The World's Biggest Botnets

ancientribe writes "There's a new peer-to-peer based botnet emerging that could blow the notorious Storm away in size and sophistication, according to researchers, and it's a direct result of how Storm has changed the botnet game, with more powerful and wily botnets on the horizon. This article provides a peek at the 'new Storm' and reveals the three biggest botnets in the world (including Storm) — and what makes them tick and what they are after."

Does it run on Windows?

[SpaceLifeForm]

I thought so.

Re:

[Wonko the Sane]

I'd feel a lot safer if I could ever get selinux to work...

Re:Does it run on Windows?

[flyingfsck]

I'd feel a lot safer if you could get selinux to work on Windows...

Re:Does it run on Windows?

[nsanders]

I'd feel a lot better if I could get SELinux to work on Linux..

Re:

[Wonko the Sane]

Is there really more than about 3 people in the world that actually have a working SELinux system? That they use on a day-to-day basis?

Re:Does it run on Windows?

[Torvaun]

It's a well-known fact that SELinux was developed to confound hackers. It is a less-known fact that the trick is to try to get them to install it.

Re:

[cheater512]

It was made by the NSA. What did you expect? :P

Re:

[davester666]

...that doesn't run in 'insecure' mode.

Is there a secure mode for Windows? I mean, besides turning the computer off and unplugging all cables from the computer.

Re:

[The MAZZTer]

I wouldn't. The opposite, actually.

Re:

[Wonko the Sane]

SELinux isn't really appropriate to a general-purpose home computer

That's probably 99% what's wrong with it. I agree with your statement, but I assert that it should be appropriate.

Re:

[ozmanjusri]

I assert that it should be appropriate.

I tend to think of SELinux as a reference implementation rather than a working tool.

It IS possible to use it though, and in fact, I have it set up on my CentOS server here, but for desktops, a reimplementation like AppArmour is more appropriate.

If you decide to try SELinux, this presentation http://people.redhat.com/dwalsh/SELinux/Presentations/ManageRHEL5.pdf [redhat.com] [Warning: PDF] was what got my head around it.

Well....

[Creepy Crawler]

In other words, stupid people and people who dont care about security punish the rest of us. How nice.

You dont know how much I would appreciate a "Internet License" to show basic security and protections on the net. WIth the financial nets and traffic nets as they are, I'd say that hauling a 2 tom missle down a highway and doing this would be similar.

You Sank My Enterprise!

[twitter]

Ah, but you fail it!

In other words, stupid people and people who dont care about security punish the rest of us. How nice. You dont know how much I would appreciate a "Internet License" to show basic security and protections on the net.

Anyone who thinks non free software can be secured should be denied said license. FTFA:

This shift has even awakened enterprises, which historically have either looked the other way or been in denial about bots infiltrating their organizations. (See Bots Rise in the Ente [darkreading.com]

Re:You Sank My Enterprise!

[hedwards]

If you think you can do better than Fortune 100 support teams, you are sorely mistaken. They have all the time, money and employees they want to throw at this problem and still get their ass kicked. People trying to tweak non free software are working in the dark and will always be surprised. No matter how much they spend, they can never fix the problem.

The reason that the corporate world has issues with bots, has far more to do with the corporate environment than it does with the security of the platforms involved. After all any sufficiently secure platform can be made insecure by allowing the wrong morons to use it.

On my home network, I can do things like block every single incoming port and disable pretty much all of the outgoing ones as well. I can install firewall software on each computer to scan the remaining ones. I can create my own install media to remove nearly any part of windows which isn't related to the bare essentials, then install the bets antispyware software and demand that anybody that uses the computers not click on links in email.

I'm sure there's more, but I would be surprised if I were allowed to do even that much if I were responsible for securing a corporate network.

Re:Well....

[Anonymous Coward]

I installed Storm on my computer and I've never been happier. Downloads are quicker, my mortgage has been refinanced, I made a fortune in the stock market, and my cock is 2 inches longer.

excellent botnet-er, would bot again++++!++!

