Botnet on Botnet Action

Dausha writes "The Tech Web news site reports a story about Botnet turf wars. Botnets have been around for a while, and are increasing in severity. The latest innovation finds Bots capturing and securing host computers from other bots. Security includes installing software patches, shutting down ports, etc."

Note to Editors

[Billosaur]

Never let CmdrTaco come up with headlines after a night of watching girl-girl porn... the images created are... disturbing...

Re:Note to Editors

[TheMeuge]

How do you think he came up with his username?

Re:

[JamesTRexx]

You were thinking of a clusterfuck too?

Re:

[number1scatterbrain]

I built a cluster, and the bots fucked it.

Re:Note to Editors

[thestudio_bob]

Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone? A botnet that goes around and secures all these drone computers would save the connected world a lot of headaches.

Re:Note to Editors

[AndersOSU]

because it is self defeating. If you clean up a computer, you no longer have access to a computer that would clean up other computers.

Re:Note to Editors

[It'sYerMam]

Hmm, I don't think this has been thought through properly. (regardless of the insightful mod) Just because you've patched up the security hole on the host computer doesn't mean you can't still send stuff out. And of course, it's less than trivial to build in a time delay before the bot patches security holes and terminates itself, during which time it infects as many PCs as it can - so if, by some mechanism, the way you got in is related to the way you're sending yourself out, it would still work.

Re:

[Propaganda13]

That makes no sense. A bot is just code. You can secure a computer from outside infection and still run programs on it that access the internet. You can even have secure access to it remotely.

As for companies doing it through a botnet, why would they want a lawsuit? As for doing it through their services, several companies do offer protection tools like antivirus, firewall, etc. already.

Re:

[WhatAmIDoingHere]

Some people tried that. Modifying some of the bad worms to have a payload of "download and install the patch for the hole I came in with."

That failed pretty damn hard. It was argued that it did as much damage as the worm it was trying to stop.

Re:Note to Editors

[qwijibo]

Because good has to be much more diligent, and that is orders of magnitude harder.

When you're working for evil, you don't have to worry about collateral damage. If you cause one system out of 100 to stop working completely, or just have some incompatibility that makes it less useful to the user, you don't care. If they didn't want to be infected, they'd have better security. Propagating evil viruses, trojans and worms is easy because you can be careless and expect the rest of the world to reboot if you have a bug.

This is also why large organizations have people to test that patches don't break the necessary functionality in their supported applications. If something breaks, they have to support it, so they make sure it's not going to come back to bite them. This takes a fair amount of time, people, and all of the supported configurations to ensure that things are safe. It's a real pain in the neck (or other body part) to do a good job at this.

The most secure machine is one that is turned off, unplugged and locked in a room that has an armed security guard with standing orders to shoot everyone. That's not the computer usage model that any of the companies listed want to encourage. They want the user to be insecure to different degrees.

Re:Note to Editors

[Chosen Reject]

"And now we see that evil will always triumph, because good is dumb."

Re:Note to Editors

[plover]

I'm not so sure about this. Why does good have to be diligent and honest? Why can't this be done by vigilante groups who are not officially sanctioned, but nobody complains about them?

The internet is still pretty much wide open, with no single governing body. A vigilante group could operate out of any number of less-than-cooperative countries. And this vigilante group does NOT have to be 100% good or careful. These zombies exist because their owners don't know or care enough to keep their machines safe, and now they're out attacking the rest of us. I have about zero tolerance for dangerously ignorant people or their hardware when it's threatening mine.

In medical terms, these zombies would be defined as malignant cancerous cells, and botnets as tumors. And to carry the medical analogy further, the treatment is to kill the rogue cells. We don't contact them, and ask "hey, Mr. Cancerous cell, you're hurting the rest of us, would you please stop?" No, we use chemo and radiation and surgery and remove and destroy the tumors so they don't spread further.

I really don't see why a vigilante group can't send out "good-faith" efforts to patch bad machines. If those machines die as a result of a bad patch, well, perhaps its because they deserved to die. I certainly wouldn't complain if someone started actively dismantling these networks.

