Discussion on:

The top 10 spam botnets: New and improved

The bots are becoming far more sophisticated, than just someone clicked and installed a bot from a website.

Machines are actively being scanned for known issues, especially in the Linux world. They identify the known exploit, and then use that exploit to gain any level of access they can.

For instance, if you allow remote desktop to your systems from the Internet, then a "scout" will identify it, report back to a C&C, which will get yet another system to run the exploit. They even have "updaters" to get the newest versions of spam, new exploits they want to embed in case they are found, or turn them into C&Cs, FTP hosts, warez hosts, and to repurpose the bot for things like denial of service attacks.

In the case of spamming for pharmacy items, it's an unknown to me. Anyone having a medical need for these items can now easily obtain them through their doctor. Those who are abusing the drugs are purchasing from anonymous drug dealers via e-mail, websites, and no opportunity to even complain if they don't get what they ordered. Do you think someone who is distributing drugs illegally is worried about cheating you out of money?

Whether or not they throw in a few free bots/viruses as part of the deal, who'd know?

about Apache vulnerabilities, which Linux fanboys are just now admitting to be self evident.

Interesting post b.kinney1, thanks for your input!

Truly this is a really scary concept. That all this can happen being firewalls. I thought firewalls were used to stop the attacks. Could someone advise me on the best way to prevent these attacks? What is the best way to remove the vermin? The internet is a awesome thing, but these obnoxious people are ruining it. The human race just can not let anything be a good thing and leave it alone. Thank you for any assistance.

Preys on vulnerabilities. Keeping your operating system and applications (specially Adobe) up-to-date will go a long way to preventing any malware from gaining a foothold.

I would suggest using Secunia to help with that:

http://secunia.com/vulnerability_scanning/personal/

Doing that along with a good AV, firewall and malware scanner will help a bunch.

of the most effective free ware to get you started. If you do not do any online banking, or shopping you could reduce it two four of the top ones in bold type:

Snoopfree Privacy Shield
Comodo Firewall Pro
AdAware Anniversary Edition
Spybot Search & Destroy
Malwarebytes anti-malware
Avast or NOD32 if you have money
Spyware Blaster(Javacools)
MVPS host file, or AdBlock Plus
Secunia PSI
CCleaner and/or Revo Uninstaller
GMER rootkit detector
LastPass - password vault

I'm sure Michael would agree, that an in-depth defense is best. If you are using Vista/Win 7, I could modify these recommendations for you.

I do not work for any person or company; I just hate malware to pieces!!!

I forgot to mention that I would suggest using Firefox as the Web Browser with the NoScript add-on.

FireFox can be its own security feature because of the wonderful plugins.

You probably knew FF is vulnerable right now; Secunia is flagging it for a serious vulnerability. Some folks have uninstalled it until this is addressed.

I won't go that far, as I feel my blended defenses will lower that possibility!

IE has a major vulnerability as well. I guess I would put FF up against IE any day.

in my original comments on this matter, I thought that the vulnerability to which you referred was one that was not patched for a long time. Either Microsoft remedied it or Secunia decided to remove their advisory.

The one that is listed now (03/05/2010) by Secunia PSI for I.E. 8 (http://secunia.com/advisories/38416/) does not appear to be as bad as the current one for Firefox (http://secunia.com/advisories/38608/).

Secunia PSI also reports a critical update for Thunderbird 3.x.

http://secunia.com/advisories/38727

I'm using Vista Home Premium x64. The only unpatched vuln is cross-scripting, which would have to get through my defenses to be successful, plus I'd have to be stupid enough to click on a box or something.

Although the social engineering of the crackers is getting very good; even I have been fooled in the not-so-distant past.

it only reports the two advisories that I compared in my reply to your remarks. It does not report:

http://secunia.com/advisories/38727

for I.E. 8 as it is installed on my computer.

FWIW, I am trying to confirm whether I.E. 8 is current with Belarc Advisor, but it has not been able to access its server for the latest data (yet). If I find a discrepancy, then I will let you know.

As far as I know there is no patch yet. I suspect it will be part of the 09 Mar 2010 update.

is a good companion to BelArc also; especially since I can't upgrade to business, or Ultimate, because of my situation.

MSBA will show security discrepancies that BelArc doesn't support on Home editions.

You guys have been great. Sure need a lot of armor to block this junk. I am wondering if one of you would be able to assist me. I ran malwarebytes. It came up with some stuff that seams pretty scare to me. I tried posting for some assistance in the malwarebytes forum but no one responded. I would like to post the log. malwarebytes said it removed the items. My questions are: Is it really removed? Should I be concerned that my financial info has been snagged and I should I be changing my passwords. If someone could be able to assist me please let me know and I will post the log. Thank you so much

it probable has. In my experience, it's the big commercial apps (McAfee & Norton) that will tell they removed it when they didn't actually get it all, but it's been a good long time since I've seen even that.