No Rolex watch?

[Skiron]

I can sell you one, real cheap...

Re:

[Radres]

But then Bill Gates wouldn't be able to use the internet!

Re:

[John Hasler]

Bill Gates would have no difficulty at all using the Net, nor would other users of licensed copies of government-certified closed-source operating systems. It's just users of unregulated Free Software OSs that would be locked out.

Re:

[Opportunist]

You say that like it was some kind of loss.

Re:

[Score Whore]

In other words, stupid people and people who dont care about security punish the rest of us. How nice.

Yeah. But we can't ban bittorrent. In all seriousness, how is someone being infected with something like the storm bot punishing you? Presumedly you care about security and aren't stupid. So you're all patched up, have at least a basic firewall, and won't be opening up emails from Alice BigTits with a subject of "Wet teens big c0cks!!!!" and won't be double clicking on files named "RobMaldaToplessAndPlugged

Re:

[Torvaun]

Millions of Radiohead downloaders aren't telling me that I've won some European lottery, that's how. I could care less if these botnets were all doing SETI@home. I'd be pleased if they were all doing Folding@home. But they're filling my inbox instead.

Re:

[Opportunist]

In all seriousness, how is someone being infected with something like the storm bot punishing you?

By participating in a DDoS against me. Can happen easily to you if you're in malware research.

Re:Well....

[Torvaun]

No, smart people who know plenty about security punish all of us and use the clueless as their weapons. Your statement is like blaming the bullet for a murder instead of the killer. Without a functioning mind building these botnets, it wouldn't matter to us how stupid the rest of humanity is.

Re:

[evanbd]

So what? Humanity has shown us repeatedly that such minds exist, and that we know of no way of changing that. Yes, we should absolutely blame the people writing and operating these botnets. But, does that mean we should be giving them as much help as we are? You pose a false dichotomy -- we can most certainly blame the people responsible, while also making it harder for them to do things like this.

This wouldn't be slashdot without a car analogy. You have keys for your car, but clearly they wouldn't b

Re:

[Opportunist]

And now try to get any politician to pass that. I mean, don't get me wrong, where do I sign up for your newsletter and where do I sign your petition, but you won't get that past the masses of computer illiterates that clutter the net.

To be honest, I'd even go a step further: I'd make people liable for the actions of their computer, unless they can somehow show that they had taken reasonable steps to prevent desaster from striking.

I don't require people to go through some IT course, but I want them to at lea

Re:

[bot24]

I'm very concerned that ISPs will attempt to force the user to run antivirus or some other type of software to connect to the network. Besides compatibility and security issues involved in running software controlled by your ISP, some of the antivirus software out there is terrible.

My school requires that you must have some sort of antivirus software installed to connect to the network and provides a virus scanner for us. I was running Windows XP in a virtual machine, so I grabbed the free scanner. It was

Re:Well....

[AndersOSU]

"internet licenses" have been discussed ad nauseum, and fact always arises that any such implementation would simply be elitist and exclusionary.

Basically, an internet license is a bunch of computer guys telling the rest of the world that the internet is an infrastructure made for the geeks, by the geeks, and of the geeks. If you really want to join the club you can take a test so we can determine if you're suitable, but otherwise, you're unfit to participate.

Look, you're not going to kill anyone being a bumbling participant on the internet, they way you might in a car or with a gun. Yes, it is possible that you unwittingly might cause some economic impact to someone, but is that a flaw of the user or the system? I submit a banking system that lets an ignorant user leak his personal information which can then be used to ruin their credit is broken. I further submit that a system that lets a zombie computer join thousands of other computers in a criminal enterprise is broken.

The problem doesn't just exist between the keyboard and chair, but also in the policies, protocols, and systems that allow a new or ignorant user to fail so spectacularly.

We should be striving to increase internet penetration to the young, the old, and the impoverished, not locking out those who can't understand our poorly built toys.

