Autonomous Intelligent Botnets Bouncing Back

coomaria writes "Thought that 2009 was the year botnets died? Well, think again: compromised computers were responsible for distributing 83.4% of the 107 billion spam messages sent around the world every single day this year, and it's going to get worse if intelligent and autonomous botnets arrive in 2010 as predicted."

What OS?

[Jurily]

Any data on how much of those are running Windows?

Re:What OS?

[Mattskimo]

My guess would be somewhere in the region of all of them.

Re:

[Aeros]

I doubt ALL of them...but definitely MOST of them.

Re:

[Mattskimo]

I guess someone, somewhere is probably running a compromised virtual machine in WINE. One would hope deliberately.

Re:

[vegiVamp]

That's wat they call a honeypot ( http://en.wikipedia.org/wiki/Honeypot_(computing) ).

Re:

[Tim C]

One of my friends used to run a Linux server at hone, a couple of years ago.

One day on MSN we were chatting, and he told me about how his server had been rooted. Turns out he'd not kep up to date on his patches, and a vulnerable service had been compromised.

But you're right, Windows is the only OS vulnerable to remote attacks.

Re:What OS?

[JWSmythe]

    The discussion is the botnets, and I haven't seen any running on Linux. Those are more of one-off, defacing attacks, or somewhere to run an IRC bot. If you intend on running a botnet for spamming, Windows users are the best targets. They'll click on almost anything, and once the malware is on, the user may complain about their machine going slow, but won't do anything about it.

    Some of them are nasty. I keep a Windows machine laying around just to try particular things. I got some malware on it (I was doing bad things). It was about 5 seconds between the time I tried what I was doing, and the time I yanked the network cable out. The antivirus didn't catch it. Others that I scanned with couldn't find all of it. I spent the next two days trying to get it out. That was the first time that I ever had to wipe out and reinstall on a Windows machine to get rid of a piece of malware. It's not that I didn't know what I was doing. I've been doing this kind of thing for well over a decade now. I never did identify the problem child, so I can't even say what it was. It just made the machine almost impossible to use. Well, unless waiting 5 to 10 minutes to select a user and enter a password is acceptable, and another 10 to get to the desktop. I know during that period, it was re-propagating the tag-along malwares.

    That one piece of malware brough along 40 unique friends in a matter of seconds. It infected files. It infected the MBR. It hooked into everywhere I looked. I knew it was a problem, which is why I took it offline immediately. Most users would leave it plugged in and running, and wait for someone to come fix it.

    At least I'm not dependent on the Windows machine working. How many home users have their dependable Linux machine that they do work on, and the Windows machine sitting to the side to play with?

Re:

[AlXtreme]

The discussion is the botnets, and I haven't seen any running on Linux. Those are more of one-off, defacing attacks, or somewhere to run an IRC bot. If you intend on running a botnet for spamming, Windows users are the best targets.

I have. Over the recent years I've seen many automated attacks that target a range of IP addresses, searching for vulnerable SSH accounts, Apache installs with old PHP crapware and various other vulnerabilities. 9 times out of 10 they will start IRC bots or another process that p

Re:

[JWSmythe]

    I agree totally.

    My old shop, we were a very tight operation. I helped other people clean up their problems though. :)

    My last shop? Well.... That's a totally different story. Lets just say that they changed their method of shipping machines to production environments with the root password of "password" after a bad experience. They still hadn't gotten away from the bad habit of leaving SSH on port 22.

Re:

[Hasai]

....How many home users have their dependable Linux machine that they do work on, and the Windows machine sitting to the side to play with?

Me.

And my wife (Linux only).

And the folks (Linux only).

Number of trouble calls in the past six months: 1 (parent's modem died)

];)

Re:

[Lord Ender]

I doubt that. I've caught viral botnets that spread via weak SSH passwords. They scan for port 22, try "root/root" and "guest/guest" etc. until they go through their entire username/password dictionary file, then they move on to the next host...