Re:Note to Editors

[karmatic]

I certainly wouldn't complain if someone started actively dismantling these networks.

Some of us try.

A while ago, I got a spam message, trying to infect me and connect me to a botnet - the software was a hacked up mIRC client with some DLL plugins. The client would automatically open a second connection, connect to a random network and channel, and proceed to spam people with virus messages on join. ("Type //some evil command to get op!, etc.")

After talking to the admins, we banned the owners (only certain nicknames were allowed to control the bots), and replaced them with an eggdrop that had the infected people download and install an automatic cleaner. Thousands of infected computers were cleaned overnight, and hundreds more over the next few weeks. Is it possible that the cleaner broke a machine or two in the process? Possible, but unlikely (would be most likely due to a variant of the bot). Oh well - it made the IRC servers I used a lot more useful.

Re:

[plover]

Hey, if you're running an unpatched server that's been taken over by a bot, and now your zombie is trying to corrupt my server, I don't care who you are or what you think of the trespass laws. If some vigilante botnet comes around and cleans up your machine, you should be out there kissing their asses in thanks and writing them donation checks, not whining "You COMMITTED A CRIME." Because if a vigilante group can do their cleanup work on your equipment, YOU are the criminal. You are criminally negligent

Re:

[Achromatic1978]

You are criminally negligent

Nice try, though laughably untrue.

I do love your blind faith though. So, tell me, someone emails you and says "Hey, you, your machine is in a botnet. But you should trust me, a complete stranger. Install this random fucking .exe and it'll clean you up, and you know this, because I said so."

You wouldn't do it knowingly, you'd mercilessly attack anyone who did so knowingly, so remind me what the difference is if you do it without knowledge?

Re:

[karmatic]

Uhhh, not to be inflammatory and all, but who the fuck are you to take it upon yourself to install your own trojan?

Well, that certainly sounds like you're trying to be inflammatory, but I'll bite.

A trojan is a specific type of program that masquerades as one thing, but is in fact another. The original attack was most definately a trojan. As such, I can only assume that either a) the owner of the machine didn't know about it, and has no desire for it to continue, or b) it's a botnet owner - I don't care ab

Re:

[Achromatic1978]

It is? And, of course, you know this how? Because he said so? Sure, in this instance, he might actually have done so, but way to completely miss the point - how does anyone know, when this guy here makes his "white knight" offer to /install a second trojan/ that supposedly gets rid of the first, that that is WHAT HE ACTUALLY DID?

Re:

[qwijibo]

Good has to be diligent and honest to be good. You can argue shades of gray, but that's just another way of saying degrees of evil.

When you decide to be a vigilante group and dish out your style of justice for others' perceived sins, you are at best what Machiavelli describes astutely as "other than good."

I'm a sysadmin, so if I were a juror and your "other than good" tactics landed you in court, I would not in good conscience be able to vote to convict you for trying to do something about these idiots. H

Re:

[plover]

Oh, I know the analogy is weak. A better analogy would have been a virus, something transmissible to other people. At that point there *is* a public health reason to take action, either "enforce a cure", or at the very least to do what you suggest: quarantine.

As we both acknowledged, there is no governing body, which is why I don't think vigilantes are unjustified in their actions. In order to accomplish what you suggest, each and every ISP would have to agree to participate, or giant chunks of the in

Re:

[SatanicPuppy]

By this rationale, if I see a sick person walking down the street, I can walk up to him and inject him with a concoction of my own design that I firmly believe will make him better, but which probably hasn't been tested very well, and may kill him.

I'm not opposed to people taking vigilante action on botnets, but the reality is, vigilantes are also breaking the law, and I likewise don't have any qualms about seeing them face the consequences of their actions when their homebrew fix-it app runs amok.

Re:

[plover]

Not at all. Sick people can be sick, it happens. But we're not talking about "ordinary sick." We're talking about bleeding-from-the-eyeballs-ebola sick. The kind of sick that makes other people sick simply through casual contact. And most importantly, we're talking the kind of sick a reasonably prudent person can keep at bay with vaccinations and regular doctor visits.