Typical snob response

[jscotta44]

"stupid people"

Because someone does not know much about computers, and specifically computer security, does not make them "stupid". It most often means that they have things they they are skilled to deal with. Because you probably cannot perform open heart surgery does not make you stupid either. It means that you probably know about computers and their security. We all have our areas of expertise and interest and they cannot be everything-there is only so much time and mental capacity.

This type of attitude I find prevalent among people who know a bit about computers. This is one of the reasons that Linux has taken so long to be usable for the masses. Most people do not want to build their own computers and most people don't want to have to learn about computer security. They want the people who specialize in it to make it where it works for them.

Re:

[Creepy Crawler]

Well... That was not supposed to be a joke. Freudian slip. 2 ton missle = car/van

2 tom misle = damn scientologists.

Imagine if you will

[Misanthrope]

Imagine if somebody did this but donated cpu time to distributed computing projects like that one on cancer research. Force philanthropy would be rather strange and still illegal, but at least slightly more noble in a Robin Hood sort of way.

Re:Imagine if you will

[Deltaspectre]

Or if everyone donated their CPU time to botnets!

Re:Imagine if you will

[Misanthrope]

In Soviet Russia botnets donate cpu time to you.

Re:

[the_humeister]

Or better yet, if each node ran a small neural net. with each node connected to many other nodes, the whole system might gain consciousness!

Re:

[4D6963]

Or better yet, if each node ran a small neural net. with each node connected to many other nodes, the whole system might gain consciousness!

Right, because every AI researcher knows "strong AI" is as simple as creating a huge neural network and letting the magic happen ;-)

Re:

[jandrese]

It seems to work just about as well as anything else they've tried.

Re:

[4D6963]

It seems to work just about as well as anything else they've tried.

Yeah, in other words, we're about as close to Strong AI as we've always been. lol.

Re:

[darjen]

What if the owners actually discovered a cure for cancer this way? They could sell it to the highest bidder... hmm new business ideas coming to mind...

Re:

[OGC]

Imagine if somebody did this but instead of donating time to distributed computing projects like that one on cancer research, the distributed computing project was to have the bot spread like a cancer, refuse to be treated like a cancer, and generally plague and cripple the world with problems like a cancer. Oh wait.

Re:

[p0ss]

I am waiting for someone to hire storm to attack echelon.

Software paladins?

[Richard Kirk]

Part of the Storm threat is that it is able to intimidate those who stand up to it, or attempt to combat it. This would suggest that Storm is in turn vulnerable to an attack by an even bigger botnet. It can succeed on poorly protected machines and lurk in the many dark corners of the Internet, like cockroaches. Suppose enough of us willingly subscribed the spare cycles in our machines to serve as a botnet that would fight the others? Could that work?

Can we come up with a working definition of 'good' for such a botnet? I would not subscribe my machine to any government directed search for terrorists, for example (that's probably got me on a no-fly list). However, it should be possible to confine our botnet to the named botnets in the article, and do 'good' in an sense that would be acceptable to most users. If the project veers towards evil, then there must always be a way to unsubscribe.

Then, we want a fancy UI like the SETI screensaver, so we can see how we are doing, and root for our side.

Re:

[Torvaun]

No malaria vaccine is going to work. Malaria is caused by parasites. Getting a vaccine for malaria would be like getting a vaccine for ducks. Only the symptoms can be treated.

spam spam spam spam and more spam

[User 956]

This article provides a peek at the 'new Storm' and reveals the three biggest botnets in the world (including Storm) -- and what makes them tick and what they are after.

From the look of things, it appears that their sole purpose is to send me myspace friend requests from lonely, hot girls that have Tom as their only friend, and have selected me as the lucky person who gets to share in viewing their private, personal website, which has many photos of their naked breasts and vagina. Seriously.

Re:

[hmccabe]

I used to work with a guy who was fooled by those. He would brag about how they were so much hotter than the chicks I knew.

Re:

[dwandy]

which has many photos of their naked breasts and vagina

dwandy has added you as a friend. Please confirm.

this is /.