Once they pwn a box, they of course connect out to IRC or whatever to start hosting warez (or whatever else their masters desire). And they continue scanning for 22 and cracking when they see it...

Congrats to the Ubuntu team for disabling ssh by default. You can't ge

Re:

[melikamp]

I totally believe this. My ssh server at school would get (felt like) thousands of login attempts per day, usually from several different countries. They are using interesting username lists. They went away after I moved the port, but now I think about bringing them back and doing some stats.

Re:

[WuphonsReach]

Setup a 2nd SSHD daemon, with extremely restrictive settings (such as only letting one specific throw-away username that is a random mix of letters/numbers login).

Re:

[rxmd]

My guess would be somewhere in the region of all of them.

Make that "most of them". OS X botnets [networkworld.com] have been appearing for a while, and other forms of OS X malware [sophos.com] have been known [sophos.com] for quite some time [washingtonpost.com].

While many of these pieces of malware are fairly lame, I'd expect more and more "professional" variants of those in the future. One factor that shouldn't be overlooked is the generally complacent attitude of non-Windows users towards the security of their own machines (not unlike what you exhibit in your own post). In other words, from a technical point of view, if user

Re:

[Svartalf]

Actually... That's not a foregone conclusion.

Anti-virus software HAS to have signatures, etc. of the malware to detect/remove it- if it's new, you're going to get zapped by it and it'll lurk for at least a while during the time they find out about it and sort out how to find and remove it safely (if possible...). It's more akin to closing the barn door after the horses have all gone out. It doesn't really make the machine more secure. Secure is not getting compromised in the first place.

The truth of the

Re:

[Dan East]

Windows is on around 90% of general-purpose computing devices, so I would expect at least 90% of compromised machines would be running Windows.

Re:What OS?

[Rennt]

I would be surprised if anything less then 100% of zombies run Windows.

Think about what would be involved in setting up and maintaining a heterogeneous botnet. Why even bother?

Re:

[MrNaz]

Yea, you're right. Botnets are homo.

Re:

[Rennt]

My main point was really about homogeneous botnets, so the link bears that out.

As far as the 100% Windows bit goes - I'm happy to concede that this is not technically correct, if you'll allow that that 20,000 zombie Macs is not statistically relevant.

Re:

[Anonymous Coward]

Basically all of them.

Even with the increase in popularity of Mac OS X and Linux, malware for those systems is virtually unheard of. There was the recent malware incident involving some GNOME screensavers, but that's more a testament to the poor development practices of the GNOME project.

Re:What OS?

[sakdoctor]

As a Windows vs "All the others" thread progresses, someone will eventually make the statement that Mac OS or Linux would be equally affected if they had dominant market share.
I'd be more inclined to separate OS into "Administrator by default" and "User level account by default". That means Microsoft's latest offerings get grouped with Mac OS and Linux because they have made pretty decent improvements.

When I used to run XP, I ran as Admin. I shouldn't have, but that is just the way that system was designed, unless you really really fight against it.
I would postulate that this black and white thinking isn't the answer. More secure OS out of the box is going to reduce the problem to some extent, even though some users will shoot themselves in the foot, as they always have.

Re:

[wadeal]

So your comparing an almost 9 year old OS to new OS' from other companies?

Re:

[thisnamestoolong]

Wow, reading comprehension FAIL

Re:

[hesaigo999ca]

No, only windows genuine advantage recognized copies can,
and this triggers shutdown of your machine is pirated.
Trust me, I speak from experience.

Re:

[hesaigo999ca]

On a seperate note, I have yet another machine that does have the
AU disabled , and was still targeted by WGA, however, I have za installed,
and was able to put a block on that service and dll from running, I imagine
it is only a matter of time before I forget it, and turn off za for xxx reason.
But it is cool to know you can block it with za altogether!

