×

The New Face of Script Kiddiez 230

Posted by Zonk from the some-of-them-are-actually-quite-old dept.
An anonymous reader writes "Washingtonpost.com's Security Fix blog has an interesting post profiling the activities of a kid named Witlog who controls a botnet of roughly 30,000 hacked Windows PCs. Even after the authorities manage to shut down the network Witlog uses to control his bots, he pops up somewhere else. From the article: 'Witlog may in fact be the product of a new generation of script kiddiez; the chief distinguishing feature of this generation being that instead of using Web site flaws to deface as many Web sites as possible, these guys are breaking into thousands of home and work PCs and taking them for a virtual joyride, often times all the way to the bank.'"

Searching for Botnet Command & Controls 114

Posted by Zonk from the i-want-them-alive-no-disintegrations dept.
Orange Eater writes "eWeek has a story about a group of high-profile security researchers intensifying the search for the command-and-control infrastructure used to power botnets for malicious use. The idea is to open up a new reporting mechanism for ISPs and IT administrators to report botnet activity." From the article: "Operating under the theory that if you kill the head, the body will follow, a group of high-profile security researchers is ramping up efforts to find and disable the command-and-control infrastructure that powers millions of zombie drone machines, or bots, hijacked by malicious hackers."

Interview with a Botmaster 291

Posted by Zonk from the honest-living-made-easy dept.
An anonymous reader writes "The Washington Post is running a fascinating feature profiling a couple of botnet operators who make thousands of dollars each month installing adware on machines they infect. This is by far the most detailed examination of this issue I've seen so far -- and includes an interview with the CEO of 180Solutions, as well as interviews with some of the botmasters' victims. From the story: 'Most days, I just sit at home and chat online while I make money,' 0x80 says. 'I get one check like every 15 days in the mail for a few hundred bucks, and a buncha others I get from banks in Canada every 30 days.' He says his work earns him an average of $6,800 per month, although he's made as much as $10,000. Not bad money for a high school dropout.'"
The Courts

Botnet Attack Shuts Down Hospital Network 360

Posted by Zonk from the that's-not-cool-man dept.
aricusmaximus writes "A California student is now facing felony conspiracy charges after unleashing a botnet attack that shut down the network of a Seattle hospital intensive care unit. This indictment comes a few weeks after another California man pled guilty to similar charges. Both attacks were attempts to make money off of adware affiliate programs. So who's really at fault here? The students? The hospital for not securing their computers and network? Or the adware companies for providing the incentive?"
Worms

Botnet Brain Pleads Guilty 137

Posted by Zonk from the there-are-better-ways-to-make-a-buck dept.
spge writes "Now that Jeanson James Ancheta has plead guilty to spamming, computer misuse and fraud, it might be worth scanning through the original indictment document, which includes a step-by-step account of how someone goes about setting up an adware business, manages botnets and (thankfully) gets caught." From the BBC article: "'Mr Ancheta was responsible for a particularly insidious string of crimes,' said a spokesman for the US attorney's office in Los Angeles, Thom Mrozek. 'He hijacked somewhere in the area of half a million computer systems. This not only affected computers like the one in your home, but it allowed him and others to orchestrate large-scale attacks.'" We discussed Ancheta's arrest back in October of last year.
It's funny. Laugh.

U.K. Says Botnets Good Sign 123

Posted by Zonk from the a-little-too-chipper dept.
An anonymous reader writes "A UK government official has claimed that botnet infections should be celebrated, as they prove that Britain is a prosperous place with high broadband take-up. Is this an interesting new spin on hacking attacks, or sheer madness?" From the article: "The suggestion that botnet infections have their positive side sparked some surprise within the audience. One attendee pointed out that he 'wouldn't want the value of being number one in infections to be extended to bird flu'."
Security

How Do I Determine If My PC is a Zombie? 90

Posted by Cliff from the shoot-for-the-head dept.
Captain Chad wonders: "With the recent news of a 1.5-million node botnet, as well as the AIM rootkit worm, I'm getting a bit concerned about whether my PC may be a zombie. I'm seeing a lot of internet activity, even when nothing is running, and I've checked the process explorer for obvious tasks to no avail. I apply patches as soon as they're released, and my antivirus/spyware programs report nothing. How do I determine if my PC is a zombie, and if it is, how would I de-infect it?"
Security

Cross-Site Scripting Worm Floods MySpace 321

Posted by Zonk from the why-would-you-want-to-do-anything-on-myspace dept.
DJ_Vegas writes "One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, 'Samy' had amassed over 1 million friends on the popular online community. According to BetaNews, the worm's code utilized XMLHTTPRequest - a JavaScript object used in AJAX Web applications and was spreading at a rate of 1,000 users every few seconds before MySpace shut down its site. Thankfully, the script was written for fun and didn't try to take advantage of unpatched security holes in IE to create a massive MySpace botnet."
Security

Creators of Massive Botnet Arrested 243

Posted by CmdrTaco from the well-maybe-don't-do-that dept.
DigitumDei writes "Dutch police has nabbed 3 men (aged 19,22, & 27) who alledgedly used the toxbot trojan to create a botnet of over 100000 machines. The trio conducted a DDOS attack against an unnamed US company in an extortion attempt, as well as using phishing tactics to hijack PayPal and eBay accounts. From the article: 'Police seized computers, cash, a sports car, and bank accounts at the three men's residences, and additional arrests are expected. The three were to be taken before a magistrate in Breda, a city approximately 25 miles south of Rotterdam, on Friday. The botnet was dismantled, prosecutors said, with help from the Dutch National High Tech Crime Center; GOVCERT.NL, the Netherlands' Computer Emergency Response Team; and several Internet service providers, including the Amsterdam-based XS4ALL.'"
Security