Also, if you are in the least bit concerned. Run MBAM again after checking for updates. If you still uncomfortable, I would suggest rebuilding the computer, it is just not worth if you have any doubt.

If you are worried about passwords, by all means change them. They should be changed on a regular basis.

You can post the log here if you want, but sanitize any personal information about you or your computer.

Edit: Spelling

If this was stated as Removed by MBAM I would expect it to be removed but if it was something like a Key logger and you do On Line Banking or pay with a Credit/Debit Card I would be changing the passwords and other security straight away.

After all if this type of thing was on the system it's likely that your personal Information is already on it's way to whoever wrote the crap that you got infected with. If you change the way to log in to your Bank and so on before they can access it there isn't a problem for you.

OH and boot your Windows System in Safe Mode and run the Malware Bytes Scan again just to confirm that it's all gone after updating it.

Col

.

Still, if I may can I interject a few comments about on-line banking. That is another whole subject. I touched on a few bits of advise in this post:

http://blogs.techrepublic.com.com/security/?p=2409

Please be careful with regards to this, the bad guys are all over this.

.

If a person doesn't want to reinstall and has taken HAL's and Michael's advice; it is a good idea to run Identity Finder Home as a minimum, on your hard drive, to make sure any social security numbers or credit card numbers are purged from your machine.

More and more of today's solutions to not rely on a clean computer to provide security, some of the best code out there, assumes your infected and helps mitigate the damage without file definitions - to me these are the best combinations out there!

I would put a full in-depth defense in place and scan with all utilities first though. Snoopfree can gain some protection from keyloggers on XP, but Prevx claims to block everything going in and out of the browser if it is misbehaving. I haven't had time to back up their claims, but I am using it.

If your a FaceBook member, they are giving the keylogger/video aware version for free.

I am impressed with the general ability of Prevx heuristics to block bad behavior to browser activity though.

Using a password vault will keep your private information off your hard drive - LastPass doesn't even store your encrypted information on your PC, it does it in the cloud thru SSL communication. So if you carry the Windows mobile version, you can use it on the road anywhere.

Of course you have to trust the cloud for this, I'm sure you or the other members here would advise against this.

I like it, and have decided cloud computing trust has to start somewhere, if I get ripped, I will let the whole world know about it. I don't have that much to loose (yet).

I admit that I?m not a computer engineer or even a low level programmer but it would seem to me that the reason user systems are so easily exploited to this day has more to do with making sure the OS companies don?t lock themselves out of users systems or the government. There?s big money these days in providing to the government, data that they constitutionally are not supposed to be allowed to get. You can call that conspiracy nut talk if you want but it?s an undeniable fact that MS has worked intentionally with various government and law enforcement agencies to make computer data from users accessible to the government and without the users knowledge and more alarmingly, without even a traditional warrant from a judge and can see the story on this at PC Worlds on website at the below URL.

http://www.pcworld.com/article/190233/microsofts_spy_guide_what_you_need_to_know.html


If there were true & honest efforts to do what is necessary to minimize users systems being exploited then we would have seen a lot better progress by now. Instead of being about how to protect users it?s how to limit user infections while still leaving us (MS & their government agencies & non-gov related partners) a backdoor into those same users systems.

I can see why they are mad it was leaked.

I agree with you that I can see why MS was mad about teh doc getting out but I'm not clear if you are saying only that or also subtly implying they had a right to be mad because this kind of thing must be kept secret so the public is unaware of what is going on.

Based on Michael's one liner; I don't think it attributes right or wrong. It simply acknowledges that Microsoft would be upset regardless of if keeping that information secret was ethical.

Don't read anything extra into it.

It Shouldn't Be A Shock - er.. either. (made that up myself.. does it show?)

I was thinking after I grabbed the document link; If I'm Johnny Law and I have a Windows machine I need to get into, who do I call? - Microsoft. It shouldn't be a shock that MS has a documented process for providing law enforcement with information. The only surprise may be for those who haven't considered how much information MS is able to provide.

Actually, my post was only referring to the question of what Michael may or may not have implied in his statement. I meant to suggest that he is fairly straight-up and clear in his meanings, and that I would not add any extra interpretation.

ISNBAS - that's a keeper.

Funny thing, I had just downloaded those documents via P2P not 48 hours ago, without knowing their full significance nor story behind their "publication" at the time.