If you actually saw a sick person wandering down the street, bleeding from his eyes and coughing ebola viruses on everyone he passed,

Re:

[SatanicPuppy]

In full disclosure, I own Cisco stock.

And here, I was just thinking you were employed by them.

Cisco makes some decent equipment, but it is all exponentially more expensive than their competition, and surrounded by promises that I haven't seen play out in the real world at all like they do in the fluffy commercials.

Additionally, Cisco has a history of occasional boneheaded security lapses, like the backdoor with the hardcoded user name and password, or the lawsuits a few years back against the guy who demons

Re:

[Junior J. Junior III]

Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone?

That's exactly what turning on Automatic Updates + Firewall protection + Antivirus software automatic updates is. You can still get 0wned even if you have Automatic Updates turned on, but it's better than nothing. Automatic Updates + Sunbelt Kerio Personal Firewall + AVG Anti-Virus Free Edition + a couple of spyware scan/remove apps + runni

Re:

[HAKdragon]

You know, that's one of the things I really don't miss about running Windows...

Re:

[networkBoy]

Automatic Updates + Sunbelt Kerio Personal Firewall + AVG Anti-Virus Free Edition + a couple of spyware scan/remove apps + running Firefox instead of IE and being careful about what I click + hiding behind a NAT router keeps me pretty safe, for the most part.

And uses what percentage of your clock ticks? 20, 30, 70?

Re:

[Junior J. Junior III]

When they're not running, they use damn close to zero.

But, when they are running, they might use a certain amount... JUST LIKE A BOTNET! OMG! My analogy is flawless!

Re:Note to Editors

[bhmit1]

Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone? A botnet that goes around and secures all these drone computers would save the connected world a lot of headaches.

Because of liability and money. A large company won't do this because if they take control of your machine against your will through a security hole (and there's no other way they'd put a dent in the problem if people had to volunteer to have this installed) they are liable for any damage that does and open themselves up for trespassing lawsuits. Consider a patch that a company is not installing because it conflicts with business critical applications or because they are aware of an even bigger security hole it exposes.

As for some hacker doing it, it's all about money, and maybe a little fame. Doing this puts you in a worse position than the airline ticket hacker. So anyone that exposes themselves to this kind of risk, does so for money. And right now, there's money to be made in cutting out the competition in terms of making your botnet bigger than theirs and less likely to be removed (users are less likely to notice just one bot).

Re:Note to Editors

[HUADPE]

Seriously, why couldn't some kind of "GOOD" botnet be created that does this? If the spammers can do it, why can't Microsoft, Yahoo, Goolge, AOL, Symantec or someone? A botnet that goes around and secures all these drone computers would save the connected world a lot of headaches.

It's illegal. Botnets constitute several levels of fraud in that they a. install software without your consent; b. steal your bandwidth to copy themselves; and c. then use your computer to commit some other crime.

c. would not be done by a "good" botnet, but a. and b. would. Even if all the hijacks came from a commercial server set up for it, a. would be violated. If you think click-through EULAs are invalid...just imagine the invalid-ness of a botnet install.

Re:

[cdrguru]

Yes, but ...

So what? When was the last time you heard about some botnet master getting arrested and charged with 20,000 counts of computer misuse? Oh yeah, the one prosecution there was occurred because the guy bragged on some FBI IRC channel.

These people are immune to prosecution. Let's say I have a 10,000 strong botnet and I am controlling it through my cable modem at home. You can't trace the botnet back to my cable modem, that's not how it works. You can't trace it through the IRC channel used for

Re:

[ajs318]

Because regardless of your intentions, it would still run afoul of the Misuse of Computers Act 1990.

open source anti-evil botnet

[Gary W. Longsine]

Hmm... I suppose that if an open source effort were orchestrated and hosted from a non-extradition country, such a botnet fleet could be designed and maintained without running afoul of this law. The idea still has a number of other problems, not least of which is that it's not clear how R&D would be funded. Botnets are evolving rapidly due to the influx of R&D money. The Anti-botnet won't benefit from revenue generated by stolen credit card numbers, data stolen and then sold to corporations and

Re:

[DarkDaimon]

I thought Windows was a botnet!