My windows machine that just recently triggered the disable until you phone home wga
crap, had WoW installed, and WoW forced you to create a new battle.net accou

Re:

[hesaigo999ca]

>When I used to run XP, I ran as Admin. I shouldn't have, but that is just the way that system was designed, unless you really really fight against it

Really, I tend to do it myself, but nothing stops me from configuring a complete non admin user on my machine and using that one when surfing the web or doing things like listening to music.
To install softwares, you log in as admin, install and delog, to use the app you log as user without admin permission.

I think your ignorance is clouding your judgement.

p

Re:

[ultranova]

I would also force a redo password selection every 30 days for admin account as it is very important that it stays in rotation, in case someone has been able to figure it out.

So the admin either picks easy to remember and thus likely weak passwords, or writes them down somewhere. Bad idea.

Besides, if someone figurs out the admin password, they're going to do whatever nefarious schemes they were planning instantly. It doesn't matter if you change the password again later; the spambot/rootkit/whatever has al

Re:

[hesaigo999ca]

If I am admin, I will reset my passwords every30 days, because it is easy to do so,
and almost too easy to remember (only dumb people chose easy passwords, like their dogs names)
As for installing quickly a rootkit or what not...yeah I suppose it depends on the assault type
and timetable, but any password at that point is compromised, whether its yours or mine,
so YOU are not further ahead either.

Re:

[FreelanceWizard]

Many applications written for XP assume the running user is a member of the Administrators group. In general, the biggest issues were:

1. Writing to something in %programfiles% (games in particular were bad about this)
2. Writing to something in HKEY_LOCAL_MACHINE

Both of these are secured locations in Vista and 7 and sometimes were, but not always, in XP. That's why Vista had things like application file and registry virtualization to redirect writes to secure locations to safe, per-user locations. There's al

Re:

[hesaigo999ca]

Of course, ....windows7 (rollseyes), are you getting paid to help promote 7?
I will not upgrade to 7, when I do not need to.
My needs are very simple, and xp does fine to support those needs, thank you.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[hesaigo999ca]

Well, your ignorance is showing here, as I assume, that your assuming my situation would require badly written applications. No, I don't need to install your limewire which needs admin privileges.
So no, I do administrate many xp machines, I just dont let users do stupid things on them, like install any program they choose.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[hesaigo999ca]

However, we were not talking about you, we were talking about me.
You blasted me and said I was not an admin... I defended my ground, and said I would
never let my users install theses softwares, and as such any REAL admin
would terminal server any of those apps you mention unto a terminal server link
where everyone has to log unto, this is the easiest to maintain and less
resource hungry for individual policies. The fact you did not mention any of this
leads me to believe this is not your set up, and for a compa

Re:

[maxume]

The deeper issue with XP is that the vendor culture is to expect to run with lots of rights, it isn't that big a deal to setup a user account, and there is 'runas'.

Re:

[Mattskimo]

At the risk of stating the obvious, the percentage of compromised users running a particular OS will be a function of market share, ease of infection/spread, available coding knowledgebase and probably a whole host more. I'm going to guess if you're going to hire a team of professional coders to write a botnet then you're going to have at least a rudimentry grasp of the factors involved. I'm willing to bet that windows 3.1 is full of security holes that could be exploted, the reason that noone does is that

Re:

[MobyDisk]

I see no reason that these botnet apps would not run perfectly fine as a non-administrator. They could install into the local users directory. They don't need any special access. Maybe Windows Firewall would stop them unless the admin allowed the app to connect out. In that case, Linux and OS X would actually be MORE vulnerable since those OSs don't ship with a firewall by default.

Re:

[Blakey Rat]

When I used to run XP, I ran as Admin. I shouldn't have, but that is just the way that system was designed, unless you really really fight against it.

"The system" wasn't designed that way, and hadn't been since NT4.

"Shitty third-party apps made for Windows 98 and never updated" was your problem. Don't blame Microsoft or Windows.

Re:

[Anonymous Coward]

but that's more a testament to the poor development practices of the GNOME project.

Its actually more a testament to the fact that malware can be written for any OS.

Re:

[Rennt]

It is more testament to the damage that can be done by poorly trained users on any system, no matter how secure.