I meant more to add on to your comment as I wouldn't have expected Michael or you to be particularly shocked that MS was collecting data or that it provides it to third parties on request.

But I felt I should cover the intent of my post again, just for insurance.

before. I remember reading a news item back in the nineties about how update was tracking way more than it needed to, and a tort case court found that an MS official had inadvertantly leaked information about someone who was a business customer.

This got out, and man you talk about a mad scramble to end litigation on that one! It was hushed up so well, I never saw another news piece about it.

I figure Google is doing it too, and probably even worse. If a business has that much to protect, I'm afraid cloud computing is just a joke.

I can't believe these big name companies aren't doing more to gain the public trust; but I guess they got plenty of customers! Probably because companies are too lazy or cheap to build and administrate their own infrastructure.

I believe that was the system update introduced with Win98. It inventoried the local system and sent that up to the servers for processing against the master patch list. As a result, system update now downloads the master patch list to compare locally against the system. The story I heard about it's discovery was that a researcher dropped a network sniffer on there system after noticing more outbound traffic than expected.

In terms of cloud, it's a great idea provided it's kept within a company's network. The real problem with the current return of centralized computing is the blind faith in third party companies like Google who's business is to aggregate information not protect the privacy of the commodity units (ie. us users). Google Apps on one of my servers would be fantastic for my users but Google Apps on Google's servers is a non-starter because of privacy requirements.

It is good to finally hear the technical side of that old incident! If memory serves me, MS was doing a good job claiming they didn't look at the information, until that damage case came out.

It just goes to show the old adage that power corrupts, and absolute power, corrupts absolutely. One should never trust anyone farther than one can spit. But someone in the business world is going to step up and finally lock the cloud down, and they will get a LOT of business for it.

Perhaps IBM?

Back in the nineties when the oil fields shut down because of poor prices, my uncle survived because of good reputation, he even had to dump a partner to keep that reputation.

In the long run, he gained almost everyone else's business, because of that. He become a millionaire several times over for bucking up and keeping the faith.

When are these stupid corporations going to learn?

While legally an independent entity, the Corporation is still managed by people who consistently remain more interested in short term goals; "what will make me long like a great manager" versus what will benefit the corporation in the long run. With executives swapping between businesses ever year to year and a half, a long term goal is not easily measured by monthly reports to base there next position and pay increase on.

who instigates a hostile takeover and guts the company and sells the assets off piecemeal; all for pure profit taking.

At least that has slowed somewhat since the nineties.

I'm very hopeful for the future in this country as many a good green energy venture is not going public for just that reason, so they can insulate themselves from the oil robber barons!

I just read Fatal System Error by Joseph Menn and I must say it may be the scariest book I've ever read. Mainly because it is factual. The history and current geopolitical events that revolve around these illicit activities are mind boggling. It's so much more than just SPAM. SPAM is just the wrapping paper on the box. If you're interested in these things, I recommend it.

I am about half way through it and it is very good.

The real sad thing about spam is that it is living proof that the world will never be able to unite to solve global problems. Us IT inhabitants know that spam could be solved, IF all nations collectively passed and enforced the laws that could end spam. I would love to see figures of the percentage that spam adds to the GDP of all countries in the world. USA's would be huge, not so much directly due the spam, but to the technologies and service sold to counter it. Or what about the contribution to global warming; the emissions to generate the power required to network this garbage all around the world would probably be quite significant. Heres a question: if spam were to suddenly stop, right now. How many Telco's would survive until the end of the month?
If spam is the template for global cooperation - then global warming will kill us all.

?

To use a greatly warn out expression.

The really sad bit - spam would not be the beast it is if people did not respond to it. And people respond to some stupid, poorly done, blatant spam.

That is the core of the problem, and it lies at a much lower level that that of institutions and nation-states.

you've given us just a morsel of information - the bot names and some characteristics.

Let's take it up a notch, and give people another "satan" equivalent - one to simply tell every PC in the world which bots they are vulnerable to, even currently infected with, and give us a simple tool to "honeypot" for the next attack, and push it back to the ISPs.

If we all did this for one day, imagine just how much spam we could eradicate!

Of course, this is supposedly what every AV with firewall capabilities is doing, but it never seems to be the case.

but it is grossly underpowered. At least I only have to delete a few hundred spam from my account over there. I would revert to whitelisted email, but I really can't do that for legal and business purposes.

Though some of TechRepublic's content is very excellent, I believe that they should be placed at the top of the list for meaningless SPAM being sent out.

The only thing that I get from TR is what I asked them to send me so how can that be considered as SPAM?

Col

I'm more interested in his, "very" excellent.

How do I countenance anything he would have to say about anything after that?

Dimmies everywhere I look.