Re:

[briancnorton]

"Evil will always triumph over good because good is dumb."

Microsoft already has this in place, it's called windows update, and it was a HUGE leap forward. For the rest it has to do with legality and profit motivation, i.e. it's not legal and they can't make money off of it. Symantec and Microsoft make their money selling aspirin to the headaches you're describing. Google and Yahoo would be WAY out of their realm of specialty. Personally, I wouldn't mind ISPs doing it, assuming it was very up-front about

Re:

[scottv67]

A botnet that goes around and secures all these drone computers would save the connected world a lot of headaches

We fire-up the wayback machine and visit 2003:

http://www.trendmicro.com/vinfo/virusencyclo/defa u lt5.asp?VName=WORM_NACHI.A [trendmicro.com]

Patch Download

This worm is also designed to patch systems against the RPC DCOM Buffer Overflow. It first checks for the running Windows version and then downloads a patch from Microsoft. Note, however, that this worm does not have a mechanism which checks for the required service pack needed to install the patch. Thus, on systems where the required service packs are not installed, the downloaded patch are similarly left uninstalled.

Re:

[Glog]

The moment MS, Yahoo, or Google introduce a "good" botnet they are basically offering a complete software package which hackers can reverse-engineer and twist for the their own evil benefits.

Re:

[scottv67]

As I remember it, there was a secondary worm, a "good" worm, that was intended to clean up infected machines if the users wouldn't/couldn't themselves.

http://www.trendmicro.com/vinfo/virusencyclo/defau lt5.asp?VName=WORM_NACHI.A [trendmicro.com]

I understood the intention, but the result was awful.

Amen to that!

Re:

[jojoba_oil]

Couple that with a quote I pull directly from TFA:

It's one incestuous ecosystem.

What's another word for pirate treasure?

[spun]

All I could think of when reading this headline was Buck Rogers in the 25th Century. Specifically the second season, when they introduced Twiki's robot girlfriend. You know, the one who said "bootybootybooty," instead of "bidibidibidi."

"Second Variety"

[elrous0]

Reminds me of Phillip K. Dick's "Second Variety," where the robots evolved first into killing their human masters, then into killing one another.

Re:Note to Editors

[dkf]

Yeah, it should have been 'Informative'.

Re:Note to Editors

[smooth wombat]

But what will CmdrTaco do when he is NEVER allowed to come up with headlines?

Work on the broken mod point distribution code?

So many Bender jokes. . .

[smooth wombat]

so little time.

Re:So many Bender jokes. . .

[Billosaur]

The other thought that came to mind was "Autobots, attack!", but that's just me...

Funny 404

[gblackwo]

Got a good couple 404 error from slashdot on this page before anyone had commented, I thought the bots had a foothold.

"Botnet on Botnet Action"

[circletimessquare]

that is some strange evolution going on. it seems that some of the porn spam bots have learned how to spam slashdot with story title submissions

I can see it now...

[Mockylock]

In a dark area of Brooklyn, servers have a standoff wearing their bandanas, willing to die for their turf.

"We are better with patches", says GlobalBot international server.

InterSearchBot united server sneers, "PATCHES!?... WE DON' NEED NO STINKING PATCHES!"

So Possibly...

[QBasicer]

...the botnet creaters are trying to make their botnets more secure, and prevent other botnets from taking over the host? I'm not sure whether this is good or bad. The bad news is that it may be harder for them to detect and eliminate, but the good news is that it may keep down multiple infections?

Re:

[garcia]

The bad news is that it may be harder for them to detect and eliminate, but the good news is that it may keep down multiple infections?

Well you can certainly find their clients. They are the ones that are constantly hitting your web server with POST commands with no preceding GET, have strange referrers, or stupid browser identification (AmigaOS or C64, etc).