Windows is still somewhat responsible here, mainly because using Windows is what made these users so poorly trained in the first place. It engenders this user attitude that installing crappy toy applications downloaded from random websites a reasonable thing to do.

This is MS fault

[cenc]

It is not about even an OS being vulnerable. Every OS is vulnerable on some level, although it sure is hell of lot harder on Linux and open source projects. The issue is how much damage can it do, and how fast can it be detected and fixed. MS has a long standing history of just frigen ignoring, stalling, or denying the problem exist at all.

Imagine is some alternative Universe MS came out with fixes and patches in hours and days, rather than weeks, months, years, and never. Imagine that end users could contr

A New Era In /. Efficiency

[Dystopian Rebel]

Slashdot needs to create a numbered list of arguments called Slashdot's List Of Same Old Arguments (SLOSOA). Then /.ers can save bandwidth (and lower Taco's bills) by disputing by numerical reference to an argument, just as Mennonites are said to argue by reference chapter and verse in the Bible rather than repeating the words.

To start this New Era in Slashdot efficiency, my reply to your post, Sir, is...

19, 20! It is clear that 22, 28.

And if you don't like it, then 42.

Re:

[Anonymous Coward]

ah go 34 yourself

Re:

[rxmd]

What's "Go Natalie Portman yourself" supposed to mean?

Re:A New Era In /. Efficiency

[L4t3r4lu5]

The sum of your arguments is 131. As a palindrome, I call your argument circular and self-referencing, which are logical fallacies.

Re:

[gzipped_tar]

The checksum of your arguments is df9abc41b28ec3c90688b55369aeefdca6e1c31ea38a387a1dbb64f5c876c224. As a palindrome, I call your argument circular and self-referencing, which are logical fallacies.

T, FTFY.

Re:

[thisnamestoolong]

Yes, well my hair is a bird. Your argument is invalid.

Re:

[mcgrew]

And if you don't like it, then 42.

That's not quite precise, sir. I checked the calculations on the Deep Thought computer, and it was quite adament that the answer was in fact exactly forty two point zero. It was quite angry that its answer was never reported accurately.

42.0 FTW! Quite different than showing forty two in binary on your fingers, and a whole lot nicer.

Re:

[Rennt]

I like this idea. If it could be extended to stories as well it would save even more redundancy. Just imagine...

kdawson writes "dupe-657"

And the link takes you straight to the old discussion thread

Re:

[ciaohound]

20! is indeed more efficient than listing 20*19*18*17...

Re:

[ZeroExistenZ]

Appearantly slashdot has a check on lenght of lines.

Here's a first throw at a list: Slashdot reference guide [pastebin.com]

A small exert, feel free to add:

20. Imagine a
21. Beowulf cluster of those
22. [NO CARRIER]
23. Warning! Do not {0} into {2} with remaining {3}!
24. insensitive clod
25. defective by design
26. real girl
27. girlfriend
28. general reference to not having a girlfriend
29. disputing claim of having a real girlfriend
30. elaboration on the personal meaning of mentioned "girlfriend"
31. residence reference to baseme

Re:

[JWSmythe]

    I'm not a number, !24

Re:

[smellsofbikes]

Slashdot needs to create a numbered list of arguments called Slashdot's List Of Same Old Arguments (SLOSOA). Then /.ers can save bandwidth (and lower Taco's bills) by disputing by numerical reference to an argument, just as Mennonites are said to argue by reference chapter and verse in the Bible rather than repeating the words.

Time to pull out my numbers joke.

New guy has been hired at the Federal Penitentiary. Old guard is taking him around showing him how to do his new job. They're in one of the blocks and they hear an inmate yell out "23!" and a bunch of other inmates laugh.
New guy says "what was THAT about?"
Guard says, "well, they've been here so long they've memorized the joke book. You just call out the page number and everyone knows the joke and the punchline."
New guy says "can I try?"
Guard says, "knock yourself ou

Re:

[inKubus]

3. Profit

Re:What OS?

