynicism (Score:4, Insightful)

    by lythander ( 21981 ) on Friday June 03, 2005 @11:04AM (#12714592)
    OK, these things need to be taken seriously, but any press release needs to be taken with a grain (or bag) of salt. Spyware is the threat flavor of the day, and the specialized programs (ad-aware/spybot/spy sweeper/etc.) are better at managing it than traditional A/V is (at least right now). Bots are scary. Need to reformat and reinstall (our instructions to students at this major university). Viruses you can just clean (mostly, but mytob is throwing a wrench into that clean division). You figure which is scarier.

    CA is the only product which detects ALL three of the mentioned viruses as of this posting. Which is not to say that they're making this up, but I'd be more willing to believe it if it came from the Secret Service or CERT.
  • Comment removed based on user account deletion
  • It's a shame that criminals have developed the world's most massively powerful supercomputer at our expense. I'd like to see an organization compete with them, offering explicit, voluntarily installed bots. With an installer that runs the latest malwarectomy apps. This service is obviously valuable enough to the criminals - its legitimate use should justify the provider including subscriptions to malwarectomy support services.

    For example, instead of Folding@Home [stanford.edu] subsidizing pharmaceutical corporate researc

  • Public list of malware-infected PCs needed... (Score:3, Interesting)

    by Lazy Jones ( 8403 ) on Friday June 03, 2005 @11:16AM (#12714687) Homepage Journal
    In order to protect websites, ISPs etc. from such attacks, infected PCs' IP addresses must be collected and made available to the public in an up-to-date list (which would ideally even contain dynamic IP addresses currently in use by infected PCs).

    These PCs should be disconnected immediately by ISPs, non-complying ISPs should be blocked from major backbones.

    The feasibility of building and maintaining such a list is debatable, but for most situations and kinds of malware behaviour that seem common (to me), I can think of solutions (a simple one being to buy the mentioned list on the black market...). In practice, it should not be much harder than maintaining a list of open (mail) relays, although more cooperation from ISPs (e.g. for snooping/logging malware traffic) is needed.

    As a long-term solution, legislation should require ISPs to disconnect such problematic PCs immediately or be fined if damage is caused by them.

  • It just sucks my birthday is Augus 29th and all..

    As you all know thats the date Syknet becomes self aware and ...welll we all know the end..

    Terminators everywhere , cats and dogs living together in harmony, armageddon

    But seriously when is this supposed to happen EXACTLY ?
  • I've had some pretty nefarious ideas in my time but even I'd never implement them.. just what kind of total asshole would write software that does this? How do they justify it? How do they sleep at night?

    I just don't get it, I'm serious.

    Okay, now that I'm done saying that, you all can come in and tell me that I'm stupid for asking such a rediculous question and tell me that I should crawl into a hole and wait for the cleanup crew to eliminate me because i should be destroyed for asking such a question.

    • Re:who WRITES this shit (Score:4, Insightful)

      by The Angry Mick ( 632931 ) on Friday June 03, 2005 @12:22PM (#12715668) Homepage

      Organized crime.

      In the old days, virus authors were really just trying to see how much of a nuisance they could be. Now, however, the ability to combine stolen resources spread over a large geographical area makes it incredibly easy to do some serious crime for relatively low risk.

      Try looking at it from a criminal's perspective. The resources to mount a massive attack are easy to come by; thanks to most folk's unwillingness/fear to learn anything about computer security. The police are perceived as being just as clueless as the victims with the cracked computers. The investigation has to start with the machines that were cracked, which gives the crakers more time to cover their tracks.

      And this says nothing about the complexities of getting a conviction with the morass of International laws involved.

      It's evil as hell, but a bit ingenious.

  • Can command '66' be far off?

    Go into exile, we must.
  • Hey, people are studying botnets. They know how this is spreading, numbers of infected PCs, and what the code is.

    So why aren't self-destruct (e.g. remove backdoor and patch vulnerability) instructions being sent to these botnets as fast as they are becoming established?

  • Rent botnets here! $0.05/machine (Score:5, Informative)

    by Animats ( 122034 ) on Friday June 03, 2005 @11:29AM (#12714909) Homepage
    You, too, can rent your own botnet. Just visit one of these spammer-run sites.

    SpamForum [spamforum.biz]

    SpecialHam [specialham.com]

    And the new WildBiz [wldbiz.com].

    WildBiz does not require registration; the other two do. Just enter the forums and look under "Proxy Lists". Typical ads:

    • "Hello everybody here...
      First of all Hi to all of my seniorshooters here..
      Having good collection of fresh Proxies and got DM ["Dark Mailer" .. ed] Latest Version (Full Version) at really cheap rate.
      DM Latest version (Full) for $49
      Fresh Proxies $50 for 500 proxies
      dmandproxies@iamdns.com [mailto]
    • Today's Fresh Proxies
      61.246.226.69:3128@TUNNEL$GOOD$20297$Australia
      81.33.4.70:3128@TUNNEL$GOOD$2953$Spain
      61.246.226.69:3128@TUNNEL$GOOD$20297$Australia
      218.208.247.81:3128@TUNNEL$GOOD$15219$Malaysia
      219.144.194.74:1080@SOCKS4$GOOD$1125$China
      66.154.54.215:80@TUNNEL$GOOD$4157$United States
      66.154.54.224:80@TUNNEL$GOOD$1266$United States
      ...
      We provide Hourly Updated Fresh Proxy Lists, which can be used for bulk mailing ... standard port proxies and non-standard port proxies are both provided, become our members, and download fresh proxy lists hourly. USD 50 per month, then you can access our proxies database . proxies updated from every 15 minutes to 30 minutes . For more infomation, please contact proxylists@iamdns.com [mailto]

    That's how you market a botnet.

    Yes, these operations are addressed to wannabe spammers. But the fact that they're advertised openly indicates how weak enforcement is.

  • extortion? ddos? weather prediction? currency speculation? virtual nuclear tests? total informational awareness? why knows why they'd want it. but i know why i'd want it.

Slashdot Top Deals

To be awake is to be alive. -- Henry David Thoreau, in "Walden"

Close