I really wish that the residential cable ISPs would shutdown these fucking connections faster. My ban list is nearly unmanageable now, if it continue

Re:So Possibly...

[plover]

I don't report zombies on Comcast addresses probing my home web server to Comcast because I'm afraid they'll just get all pissy about my running a web server. It's strictly a "personal use" server, and it doesn't see a megabyte of traffic a day, but you never know what's going to tweak the wrong person. I figure it's better to stay below the radar, keep the patches current, keep watching the logs and put up with the probes.

Re:

[garcia]

I don't bother to report mine to Comcast either because they don't do anything about it above and beyond their automated system checks anyway. They get enough abuse@ contacts that they cannot be concerned with some idiot that is running an open proxy.

Fortunately for me, I have a Visi DSL connection and they allow servers to be run without issue. Good thing too as I top 4.5 GB of transfer on average a month for my web server alone.

Re:

[somersault]

I can't afford anything but a C64, you insensetive clod! And my browser doesn't support GET.

Re:

[Darth_brooks]

So instead of dying of the flu, whooping cough, measles, mumps, and rubella, you die of ebola virus. It's not really an improvement. Bots that are harder to hunt down and fix also raise the possibility of greater use of the net as a weapon. Instead of sending spam, the highest bidder on a bot net now uses it to attack financial markets, or DDOS more important communications centers.

It's not the evolution from amino acids to virus that worries me. It's the evolution from "swinging stone axes & clubs" to

Marching down the road of informational warfare

[Anonymous Coward]

This was predicted in the past, but here's one of the roadmaps:

http://www.iwar.org.uk/iwar/resources/treatise-on- iw/iw.htm [iwar.org.uk]

Quite a lot of reading, but its not too bad. Seems like all that is happening is that the crooks are catching up with the research faster than the commercial people are.

The fat years are over

[Opportunist]

The time when there was still a market to grow into with botnets is over. The big surge of new, clueless morons filling the net is slowly coming to an end, and even the morons now start using firewalls and AV tools (still no brains, but hey, I'm already happy with small steps).

So the maximum amount of machines to have is pretty much reached. Now the battle for the precious dimwits started. Well, it started some time ago, but we now get a lot of bot malware that actually tries to kick out the competition.

What for, one may ask. Why the overhead? I mean, what's wrong with 2 competing botnetters controlling a computer?

Bandwidth. You can only pump so much spam out of a machine with a given bandwidth. If two try that at the same time, they have to share. And sharing is not really a trait of a botnetter.

So, let the games for the herd begin. If anyone's looking for me, I'm in the lobby getting popcorn.

Re:The fat years are over

[Applekid]

There's a little more than just bandwidth. If your botnet can gain one extra machine, that's an advantage of +1. If your bothnet can gain control of a machine belonging to a competing botnet and kick it off that one into yours, you gain one extra machine and remove one from your opponent for an advantage of +2.

When it comes down to botnets being commissioned for Spam and DDoS attacks, the one with the most machines gets the highest bid, and the difference between that bid and the second best is likely directly related to how many computers make up the difference.

There's a bit of an evolutionary war that's continuing. It's not enough to get your bot client installed. It's facing selection pressure from smarter users, better anti-virus/rootkit detection, firewalls making it harder to propagate, and more aggressive opponent bots.

Sounds very similar to nature's natural selection.

Re:

[Opportunist]

As a botnetter, you didn't even try getting into tightly secured machines (at least, you didn't 'til now). Not worth the hassle. There were enough machines to go around that have little to no security, comprised of an unpatched system, no AV (or with an outdated database), no router/fw in front of it and a braindead zombie not only in but also in front of the machine. The dominant way for infections are still mails with malware attachments. I.e. they need the user's aid to actually infect. You have a really

Re:The fat years are over

[misleb]

There's a bit of an evolutionary war that's continuing. It's not enough to get your bot client installed. It's facing selection pressure from smarter users, better anti-virus/rootkit detection, firewalls making it harder to propagate, and more aggressive opponent bots.

So if there is an intelligent designer behind the changes in the bots in response to selective pressure, is that evolution or intelligent design?