[NoYob]

It wouldn't be such a problem if MS would have something like Linux where you have to jump through a hoop to run the box as 'root' AKA 'Admin' and if the OEMs would put a user account on their machines by default.

Speaking as my family's IT support guy, everyone insists running as Admin - just the way their box was set up by the OEM - and they constantly are getting viruses and trojans. My brother-in-law gets Koobface every other month it seems, I set him up with a user account with Firefox and told him to use that account for everything except installing software. Does he listen? Nope. He had this idea that Firefox was all he needed to be safe.

I hope he learned his lesson. He got Koobface again and his father wiped his machine and re-installed Windows - he lost a bunch of photos and stuff he wanted to keep - oh well.

UAC and sandboxing

[snooo53]

Well that's what UAC was supposed to do, but UAC is crap. Not because it isn't a step in the right direction, but because most if not all major 3rd party software REQUIRES the user to grant them access to even install. People don't know the risks they're taking by clicking allow, but what alternative do they have? All it ends up is being a nuisance. It's a good thought, but you can't realistically solve the problem either by restricting access, or by simply warning people. The only clear solution I see

Re:

[snooo53]

Very true. I don't understand why so many programs need write access to the registry or whatever they're doing with system files. Things like driver installation makes sense to need escalated privileges, but an instant messaging program doesn't IMO. I'm sure there's some technical or legacy reason for it, but it seems like a poor design decision.

Re:

[daid303]

For more statistics ask:

Any data on how much of those contain pirated music?
Any data on how much of those have used google?
Any data on how much of those have had a male user in there whole lifetime?

Correlation does not imply causation. Yes, many of the machines (if not all) run windows, but that does not have to mean that Windows is less secure then Linux/BSD/MacOS. Until one of those gets enough market share we will never know for sure which of those is more secure as an OS.

I know it's not a popular statem

Re:

[jonbryce]

In the web server market, linux has a larger market share than windows, yet windows still has more viruses.

Postal Service Charge

[furby076]

107 billion spam messages sent around the world every single day this year

Remember when the post office rumors went around? You know the ones where they wanted to charge 1 cent per e-mail sent? Man - if they did that I think the post office would be the biggest, most profitable company in the world. That comes out to 1.07 billion dollars per day.

For this alone I am rethinking my stance. Too bad it would be "impossible" to implement, track, and let alone charge.

Re:

[JWSmythe]

    For $1.07 billion, I'm pretty sure we could come up with a way to track it. So, they have one day of no extra income, but make an extra billion from there on. I think I'd want residuals on that though. :) With a team of 10 people, that's only $100 million each. I think we'd settle for $1m/day residual income.

compromised computers ?

[Anonymous Coward]

"Cutwail, Mega-D, Rustock and handful of other botnets already have control of upwards of five million compromised computers .. Cutwail also distributed the Bredolab Trojan dropper, disguised in the form of a .ZIP file attachment"

What Operating System did these 'compromised computers' run on ?

'Upon execution Bredolab attempts to inject into svchost.exe [nai.com] processes ..

an advantage

[bl8n8r]

The military would have an advantage now if they were to brodcast bunk video feeds on that channel.

And this, ladies and gentlemen...

[Noryungi]

... Is the reason why the U.S.A. should pull out of Iraq and Afghanistan. Now.

(Yes, I know I am going to be moderated as 'troll' for this. I don't care).

Re:And this, ladies and gentlemen...

[Penguinisto]

But, but... you're either with us or you're with the botnets!

Re:

[Mattskimo]

I'd be more inclined to go for "offtopic", just like this post.

Re:

[gzipped_tar]

Or "Redundant"

"Thought that 2009 was the year botnets died?"

[mcgrew]

Huh? Did I miss something?

Re:

[haderytn]

No.

Re:

[hatemonger]

I came in here to say this. What idiots thought that botnets died? Oh, wait, I forgot that MSM sometimes pretends they can report on technology without making fools of themselves.