Note total absence of word "Microsoft"

[Animats]

It's interesting that these articles don't even mention that Microsoft's insistence on running executable content from the browser is at the heart of all these problems.

Comment removed

[account_deleted]

Comment removed based on user account deletion

You know the answer.

[Anonymous Coward]

If you are afraid of Linux, switch to OSX.

We have heard that line saying it's the fault of the novice computer.
I did not believe that 10 years ago. I still don't believe it.

10 years ago, I thought that Microsoft would fix the bugs that created this Anti-Virus business.

I was wrong. Microsoft never saw a business reason to fix those bugs. Instead they increase the "It's not our fault" marketing, and even got into the [Anti]Virus business themselves.

The Windows Virus-prone bugs 10 years ago were:

- Syst

Re:Note total absence of word "Microsoft"

[bit01]

Probably because it's not the heart of all these problems. The heart of all these problems is that a billion security-unaware people operate computers that are connected to the internet.

No, the heart of the problem is that windows, despite what M$ claims, was not be designed for those people and as a result those people make mistakes.

Software is soft, it can be anything we want it to be, and assholes who claim that "software can't do software related things" are lying through their teeth.

If thirty odd years ago windows had been designed responsibly we wouldn't have the mess that we have now. Amongst many other things when connected to the net they deliberately confused static data with executables and deliberately ran all programs as administrator. Things that mainframe OS' and Unix had understood and solved decades before. I can remember the very first time I saw a web page with an executable and thinking "you stupid fucking idiots". The ramifications were obvious right from the start; M$ just chose to ignore them.

The marketing parasites, and their patsies, who to this day continue to claim that windows was not a large part of the problem are lying arseholes. M$ is slowly improving their security but they still have a long, long way to go with a culture that still tries to test for security rather than building for it. And yes, despite what some idiots claim, security and user friendliness are not mutually contradictory. In fact they are more complimentary than contradictory with well built security systems helping users to make good choices for their own safety as well as everybody else's.

---

Flash = blink tag = incompetent web designer.

Re:

[Score Whore]

If thirty odd years ago windows had been designed responsibly we wouldn't have the mess that we have now. Amongst many other things when connected to the net they deliberately confused static data with executables and deliberately ran all programs as administrator.

A) Thirty odd years ago Microsoft was still in the business of selling BASIC interpreters. B) You can't name a single consumer OS that prevents the user from running software that connects to the internet. So why not stop with the moroniness (sort

Re:

[Alpha830RulZ]

It's quite possible to configure Windoze to prevent these infestations. It's a pain in the ass, to be sure, but it can be done. My company works with the large banking corporations, and they all to a one have their machines locked down so that users can't install squat, which prevents this problem fairly well. It's at quite the cost of user convenience, but it can be done. In these same corporations, it's also a pain in the ass to get anything done on the linux machines that we install, because the same

MOD PARENT UP

[mcrbids]

God, I wish I had mod points. I did, a day or so ago.

Kudos!

Anybody who thinks that the O/S has nothing to do with it might also think that:

1) all forms of transportation are equally safe. (EG: a motorcycle is just as safe as a passenger sedan - it isn't)

2) all forms of birth control are equally effective. (EG: A condom is just as effective as sterilization - it isn't)

3) all forms of shopping are equally inexpensive. (EG: socks at Wal-Mart cost about as much as socks at Nordstroms - they don't)

For some reaso

Re:Note total absence of word "Microsoft"

[fred fleenblat]

Maybe solve isn't the right word, but switching everyone to linux (for example) would cut the infection rate to zero for about a year, until the bad guys adapted. After that it would still be way, way lower, mostly because of the better management of admin privileges.

OLPC is potentially quite secure against naive user problems. There are plans for about a billion of these, so you'll have your answer pretty soon.

Re:

[thestuckmud]

Sorry but cracked linux boxes [slashdot.org] are already part of some botnets. Switching to something other than Windows would surely help, but wouldn't solve all our botnet problems.

Re:

[SoopahMan]

A 1 year break then back to the same is a pretty bad argument for making everyone learn a new OS.