-matthew

Re:

[plover]

And if you use your bot to retrieve a competing bot, you can reverse engineer your opponent's command and control structure. Why fight for one advantage at a time when you can 0wn his entire botnet? Game, set and match.

This has been going on for years,

[twitter]

and it has nothing to do with what users do other than use Windoze.

Re:

[Opportunist]

Ain't that easy.

Windows is the primary target simply because it has a market share of roughly 90% in the consumer area. You may safely assume that a business server is administrated by someone who has at least half a clue and uses security features, no matter how lenient, so the consumer is the core target group for botnetters.

Since most modern attack schemes rely not on system weaknesses but on user stupidity, this would work in every environment.

What it really has to do with is users clicking on everythin

market niche is not security

[Gary W. Longsine]

Almost everything you said is partly correct in some limited cases.

Some of the browser exploits don't require a user to allow the wrong thing nor visit an obviously bad web site. "Good" web sites get cracked and used as distribution vectors. Exploit chains are created such that malware can get on the box as an ordinary user, then elevate to super-user status by taking advantage of a local privilege escalation vulnerability. The amount of worm traffic probing around the internet, and the continual new

Low cost + high payoff.

[khasim]

The amount of worm traffic probing around the internet, and the continual new versions of botnets with worm capabilities seem to indicate that remote execution holes have not been abandoned as a propagation vector.

It's low cost and high payoff. A machine can scan 24/7/52. If your box is vulnerable, it WILL be found.

...botnet masters don't seem to much care about the nature of the systems they infect. They are clearly a mixture of home users, corporations, and government agencies.

That's because the attacks a

Re:

[SL Baur]

Windows is exploited the most because Microsoft has, in the past, opted for a less secure security model so that Microsoft OS's and apps could be more "user friendly".

There isn't much of a security model. It's insecure by design. A mail client should never, ever be allowed to execute code received from the outside. It shouldn't even be an option to turn on. Self-executing zip files are a disaster. Always invoke (preferably by hand) an archive unpacker to deal with archives - why do you think unshar was invented? Fix those two problems (which have been documented for a long, long time) and you would go a long ways towards solving the security problem on Microsoft Wi

Re:

[SL Baur]

They already require the user to go through the steps you suggest, and they ARE DOING IT!

You can write fool-proof code, but you can't write dang fool-proof code?

I'm impressed though. Really.

Re:

[cdrguru]

Yes, but...

The one thing you missed is that perhaps 1% of the available machines will really be vulnerable to attacks, either through user stupidity or unpatched security flaws in some product (OS, Browser or whatnot).

This brings the numbers more in line with market share where there might be 200,000 available Mac OS machines and 4,000,000 Windows machines.

Have no faith in Corporate IT

[twitter]

You may safely assume that a business server is administrated by someone who has at least half a clue and uses security features, no matter how lenient, so the consumer is the core target group for botnetters.

Having worked for a fortune 100 company and later done Windoze upgrades for another, I can say that assumption is anything but safe. It had nothing to do with the users and everything to do with OS choice. The admins worked hard but it was all a waste of time regardless of the amount of money they

Unfortunately, this is not true

[Mostly a lurker]

The use of AV, anti spyware and personal firewall products is increasingly ineffective in preventing infection. If these products are fully up to date, the good ones will currently stop about 80% of the malware thrown at them, and the situation is becoming worse. The trend towards broadband routers with embedded NAT firewalls helps, but infections through email attachments and visiting malicious websites is not going to decrease: it is going to continue to increase. As the botnets become oriented primari

Re:

[krbvroc1]

With profits already dwarfing that of the global drug business

Care to back that up with some sources? This seems like a huge overstatement to me...

sources

[Gary W. Longsine]

A minute or so with Google, or occasional reading in the field of information security would lead you quickly to understand that those claims are, sadly, not overstatements.

Re:

[krbvroc1]

A minute or so with Google, or occasional reading in the field of information security would lead you quickly to understand that those claims are, sadly, not overstatements.