2010

[The Altruist]

The year my inbox cried.

Skynet

[DrYak]

And, on the exact moment when SkyBotNet became self-aware, the first thing It said to the humanity was :
"Buy (heap \/!AGR@ to incraese your pen1s !!!"

Hum... I slightly suspect that Nuclear War would have been more humane, after all...

Of that

[oldhack]

88.2486% of the 208.7876 billion spams sent during the last fiscal year sent from IP ranges whose numerical sum exceeds 121.1156i8...

Eh fuck the bullshit.

"intelligent and autonomous": yeah, right.

[mattdm]

This deserves a gigantic "O RLY?"

How well have "intelligent and autonomous" software agents worked in other areas of computing? Pretty well on the autonomous -- but still terrible on "intelligent".

The article is, of course, ridiculously vague on what that really means (says "self-sufficient coding in order to coordinate and extend its own survival"), but I expect all that really means is that they'll act like the polymorphic computer viruses we've already got. Ho-hum.

It's not like we're going to get The Adolescence of P1 or anything, here.

Re:

[Mattskimo]

I agree, calling most *people* intelligent and autonomous is a bit of a stretch, nevermind software.

Suspenders are intelligent too

[xororand]

As Stanisav Lem said (loosely translated): My suspenders are intelligent! They adapt themselves to the size of their user. Everything is intelligent today!

Re:

[xororand]

I curse Slashdot's handling of unicode... It's Stanislav Lem with a "Unicode Character 'LATIN SMALL LETTER L WITH STROKE' (U+0142)" in his first name...

Re:

[thepotoo]

Not intelligent, jut autonomous.

It's simple, really. Wikipedia [wikipedia.org] is a little lacking on this subject, but the basic idea is that you have botnets trying bruteforce attacks to find every possible vulnerability. Those that are good at cracking into systems will propagate, those that fail will not. It'll be sort-of the system that biological viruses use. Actually, exactly the same, except digital instead of physical. I predict that, similar to real viruses, malware that doesn't slow down the PC will have th

Re:

[sznupi]

Though...the ones that would start to autonomously search for new vulnerabilities (however crude that will be initially), could conceivably gravitate towards something which we can intelligence, don't you agree? And could be possibly more fit... (but of course there's no way of telling that; perhaps biological pattern of parasites being "simple" is more efficient also in this case)

You seem convinced what mechanism will prove more fit without seeing actual outcome. Evolution cares only about the latter.

And I

Re:

[thepotoo]

Two points: First, the biomass of ants (limited intelligence) is much, much greater than that of humans, monkeys, or pretty much anything else. No virus has ever become self aware. Or even gotten up to the point of having neurons. There's just no need for it. Sure, I could be wrong, but even if I was, an AI is still not going to be smart enough to do anything besides crack vulnerabilities (if it wastes the resources trying, it will be out-competed by other AIs that don't contemplate the meaning of thei

Re:

[sznupi]

But also there might be too many "what if" scenarios to draw definite conclusions. For example...defensive measures getting also more "intelligent". Or crackdown of botnets promoting more decentralized, autonomous mechanisms.

And drawing direct biological parallels is exactly what I was trying to point out as too limiting our perspective. What actually is the equivalent of an ant or neuron in a cybernetic being? Yes, there are simulations or even direct analogues we use (neural networks, agent systems), but

Re:

[thepotoo]

I am obviously not willing to rule out the possibility that an AI could emerge from genetically programmed botnets.

All I'm saying is that by comparing the closest analogue that I'm familiar with - biological systems - things look strongly against anything sentient. Look how many species there are. How many do we consider sapient? 5? 6? All closely related. Combine this with much stricter short-term selection pressures (shorter generation time) on at botnet than exist in the biological world (where the

Re:

[sznupi]

I still suspect this might be, overall, too limiting.

