Security

25% of all computers on botnets


Vint Cerf estimates that one quarter of all computers connected to the internet are part of a botnet.  Cerf, one of the ‘founding fathers’ of the Internet told listeners at the World Economic Forum in Switzerland that out of 600 million computers participating in the online world, 150 million are likely to be unwilling members of a botnet; collections of remotely compromised systems often used as proxies for illegal activities like spamming and credit card fraud.

In May 2006 a botmaster launched attacks on BlueSecurity, the assault couldn’t be stopped and the authorities could not track the attacker.  BlueSecurity are no longer around.

With Internet presence rapidly expanding it’s difficult to know just how the growth of botnets can be stopped.  I suppose education is the key; users should be more aware of the dangers and how to protect themselves.  A computer with an up to date OS, a software firewall (behind a router firewall), anti-virus and anti-malware applications should be pretty safe.  There are the risks of 0-day exploits and vulnerabilities but the machines should be behind a ‘block all except..’ firewall.

14 comments
wmlundine
wmlundine

I provide free services to those who can not or will not pay to remove malware. I have cleaned up hundreds of computers for free for end users (some small businesses too). I encourage others to do likewise until we reduce the number of purveyers of malware.

DanLM
DanLM

Nobody has ever asked me to help them clean their computers. I've directed people to free av and firewalls when they have asked. But, your absolutely right. We need to help all we can. Dan

w2ktechman
w2ktechman

Mostly I point people in the right direction and have even downloaded and copied some tools to cd for them (but encourage them to download). I have also cleaned a few home systems from people that work here. I do not ask for anything in return, but sometimes get gift cards or cookies or something. This is an issue, even bigger than I had thought if those metrics are even close to accurate. Maybe we should get and maintain a website that does free scans using several of these tools??? Maybe TR can do this? and we can recommend others to come here and clean their systems regularly.

Q'sDad
Q'sDad

Most of the people that ask for help want me to remove the dozens of viruses that infected their computers, but they are not interested in spending 5 minutes learning how to use virus scanners and ZoneAlarm. Hours are spent clicking on Porn web sites that infect user's PCs. So, the answer is to combine the two ideas. Create a porn site that secretly scans the user's PC for viruses and removes them without bothering the user. My wife would like that one. Wife: "Why are you building a porn site?" Me: "It's for the betterment of humanity." =8)

DanLM
DanLM

ack, did I just give out a secret of mine? But, I understand what your saying. Bunch of my friends use the torants.... Their machine usualy gets hammered sooner or latter. So, I understand what your saying about the little old lady. Dan

wmlundine
wmlundine

...of the people whose systems were totaly pooched that I have fixed were music fans. One sweet old lady who was infected with the typical Trojan/backdoor syndrome got her first package from a GOSPEL music sharing site. Some of the younger ones come back for clean up several times before they figure it out.

w2ktechman
w2ktechman

And you are for sure right on that.

DanLM
DanLM

Because we were making a difference. Sorry, I just trashed the FreeBSD 6.2 system I'm setting up for a personal business which is in Jersey(and I'm in Ohio). I have a real pessimistic attitude right now. Want to know the real kicker here w2. I was hardening the box before I even installed anything else. I fat fingered a config file someplace, and rebooted it with no hands on access to fix. But, seriously. If a web site was put up that we could all forward people to. A trusted site of the techies. It would be attacked by what we were trying to cure. ;o( dan

w2ktechman
w2ktechman

if all techs had 1 trusted site to send people to instead of a host of sites to download from, then we can all get the word out better. People want simplicity, they also want everything to be automatic and free or low cost. Sending them to an antivirus company to run a free scan, and then to download SW (especially multiples) for spyware cna be a complicated and time consuming process that most will just do away with. But there still are many who wont stay away from Warez and Porn sites that are infected badly. Having 1 site to do all would be a first good step in my opinion, especially if there was no downloading needed (like some AV scans). On the site it should be recommended to download and install one or more of these programs, especially if they find a lot of problems. We would be able to give out 1 link instead of multiples. Word of mouth would travel quickly on this site I am sure.

DanLM
DanLM

[i]Maybe we should get and maintain a website that does free scans using several of these tools???[/i] All the major av companies already offer it, and people still don't use it. Or, if they do. They don't do nothing to correct the problem. Most web sites that I have ever done(all hobby/personal ones), I've always tried to post virus alerts and links to free downloads of stuff(av/firewall/spam removal). Other then helping your friends and family, this is the only way I can see people doing something. Unfortunately, even doing that won't work. Why, because this is how people get infected in the first place. Bailing on these free web sites(porn mostly), and they might now be afraid to go there again. I have no silver bullet, that's for sure. This requires a million dollar idea, that won't make a cent dan

stress junkie
stress junkie

End users don't care. I deal with people all of the time regarding security. They don't care. Really. They don't care about their own bank account security. They don't care if their computer is being used to send spam. They just don't care. In many cases even when computers are used in a business they don't care about security regarding their customers' information such as credit card numbers, they don't care if medical information is secure, they don't care if business confidential information is secure. It is a struggle to get anyone interested in security. I was recently looking at another web site. Someone posted a question there about how to make a certain application work with his on line bank account. He posted almost all of the details required for anyone to log on to his bank account! People are just plain stupid and irresponsible. That means that manufacturers and service providers will have to supply the solution or there will be no solution.

DanLM
DanLM

I thought the botnet problem that I knew from IRC was just in people not knowing. But, you know what. Your right, I could explain to people over and over again not to accept things from people they don't know. And they still do it. So, your right. If you tell someone that your going to get burned by doing something, and repeat it multiple times. And they still do it, especially after they have already been burned. They don't care. I'm depressed. Here is one that will depress you more stress. IRC, I know people that run bot nets. They blatantly brag about it. You report them to authorities, nothing happens. Can I prove a loss of 5,000? Nope. So, nothing is going to happen. All I can say is these people brag they have a bot net of 500,000 computers. But, I can't tell you who they attacked or when. Dan

stress junkie
stress junkie

I read somewhere else that the FBI and some other Federal law enforcement agency won't get involved unless the monetary damages are greater than some lower limit. Hey bad guys. Just keep your thieving under that amount per victim and the cops won't even look for you. Great. X-(

DanLM
DanLM

What happened over a period of time was that because these bot nets were used to attack various irc networks, the network's got together and formed a security group. This security group pass's information to each other, and some of the more technical members reverse engineer these bots. Once they have done that, the pass on to the other members information on how to feed commands to these bots to be deinstalled from the host computer. I know that some of the virus companies follow this group because identification actually occurs first through this group, and is forwarded to the virus companies. I have also read that bot nets, which use to originate from IRC have now moved to web distribution. Hmmm, not sure I understand that one. Because, on irc what would normally occur is a bot would join a forum... Say, want to see porn? feed a url, and leave. People would then click the url, and become infected. This is just my experience with bot nets. I have been the subject(either web page or irc network) of some of their dos attacks, so I know how affective these pricks can be. Dan

Editor's Picks