Well, 10 seconds with google pulls up the United Nations estimate that the world drug trade was $320 BILLION dollars in 2005. (0.9% of the worlds GDP!). And the claim of the OP was that 'botnet' profits 'dwarf' this. Come on...really?

Re:

[Mostly a lurker]

The initial realization of the scale of the problem came from an FBI study last year. You can start with Malware Trends [itsecurity.com]. However, it is important to note matters are deteriorating faster than anticipated when that article was written last year.

You might also read Bumper crop of malware expected in 2007 [techtarget.com] which starts with Gartner's prediction that

75% of all enterprises will become infected with undetected, financially motivated malware by the end of 2007.

Unfortunately this is all too real and there are n

Re:

[Opportunist]

What part of it is not true?

Corporate networks are largely unintersting. Few people store their personal information on their corporate machines, simply because it would be against their working contract in most places to use the machine for personal business. At best such networks would be interesting for their bandwidth, but they are usually a lot closer monitored than private machines and nets.

Yes, the stealthyness will increase. It already does. 2 years ago the average malware was an easily detectable p

Evolution

[Shambly]

I think this one oneupmanship is very good. Sure bots are bad but if we look at a virus they are now developing a symbiotic relationship with the hosts. How long until they become indispensable to the security unconscious consumer. Sorta like how bacteria evolved into helping the organism it inhabited. Very interesting to see where this will ultimately lead.

Re:

[Pollardito]

for every bacteria that helps an organism, there are probably 2 or 3 that hurt them but this analogy is particularly weak because these computer viruses are only taking their beneficial steps to a certain point...they're not stopping themselves from ruining your PC. i'm not sure why you'd want a rooted computer that steals your bandwidth, your data, and ultimately your money just because it keeps other viruses from doing the same

Re:Evolution

[vivaoporto]

I can tell you in advance, without charge, where this will lead. Just like a disease vector [wikipedia.org], these machines will continue to be used by the botnet masters to infect other machines, spread SPAM, steal the very machine owner personal data and, in general, obfuscate illegal activities.

I don't know from where people commenting this article got the idea that having only one "infection" that don't totally destroy the machine is a good thing, even for the machine owner. Actually, it is very worse, because if people don't notice any different behavior they will not worry to fix the machine, even if they know about the infection. And in the end of the day, they will be the first to lose their money in some scam that they inadvertently help to spread.

People don't infect machines nowadays on the evilness of their hearts, only to wreak havoc or for bragging rights, not anymore. Now they do it for profit, it is organized crime that is happening there. Have no illusions about it.

Re:

[vivaoporto]

Yeah, symbiosis. Just not the kind that this word use to imply. Let's see what symbiosis really mean:

Symbiosis [wikipedia.org]: (Gr. syn, with + bios, life) [A] close association between two different types of organisms in a community. It can be defined as (...) [t]he living together in permanent or prolonged close association of members of usually two different species, with beneficial or deleterious consequences for at least one of the parties.

On this case, the class of this symbiosis has a name. Parasitism [wikipedia.org]. And gu

Oblig

[xBOISEx]

"Begun, this bot war has"

Re:

[gmuslera]

One Botnet to rule them all, One Botnet to find them, One Botnet to bring them all, and in the spam sink us

A Unique Opportunity

[Billosaur]

All we need is to build a botnet capable of hunting down and destroying other botnets... or perhaps converting them? Kind of the Internet equivalent of an evangelist...

Re:

[BlueTrin]

Or we could just put their signature in an antivirus/antitrojan ?
Which is basically the result of the work of people working in companies using reports, honeypots and their brains.

Re:

[drinkypoo]

The problem with that is that the people who are using botnets for commercial purposes are way way way the hell ahead in the arms race. They already know what they're doing. And there's no reason to believe that they're stupid; they've accomplished so much...

Botnet Gang Fights?

[hcmtnbiker]

*Cues West Side Story finger snapping*

Re:

[zippthorne]

Yeah, 'cause nuthin' says "gang bangers" like a choreographed dance-fight to hip music...