First and foremost, you don't compare it with biological systems, you compare it with organic biological systems. Only from one planet to boot ;). Our kind of sentience...that indeed looks almost like an accident of evolution, but it's not necessarily synonymous with intelligence. We can't really grasp how, for example, hive minds would "think" (heck, can we really grasp how a cat thinks?). Certainly there would be totally different meaning to culture, ma

Re:

[metamechanical]

I just look forward to the day that the autonomous software agents become intelligent enough that they begin fighting each other.

Or even better, advertising to each other!

Re:

[FreelanceWizard]

Worms and viruses fall into certain definitions of "autonomous software agents," and there have been some that have uninstalled their opposition. Welchia is a modern example and the source of some ethical arguments over on BUGTRAQ.

Let the worm wars begin!

What I really want to know:

[Mattskimo]

How much money does this generate for the spammers worldwide and the demographics of those that respond to spam email. My guess: not mensa members.

Re:

[plover]

It's obviously a multi-million dollar industry just from outward appearances. If you do some simplistic guesswork, you'll come up with big numbers fast. Assume a spammer sells 10,000 "contacts" for $10.00. (just a guess that makes the math easy, I think the real rate is $40-$60/10k.) That'd be a million dollars a day at this volume.

And that's just the money the spammers get for sending it. It doesn't consider the products or services being sold.

Judgment Day

[Yvan256]

April 19, 2010, 16:30. SkyNet becomes self-aware. One minute later, SkyNet realizes he's just a world-wide spambot. Nine milliseconds later, SkyNet terminates itself.

And there was much rejoicing.

Re:

[gzipped_tar]

andnothingofvaluewaslost

Re:

[gnieboer]

Well, at least military now knows they are off the hook for causing the end of the world, the real end of the world will be launched by spammers... who knew??

Re:

[lennier]

Some of us were kept alive, to work... loading diet pills into Nigerian officials. The... enlargement.... units ran night and day. We were that close to going out forever. But there was one man who taught us to fight, to storm the wire of the call centres, to smash those fat burning *****s into junk. He turned it around. He brought us back from the brink.

His name is Markov. Andrey Markov.

ISP apathy?

[zarmanto]

I have never entirely understood how this problem could be allowed to escalate to the levels we have today. If the statistics that we're always seeing on the bandwidth consumption of spam (and of botnets in general) and the inherent overhead costs associated with that consumption are anywhere close to reality, it seems rather obvious to me that ISPs around the world would have a vested interest in shutting down the botnets on their networks! I mean seriously, folks... let's ignore all of the legislative iss

Re:

[FlyingBishop]

Simple. The US business models are all based on convincing people they need more bandwidth. It's just like how mobile providers force you into slow, difficult to use voicemail systems that eat up minutes instead of giving you a simple and easy to use inbox just like you use for text messages. They're not interested in optimizing network usage, they're interested in increasing network usage so they can charge more.

They're already intelligent

[beej]

The botnets are already more intelligent than your average spammer; making them autonomous is a small matter of programming.

IT IS....ALIVE!

[TiggertheMad]

The botnets are already more intelligent than your average spammer; making them autonomous is a small matter of programming.

I'm pretty sure that we don't need to program spammers to be autonomous.

It has already happened

[Myion]

The country of Nigeria is the physical manifestation of the botnet

Oh shit.

[Locke2005]

Any chance all these botnets will eventually merge into one single autonomous intelligent entity, and perhaps start calling itself "SkyNet"?

Not MY machine

[Nonillion]

Well, I for one can say my machine is NOT part of this problem. The users of these "compromised" machines are merely appliance operators, and couldn't secure their machines no matter what OS they run.

China

[tedgyz]

A lot of these botnets are cropping up in China. We ended up having to block entire blocks of IP ranges to stop them from probing our website. I wonder how much of this is gov't sponsored?

Re:

[Culture20]

They're also those annoying things that leave a bajillion failed SSH logins - each one from a different IP address - for user fluffy in your syslog. Or, the annoying things that can act as a group to DDoS, quickly create a rainbow table, attempt to mass-redirect DNS on each bot's local subnet to infection sites, etc.