I've always wondered if this is exactly what would happen if people managed to switch to Linux beyond say, 50% even. The eye-rolling RTFM attitude the Linux community is sometimes known for could actually be worse than the overall situation with Windows - because now you have novice users buying a Linux PC at Walmart that are not only unpatched, but there's no auto-update running on their OS, no Windows Defender

Re:

[gmuslera]

Lets say im not totally suicidal opening every mail attachment that comes. Lets say that im not a security expert, and use the browser that im practically forced to use in windows from day 0, even if i hear somewhere that there are other browsers in the market. Well, thats it, following a link (that come by mail, from a search result, in an online game/chat), a mistype in an URL, whatever, and the internet explorer by itself, could take care of downloading and installing a trojan, no confirmation required,

Re:

[budgenator]

Do you honestly think everyone switching to a different OS would solve the problem? now that would be pretty silly; better to have several different well secured OSes and letting people choose between them, have each computer having it's own different OS would stop the malware, but it would also limit desired software

No

[bgspence]

The heart of all these problems is that the top thousand security-aware people haven't a clue on how to create systems that can support a billion security-unaware people operating computers that are connected to the internet.

These users didn't design these systems. Security unaware users shouldn't be able to screw up the system.

The self styled 'experts' need to get their act together and figure out how to secure the systems users are using. And, no that doesn't mean switching systems.

I'll watch their progr

Re:

[Kadin2048]

Do you honestly think everyone switching to a different OS would solve the problem?

Well, not if the other OS was as braindead as Windows, but that'd be tough to pull off... :)

But more seriously, the biggest security improvement we could make today would probably be to eliminate executable code from web content. Full stop. Or if not that, then at least kill ActiveX and JavaScript, and only use schemes that run in secure sandboxes...although even they have their problems, and you always have to worry about ja

Re:

[Cozminsky]

Depends on the OS really. But you're right if you mean any commercially available OS today. Singularity [microsoft.com] might solve a few problems if it was adopted. There are also some promising techniques being proposed by the people responsible for E [erights.org].

Re:

[dedazo]

The only thing standing between Linux and a botnet is a simple chmod +x.

In fact, given enough user apathy, they can all coexist [slashdot.org] quite happily.

Other than that, you have nothing but your psychotic hatred and infantile "M$ Windoze Microtard" insults, as usual.

Re:

[14erCleaner]

Apple and Sun are a very small % of the computer using population, and not a good dataset do they make.

There are millions of Macs out there, and growing. But they're harder to compromise by design. The elusive "Mac virus threat" remains largely a marketing device for Symantec.

Re:

[Score Whore]

There are millions of Macs out there, and growing. But they're harder to compromise by design. The elusive "Mac virus threat" remains largely a marketing device for Symantec.

Not really. There is absolutely nothing on a current MacOS X system that prevents users from running shit they download from the net. And now you're going to go "But... but..." thinking that somehow they're magically protected cause they don't run as administrator. Of course the second anyone wants to do anything, they just create a sit

Re:Yes, free software would fix the problem.

[Opportunist]

Not really. There is a very simple reason why botnets are dominated (to pretty much 100%) by MS systems. Numbers. Most machines in home user hands simply are running on some kind of MS OS.

Yes, Linux and MacOS are more secure. It's harder to slip something into the system, at best you can run with user privileges, yes, yes.

Unless you trick the user. And that's pretty much the main infection vector today. About 95% of malware comes in the form of infected spam mails, only 5% of infections rely on system insecurities, buffer overflows or other system related security holes.

And when you can trick the user into executing something, it's trivial to trick him also into giving the malware elevated privileges, provided you promise him something. Send someone a "tool" that promises 20% more speed or ram, but since it has to hook deeply into the system, it will require root privileges.

Yes, you won't fall for it. But the average clueless user? After all, this thingamajig is gonna do something with your system to make it run faster, so it's kinda logic that it will need system privs.

No system is secure from malware. Security is by definition the minimum of a system's security capabilities and its adminstrator's security capability. BOTH need to be secure to create a secure system.