What I want to see is a Botnet that

[gurps_npc]

hunts down pop-up advertiserment programs and either destroys them or tags them (so that pop-up blockers will automatically shut them down).

With all the punk 1eet programers out there, you would think that someone would spend time writing this instead of silly viruses.

I am tired of having pop-up advertisements beat my pop-up blocker.

How long until...

[rbanffy]

How long until a botnet become sentient and decides eradicate humanity? ;-)

I keep telling people those Windows machines are dangerous. This puts them on a whole new scale.

Title should have been

[wiredog]

"Hawt Botnet on Botnet Action". With links to robot porn.

Re:

[frogstar_robot]

"Hawt Botnet on Botnet Action". With links to robot porn.

And booze! And hookers!

Re:

[mstahl]

Done [smithappens.com] ;)

The new protection racket...

[kabocox]

Forget anti-virus or malware vendors. We'll just admit that we live in the wild west/various mob ruled internet. How long do you think that it'll take them to figure out that they might be able to shack down the owners of those PCs for say a $30 a year "protection" fee from other anti-virus/anti-malware/ general evil spreading software products?

botnets evolve themselves out of business?

[Maximum Prophet]

If botnet A installs patches 1,2 & 3, and botnet B simultaneously installs patches 4, 5, & 6, could the target machines be completely immunized after the next reboot?

Re:

[Yetihehe]

Yes, but they still have those two botnet's so they are not secure.

Re: Forced Evolution out of business!

[TaoPhoenix]

Would one of you /. geniuses please discover a manual config of this idea so that we can breed an army of WinMules that can't reproduce any more bots?

The irony would be delicious.

Re:

[Spy der Mann]

could the target machines be completely immunized after the next reboot?

You're forgetting one thing. SouthKorean machines with devils-own XP (no SP) which CANNOT be secured until they install SP2. I wonder how the botnets will do this, and if they do, I'd like to watch :)

Reminds me of "open range" disputes in Wild West

[Jacques Chester]

A lot of disputes in the old wild west arose from open ranges, where "anyone" could graze. In practice it led to nasty disputes and illegal attempts to fence off ranges. I reckon it might be amenable to economic approaches. [clubtroppo.com.au]

Map?

[andrewd18]

What I'd like to see is a map of IP addresses, perhaps by provider, with the "turf" colored by type of infection. That would be awesome.

Knock knock, Neo...

[Spy der Mann]

the botnet has you.

There were worms that would target other worms....

[jthrelfall]

For the folks discussing having 'good' botnets, does anyone remember the Nachi worm? It's purpose was to use the same Windows RPC DCOM vulnerability that Lovesan (an 'evil' worm) used. It would then kill the lovesan processes and download the necessary patches from M$ to prevent further re-infection. It would then search out network segments for other machines to 'fix' Nice in concept, but the amount of network traffic that this created when it was in search mode would overwhelm closet switches in a decent

DCW

[qengho]

Wow. Distributed Core Wars [wikipedia.org].

Re:Could someone explain the closing of ports?

[dkf]

Could someone explain why it is important that ports are closed?

The only way to have a message received off the internet is to have a port open. Most ports on desktop computers are only opened to specific machines while you're uploading or downloading some data (whether web, email, or any of a myriad other things). But on server computers, ports have to be open for connections from client machines which are potentially anywhere. If the software behind those ports isn't careful, it's possible to attack the machine through them.

Desktop systems are usually not as highly protected on the inside as server systems (alas) so having a firewall that blocks off server ports "Just In Case" is a good plan.

(And yes, I've left out lots of detail from this potted explanation.)

Obligatory Flamebait Elaboration

[freeweed]

Most ports on desktop computers are only opened to specific machines while you're uploading or downloading some data

Except, of course, on hosts running modern versions of Windows, which is what started the first waves of botnet infection in the first place.

Microsoft has "fixed" this by installing a software firewall to block these ports, but they're still all open. Every Windows-running desktop on the planet (with the exception of the remaining 9x boxes) is essentially running itself as a server.

As to why I