Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Botnet Security IT

Despite Takedown, the Dridex Botnet Is Running Again (sans.edu) 57

itwbennett writes: Brad Duncan, a security researcher with Rackspace, on Friday wrote on the Internet Storm Center blog that 'the Dridex botnet administrator was arrested on 2015-08-28, and Palo Alto Networks reported Dridex was back by 2015-10-01. That represents an outage of approximately one month.' The lesson here, writes Jeremy Kirk in an article on CSOonline is that 'while law enforcement can claim temporary victories in fighting cybercriminal networks, it's sometimes difficult to completely shut down their operations.'
This discussion has been archived. No new comments can be posted.

Despite Takedown, the Dridex Botnet Is Running Again

Comments Filter:
  • You cannot succeed (Score:4, Interesting)

    by Opportunist ( 166417 ) on Monday October 26, 2015 @10:43AM (#50802747)

    At least not until you take care of the root of the problem: The bots. People who run unpatched, unsecured boxes on fat pipes with no regard for the safety of others. Hell, not even of themselves.

    Get people liable for the shit their boxes do and you'll see this problem cease within months.

    • by Anonymous Coward on Monday October 26, 2015 @10:49AM (#50802787)

      So if your grandma gets hacked we should sue her and throw her in jail?

      How about we hold Microsoft accountable for the shitty fucking security in their operating system?

      That's the real problem here.

      • by houghi ( 78078 )

        As far as I know, the software at launch is safe. Yes, there will be some zero-day hacks and even those who are not patched.

        The real issue is however people clicking on ThisIsNotAVirus.exe.pdf or what not.

        So most is Trojans and not virusses. Microsoft also issues patches.

        Car comparison time:
        A car company makes a car with an error. They find an error and recall the car.
        Microsoft makes software and an error is found. They make updates available.

        If my car is vurlerable for not breaking and thus killing people

      • There is nothing MS can do to stop people from handing root access to malware for the promise of dancing pigs [wikipedia.org]. The ONLY way to do this is to do the Apple thing: Jail the system and only allow software to run on it that has been approved by the maker of the OS. Is that what you want? MS dictating what you can and what you cannot run on your computer?

        With the ability to run arbitrary software on your machine comes the responsibility to make sure it does not harm anyone. If you can't be assed do that, get a ja

      • So if your grandma gets hacked we should sue her and throw her in jail?

        If your grandma swerved across three lanes and caused a traffic accident because she never went in for the manufacturer recall to fix the malfunctioning rear view mirror she'd certainly at least get a talking to. If you knew about the problem with the mirror you'd probably talk with her about how important it is to get it fixed before she causes a problem too.

        How about we hold Microsoft accountable for the shitty fucking security in the

    • by Gr8Apes ( 679165 )
      I'd have to agree with the AC here - MS should be held accountable for this issue, otherwise you are really arguing people should be held liable for running MS OSes. After all, MS is the (major) problem. Of course, if it wasn't MS, it'd be something else, but MS has the biggest footprint and also happens to be easiest target to compromise - perfect for botnets.
      • by Gaygirlie ( 1657131 ) <gaygirlie@[ ]mail.com ['hot' in gap]> on Monday October 26, 2015 @11:14AM (#50802973) Homepage

        That's bullshit. Routers and other kinds of Internet-connected appliances are an extremely popular way of growing out a botnet, and guess what? They don't run Windows. Wordpress is another extremely popular target, and guess what? You can run Wordpress under a whole bunch of different OSes. There are literally tens of thousands of examples out there where Microsoft doesn't play any part except as perhaps the OS on which the vulnerable software runs on, but the same applies to *BSD, Linux and so on -- on general-purpose computers it doesn't matter what the OS is if the vulnerabilities lie in the software that was installed on top of the OS. On appliances, sure, but you can't blame MS for the shit the appliance-manufacturers pull.

        • Honestly, then blame the people who make the routers, or what these other pieces. But suing some little old granny for having an insecure OS/router/thermostat makes no sense.

          Start making vendors of this stuff bear some responsibility when it's sold insecure, left wide open, and then exploited. Holding consumers for badly written products is plain silly.

          You can't expect every grandma with a computer to be a security expert.

          Nobody said "blame Microsoft for every security hole in the world". But if you sel

        • by Gr8Apes ( 679165 )

          That's bullshit.

          Absolutely true, regarding your statement.

          The router botnets are primarily due to morons configuring the devices to have default public admin ports open. Who does that on an internet facing device? Why, apparently Asus, Linksys, D-Lionk, Micronet, Tenda, and TP-Link [arstechnica.com]. Note that they tracked only 40,269 IP addresses belonging to 1,600 ISPs over 4 months. As compared to 100,000+ in windows botnets [technet.com]. (While Simda.AT is not a botnet per se, it can become one easily due to what it does, it was just the first win

      • You might well end up with only "certified", "licensed" (and "taxed") software distributions that you must "subscribe" to, and accept all automatic updates.

        Running unauthorized software will be illegal.

        Problem solved.
      • by tnk1 ( 899206 )

        By all means, hold MS accountable and then watch what happens to everyone else.

        You will be holding open source and free software creators responsible as well, because the law won't be confined to MS. So yes, by all means, hold MS responsible under law, and watch as MS pays a few billion dollars in fines (maybe), and the FOSS software market undergoes critical existence failure.

        Yes, botnets are a problem, but they aren't the end of the world. Let's not burn the house down to drive out the mice.