Linux/MacOS are just as insecure

[TheLink]

Anyway, too many people don't get it. Linux and MacOS are about as secure as windows = not very. In the default installation of Linux, MacOS, Windows, if something gets in via the browser it has full user privileges - can read your email, can make network connections, can listen in on your microphone if you have one etc.

I think we need something like this:

https://bugs.launchpad.net/ubuntu/+bug/156693

BTW Linux and MacOS both have perl installed by default. Would be interesting to see how the "antivirus" soft

Re:

[Opportunist]

Such things already exist, doesn't even require perl. A manipulated iframe was the weapon of choice until about half a year ago, but that's so 2007 by now.

Eventually, something "unusual" has to be done, though. No matter how normal the commands you intend to use are. Either the perculiar combination is flagged suspicious, or something done with the content downloaded is going to be flagged. If everything fails, usually the executable you want to drop onto the system that way will be detected.

Re:

[Kadin2048]

Agreed. I think the long-term solution is to design OSes so that each application can only write to a limited subset of the filesystem; either each app is kept in some sort of individual sandbox, or maybe it can only write to files it creates, or files of a certain type that are associated with it, or some similar scheme. You could probably fudge something like this into a current OS with enough chroots/jails/runases and ACLs, but I think it's the sort of thing that's going to require a ground-up rewrite f

Re:Yes, free software would fix the problem.

[Opportunist]

I made that suggestion, but for some odd reason shooting morons launching executables named "invoice.pdf.exe" is considered illegal in my country.

Yeah, we got silly laws here.

Re:Yes, free software would fix the problem.

[thogard]

But most sun machines are on very big pipes compared to most windows boxes. The same is true of Mac as the people who own them tend to be well off enough to have decent broadband.

Also a bot net of suns is worth far more per machine than windows machines. The numbers I've heard are a sun box on a big connection is worth at least $100 vs about $.1 for a windows box. And there are Solaris 10 botnets out there (thanks telnetd)

Re:

[loconet]

Is that still the case with IE7 and Vista (or event XP SP2)? I'm genuinely curious, I stopped using Windows a long time ago.

Re:Note total absence of word "Microsoft"

[Shados]

In Protected Mode, IE7 on Vista is genuinly sandboxed, and throws a fit if you so much as do a right click View Source (which would run an executable: notepad by default). If the browser was actually standard compliant (sometimes by the time Duke Nuken Forever and Spore comes out I guess), it would be an excellent all around browser.

Other stuff, like running an executable sent to you by MSN is so freagin hard it puzzles even me sometimes (I beleive by default you have to change something in the registery, or it simply will flag em and you'll never be able to so much as extract exes from a zip file). Thats probably pushing it too far, but point is, if you don't have the admin password, its relatively difficult to do something retarded aside to hit your own account (which is possible in any OS really, and even then, you get quite a few warnings).

Something of interest, though not really related: Once I installed some game (I forget which) that tried to install a copy protection crap, and Vista actually asked me if I wanted to install it separately from the game itself (I got 2 pop ups). Said no, and it happened that this particular game would run without the copy protection...so I was able to tell it to shoo off (while my friend on XP hosed his install because of it...a patch came out the week later to fix the issue, but I never had the problem in the first place). MS is learning. Slowly.

Re:

[644bd346996]

IE has to open an external program just to show you the html source!? You'd think they could include some kind of mechanism to display text...

Re:

[Shados]

Off topic, but if you need a quick way of getting round that pesky MSN blocking exe's and zips thing, i find renaming it to say 'inoccuousfile.jpg' then sending it and renaming at the other end, seems to work a treat....

Ya. Its what I do, but still awkward because we always forget, and have to send files twice everytime :)

Re:

[bigstrat2003]

Do you seriously believe what you said? You know that it's not in the least true, right?