Hunting for Botnet Command and Controls 228

Posted by Zonk from the owning-the-punkz dept.
Uky writes "Convinced that the recent upswing in virus and Trojan attacks is directly linked to the creation of botnets for nefarious purposes, a group of high-profile security researchers is fighting back, vigilante-style. The objective of the group, which operates on closed, invite-only mailing lists, is to pinpoint and ultimately disable the C&C (command-and-control) infrastructure that sends instructions to millions of zombie drone machines hijacked by malicious hackers." From the article: "Using data from IP flows passing through routers and reverse-engineering tools to peek under the hood of new Trojans, Thompson said the researchers are able to figure out how the botnet owner sends instructions to the compromised machines."
Security

CA Warns Of Massive Botnet Attack 357

Posted by Zonk from the watch-your-heads dept.
m4dm4n wrote to mention a story running on The Register which describes a coordinated malware attack designed to establish a massive botnet. From the article: "The attack involves three different Trojans - Glieder, Fantibag and Mitglieder - in a co-ordinated assault designed to establish a huge botnet under the control of hackers. Computer Associates reckons that access to the compromised PCs is for sale on a black market, at prices as low as five cents per PC."
Security

Observing Botnets with Honeynets 118

Posted by CmdrTaco from the know-thine-enemy dept.
Susan Saradon writes "The Honeynet Project has released a new paper which deals with the observation of botnets. "Know Your Enemy: Tracking Botnets" discusses what Botnets are, who is using them, how, and why. It als introduces the tools "mwcollect" and "drone" which can be used for collecting an tracking Botnet activity. Nice to read and looking forward to the release of these tools."
The Almighty Buck

Comcast Raises Bandwidth in Shot at DSL 422

Posted by Hemos from the the-battle-continues-on-and-on-and-on-and-on dept.
bigtallmofo writes "In a move sure to be applauded by DDoS botnet owners everywhere, news.com.com is reporting that Comcast is raising the speed of its cable Internet offerings. The standard rate will change from 3 Mbps downstream and 256 Kbps upstream to 4 Mbps downstream and 384 Kbps upstream. Customers that currently pay extra for faster service will see a 50% speed increase over what they have today to 6 Mbps downstream and 768 Kbps upstream." Combine this move with the VoIP announcement and the rumblings about more Baby Bell mergers -- we should see an...interesting landscape soon.
Worms

Clean System to Zombie Bot in Four Minutes 608

Posted by michael from the takes-five-minutes-to-download-patches dept.
Amadaeus writes "According to the latest study by USA Today and Avantgarde, it takes less than 4 minutes for an unpatched Windows XP SP1 system to become part of a botnet. Avantgarde has the statistics in their abstract. Stats of note: Although Macs and PC's got hit with equal opportunity, the XP SP1 machine was hit with 5 LSASS and 4 DCOM exploits while the Mac remained clean. The Linux desktop also was impenetrable, but only was only targeted by 0.26% of all attacks." See also our story on the survival time for unpatched systems.
Spam

Reverse Firewalls As An Anti-Spam Tool 513

Posted by timothy from the to-each-his-own dept.
An anonymous reader writes "VeriSign's principal scientist Phillip Hallam-Baker believes one answer to stopping spammers and even crackers is by using reverse firewalls. He says reverse firewalls should be embedded in every cable modem and wireless access point for home users. "A traditional firewall is designed to stop attacks from the outside coming in; a reverse firewall stops an attack going out," Hallam-Baker said. Apparently, a reverse firewall would reduce the value of recruiting your home PC as a member of a botnet because "normal users have no need to send out floods of e-mail, which reverse firewalls can stop, but they do allow a normal flow of e-mail. ""
The Internet

IRC in the Dog House? 94

Posted by Cliff from the falling-out-of-favor dept.
Emperor Tiberius asks: "It seems more and more dedicated server companies are turning tail to the idea of hosting IRC machines. Hosts like Rackshack are adding 'no-IRC' rules to their AUPs at the risk of having one's server unplugged. Why is IRC (the once applauded chat medium) being thrown to the dogs? Some might say the horrendous botnets written for the protocol are a part of the problem. However, if we were to shut down the IRC protocol. Isn't it theoretically possible the botnet authors would just migrate to a different protocols like Oscar/AIM, ICQ, ICB, Jabber, just to name a few? If so, how would we manage the problem? Would we shutdown all ICB servers, and cut-off the ICQ network? Are we trying to kill off the problem in the wrong way, or is there a compromise to keep IRC alive, and keep botnets away?"
Security

Fyodor Answers Your Network Security Questions 277

Posted by Roblimo from the eating-script-kiddies-for-breakfast dept.
You asked nmap creator Fyodor many excellent questions, and his answers (below) are just as excellent. You'll want to set aside significant time to read and digest this interview, because Fyodor didn't just toss off a few words, but put some real time and energy into his answers.

Slashdot Top Deals