        • by Gr8Apes ( 679165 )
          Ah, but there's a fly in your ointment - FOSS doesn't sell you the software, so there's no implied contract and no basis to sue FOSS projects as compared to MS. This could actually help FOSS, because companies that use FOSS in their software would be covered by the law and thus would be encouraged to contribute back, in a world closer to perfect than the current one anyways.
    • by khasim ( 1285 )

      A different outlook:
      http://swiftonsecurity.tumblr.com/post/98675308034/a-story-about-jessica [tumblr.com]

      The COMPANIES with the most influence over the security of your systems usually have the LEAST incentive.

    • Don't go after the tools being used, go after those who use the tools.
    • by Dutch Gun ( 899105 ) on Monday October 26, 2015 @11:17AM (#50803003)

      I'm not sure I buy that argument, especially when dealing with consumer hardware. As one example, how would a typical consumer possibly know that their router has been compromised? How would they even know it's "unpatched" in the first place? And what happens if you're completely patched up and you still get a bot on your system? While zero-day exploits are less common, they're do happen on a pretty regular basis.

      Nowadays, no consumer device should access or especially be accessed by the internet unless it's set up by default to auto-patch itself. This needs to be the new normal for hardware, because the reality is that security issues WILL be found, and that a typical consumer will NEVER patch things themselves. I used to have to update my Synology NAS box myself, checking when updates were available. After a well-publicized attack on their boxes, Synology wisely decided to allow their boxes to auto-patch themselves. We're starting to see this with some routers, and a lot of our critical software (OS, browsers) are now auto-patching as well. And we damn well need to make sure people making IoT devices get this right the first time.

      At this point, it's not just a matter of protection for the consumer that purchased the hardware. It's protection for the rest of the internet as well. We can't afford to leave old crap connected to the internet in perpetuity. As sad as that is, it's just proven to be too dangerous for the ecosystem as a whole.

      As for commercial-grade stuff... well, that's probably another discussion.

      • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Monday October 26, 2015 @11:25AM (#50803037)

        The problem will be when the company selling those routers stops supporting them.

        Built correctly, those things should last for years and years. Longer than the companies want to spend money supporting them. They'd rather you purchased the newest model.

        But the security holes don't fix themselves.

        And even if you lock them down so that they cannot be "managed" from the Internet side, they're still vulnerable. It's just that the attack has to come from inside the network. Maybe via an ad banner or Java or whatever on a PC/laptop connecting through that router.

        • Naturally it's not a perfect solution, but let's please not let perfect be the enemy of good. We all know a patched system is far less likely to be compromised. And let's be honest here... hardware-manufacturing companies don't go out of business all that often, and when they do, they're often acquired by another company for their IP and assets. This should also include their liabilities, which is to provide continued support for sold devices.

          Sure, at some point, a device will be at the end of it's servi

          • by khasim ( 1285 )

            This should also include their liabilities, which is to provide continued support for sold devices.

            It should, but it does not.

            Look at how Cisco treated LinkSys before they sold it to Belkin.

            We're still a lot safer with the device getting patched for as long as possible.

            No one is arguing otherwise.

            The issue is that the hardware WILL outlast the support. So the situation will not change. Systems that are vulnerable today will still be vulnerable. New systems that auto-update will eventually be unsupported. An

            • by KGIII ( 973947 )

              Maybe they can just use the same OS on all of them and a patch could be universal and work just fine with older releases?

      • by wbr1 ( 2538558 )
        The flip side of that is companies do not want the expense or hassle of dealing with cases where the anut patch breaks functionality. This happens all the time and the more multi or general purpose the device the less likely that the vendor can test against all cases before releasing a critical patch.
      • by Agripa ( 139780 )

        In the same way that online ad vendors have demonstrated why add blocking is desirable, Microsoft (and others including Sony) has managed to demonstrate why automatic patching is not. The manufacturers will start using it as a vehicle for push marketing.

    • by Z00L00K ( 682162 )

      And now with the spyware forced upon us from Microsoft how can we trust that a patch fixes a problem or gives us a new?

  • by QuietLagoon ( 813062 ) on Monday October 26, 2015 @10:54AM (#50802821)
    So long as law enforcement continues to play the botnet's game of whack-a-mole, the problem will not be solved, or even diminished.

    Law enforcement needs to follow the money....

    • by swb ( 14022 )

      Which makes you wonder why they're not. I would think following the money coupled with aggressive sanctions to providers (ISPs, hosting companies, banks, credit processors, etc) and heavy publicity against them would get them someplace.

      My guess is the intelligence agencies are worried about getting caught up in such an investigation or at least having methods and "back doors" closed down.

    • by houghi ( 78078 )

      Hey, they have tried to solve the drug issue. Perhaps they could start a 'war on botnets' because that seems to help.

      Or people need to realize that crimes will be committed as long as people (think) they get money out of it. Realize that crime is a social problem and you will not solve it with a technical solution.

  • find who is running them, and cut their fingers off.
  • by burtosis ( 1124179 ) on Monday October 26, 2015 @11:32AM (#50803097)

    in fighting cybercriminal networks, it's sometimes difficult to completely shut down their operations.'

    Except for the sometimes - yes.

  • The real question is whether the Dridex botnet will work with the Internet Of Things?

    Because if it can't infect my toaster and refrigerator then it won't get my respect.

  • Until security levels have been improved enough that such attacks become very rare, the law is completely unsuitable as a tool here. The law can catch the odd outlier that thinks rules of society does not apply to him/her, but that is it. The current situation is like everybody leaving their car keys in the ignition all the time and then demanding harsher laws to stop the frequent car thefts. That can obviously not work.

"An organization dries up if you don't challenge it with growth." -- Mark Shepherd, former President and CEO of Texas Instruments