Re:Microsoft isn't the only irresponsible company

[GaryOlson]

Microsoft is not the only culprit. I have a Netgear FVS124G (with the latest firmware) which has been compromised: 3 sets of packets were sent on port 80 to the router and after the last set of packets "Access rule 257 added" was logged. Access rule 257 did not show in the interface. Then the router started sending botnet check-in packets on IRC ports to various IP addresses. And, the router log showed the malware was sending traffic using every MAC address in the route table as a "compromised PC" -- even the laptop which was disconnected from my network.

Yes, the router was still emailing me every log of all network traffic -- my traffic and the malware traffic also. Seems the malware author does not think my ability to log their traffic was significant.

Netgear was very helpful. Tier1 tech support said securing the router was my responsibility. Asshats!

Re:

[John Hasler]

> Netgear was very helpful. Tier1 tech support said securing the router was my
> responsibility.

Easily done. Place the router in a trashcan and secure the lid. Then scrounge up an old pc or laptop and put a Linux router on it.

Re:

[GaryOlson]

Absolutely....did that immediately. I keep the Netgear router on the shelf as a reminder of why the extra effort of the Linux router is necessary.

PS actually your reply is Redundant; but a good reminder for all. Keep up the good work ;)

Re:Microsoft isn't the only irresponsible company

[Torvaun]

DD-WRT. Problem solved.

Re:

[Plutonite]

Serious hack. I did a quick run on your router and there does not seem to be a documented hole ATM. Also, if the rules don't show up on your interface then either:

1) Netgear ppl were complete morons and the GUI is not directly linked to the filesystem records/small database/whatever
or
2) Hacker is good enough to alter this part of the router's code as well, meaning he flashed the firmware remotely.

I wonder how many people have been hit with this without knowing. It is one thing to monitor your PC's activity,

Re:

[ianare]

Maybe because in Bobax's case at least, it's a buffer overflow. No mention of an M$ fix though.
FTFA:

It spreads via a buffer overflow vulnerability in Windows, and inserts the spam code into the IE browser so that each time the browser runs, the virus is activated.

Re:

[Alpha830RulZ]

If you RTFA and check the references, you'll see that Firefox and Opera are now being exploited as well.

Re:

[The Master Control P]

The problem is stupid users who know that if they break the magic machine, you (the geek) will fix it for them. As long as the opportunity cost of being an idiot is wasting someone else's time, they'll keep wasting it. If the entire technical community resolutely declared "No, I will not fix your computer. If you want it to work, learn to fix it yourself," and stuck to it, the spam and botnet problem would simply disappear because the cost of being the kind of idiot that enables malware would be their own t

security through obscurity

[Anonymous Coward]

Well thankfully I run Windows, which is inherently more secure than your "open source" systems. These botnet creators can look right inside your operating systems and see the vulnerabilities, whereas with Windows...

Re:

[Brian Gordon]

Whoa whoa whoa, listen to what Symantec has to say on the issue. From TFA:

According to Symantec, Bobax bores open a back door and downloads files onto the infected machine, and lowers its security settings.

It can actually bore a hole through your Windows- without shattering them!

The lack of mention of business security here...

[downix]

All of these articles on botnets such as Storm always mention home system vulnerability...

Well, let me point out for a second how while dangerous for a single home system to be infected, it is a world worse when a business system becomes infected.

Within hours, typically that botnet has replicated to all of the machines on the internal network. Worse, now that botnet has access to your critical database information, consisting of customer records. Often times, the brains behind these botnets can better datamine than your business can, finding interconnections with your customers to better flood them with spam, or worse.

At my job, one of our machines was hit with the Storm. We isolated it within minutes, but even then it still wa a close call. If I hadn't been doing a routine portscan at just the right moment, we'd have never spotted it.

After that, the boss authorized me to begin a slow migration to Linux.

Re:The lack of mention of business security here..

[sowth]

This is why I don't like companies to keep my credit card number on file. Yeah, it is convenient when you don't have to type it into a web form all the time, but any security breach, and some bastard can run up charges on your card. Not a risk I like to take.

Windows based Super Computers

[flyingfsck]

So the world's largest networked super computer runs Windows. It is sad really, all these hundreds of millions of computers on the planet - half of them sending spam for the other half to filter out. One would think that there should be something slightly more useful for them to do.

Skynet?

[Archangel Michael]

Who knew that Skynet was WINDOWS BASED? That explains a lot!

And for the rest of us..

[mr_stinky_britches]

For the rest of us who aren't botnet savvy and already familiar with 'Storm', here is a a link to get started: http://en.wikipedia.org/wiki/Storm_Worm [wikipedia.org]. WTFBBQ, YMMV.

-
I <3 Cisco Clean Access [wi-fizzle.com]

Re:

[Chapter80]

For the rest of us who aren't botnet savvy and already familiar with 'Storm', here is a a link to get started:
http://en.wikipedia.org/wiki/Storm_Worm

Ah, the old innocent looking URL trick. Like I'm going to fall for that!

The World's Biggest Brothels

[nexuspal]

That's what I thought the name of the article was, I was like, cool! Then I was let down :-(.

Re:

[bigstrat2003]

Ha! So I'm not the only one!

Windows is winning

[definate]

You see this is exactly why Windows is winning. Linux is still yet to provide a credible botnet to face off against the Windows botnet. There's just no comparison, Windows wins every time!

All those cycles...

[Datamonstar]

... just to make your penis bigger.

I like big...

[doyoulikeworms]

Botnets and I cannot lie... :)

Curious Yellow whitepaper.

[DMUTPeregrine]

This is all converging towards the worm described in the Curious Yellow [blanu.net] whitepaper from back in 2004. I'm frankly surprised it took this long.

Age discrimination and I object!

[SL Baur]

From TFA:

They have young, talented programmers apparently.

If you want me to put it harshly ... "young" programmers and "young" technical managers at Microsoft who signed off on ActiveX et al, are totally at blame for the problem. We, the more elderly of the communty who programmed the internet in the first place, discarded executable content over the wire. Unshar was written for a reason!

The sophistication of this Storm "application" is much more indicative of a mature elder programmer, who probably has read the complete cypherpunks archives. We talked about stuff like this long ago. Compare to things like the Morris worm, the two Manila children, etc. Those were intense, but brief due to coding errors and the like.

Bah. No, these people are not children and they do know what they're doing.

Start planning for Linux and Mac variants

[bl8n8r]

It's really nice to be a linux user for over a decade and sit back and say "ha ha". I don't believe Microsoft is capable of combating, or willing to combat, the problem. At the bottom of this issue however, is the fact that many users are clicktards. Infecting a linux or mac system is as easy as tricking a user into clicking something, or even simulating the pop-up password dialog box for a sudo event. Let's start with Fedora for instance. The ssh service, by default, allows root logins. How many users would enter their root password into a javascript popup that is titled "New updates for your Fedora system are available. Enter your root password to download and apply these updates"? I'm not picking on Fedora, it's a great distro. I certainly don't agree with PermitRootLogin yes as a default in sshd_config. Regardless of firewall settings, it's foolish. Alternative systems should be taking a cue from the shortcomings of Windows and doing what they can to minimize their own strike zone.

Re:Have you heard about the world's smallest botne

[Archangel Michael]

I have, and now I have to get a shot. Thanks!

Re:Relevant?

[Opportunist]

Keep up the smack talk and I'll rent part of the botnet to DDoS you, just for kicks. Hey, it's not like renting a few 1000 boxes for a few days was expensive!

That's how it affects you. Well, unless you can be blackmailed along the lines of "pay me X bucks or you go offline for Y days, let's see if your biz survives", it probably won't affect you, directly at least.

How about your employer? What would happen if his internet presence, his mailserver, his means to communicate online were rendered useless for a month? Would the company survive?

Re:

[bigstrat2003]

And then the idiots who run every executable handed to them will migrate to other OSes, and you will find that the problem is not solved any more. While securing your software is of course important, it's worth remembering that a smart Windows user still has a more secure machine than a dumb (any other OS) user.