Rent-a-ZombieTrade in infected PC's grows ( old news - 12:55PM Saturday May 01 2004) tags: securityUninformed broadband users who don't secure their PC's make a tasty profit for organized crime and various spam operations, reports the Register. UK Police are trying to follow the complicated relationships between hackers, trojans, spammers, and organized crime, all of whom are using unprotected residential and business PC's as either DDoS tools or spam zombie armies, leasing out thousands of such infected PC's at a time. "The trade of BotNets on compromised machines is becoming an industry in itself. Organised crime is making use of this industry," notes one UK detective, tracking a series of recent DDoS attacks versus on-line bookies in the UK. One Polish group of hackers recently claimed some 450,000 infected PC's were under their control.
Related:- 37% Of Malware Originates In U.S.
- Using PS3's To Forge Site Certificates
- PA Man Charged With Selling Hacked Cable Modems
- Wednesday Evening Links
- New Botnet Targets Routers, Dumb People
- FoxNews.com Serving Up Infected Ads?
- Uh, Mom? The Air Force Just Attacked Our PC
- T-Mobile Systems Hacked?
|
 
Optimized
Premium,Mod
join:2001-05-03
Pompton Lakes, NJ
clubs: | Scary reality ... That's probably a conservative estimate too! | |
|  | 
linicx
Caveat Emptor
Premium
join:2002-12-03
United State
 ·CenturyTel Inc.
| Re: Scary reality ... It is very scary if you own a machine with a Microsoft Operating System running it.
Until someone gets a handle on this bot, the smart thing for every ISP to do is shut down the mail servers so it can't spread; locate the infected machines and notify the owners.
--
Macintosh: no windows, no gates and the Apple inside | |
| | | 
Corvus
Flaming Tards Since 2003
Premium,VIP
join:2003-11-26 | Re: Scary reality ... Humm, my example: you have 500 000 customers and they pay for the service, how can you shutdown mail servers without loosing money (you must refund them) and customers?
--
Jesus saves, but only Buddha makes incremental backups. | |
| | | |
linicx
Caveat Emptor
Premium
join:2002-12-03
United State | Re: Scary reality ... Yeah, you're right . 500,000 customers probably do prefer worms served with spam and morning coffee.
--
Macintosh: no windows, no gates and the Apple inside | |
| | | | |
Corvus
Flaming Tards Since 2003
Premium,VIP
join:2003-11-26
| Re: Scary reality ... Unfortunately, yes. I deal with angry people who wants to quit us everyday, and when they loose business because the service was down trust me, they don't care about spam because money talks.
--
Jesus saves, but only Buddha makes incremental backups. | |
| | | | | | 
INHCNN
join:2001-12-15
Lansing, MI
| said by linicx  :
It is very scary if you own a machine with a Microsoft Operating System running it.
Yep, because *nix systems aren't ever compramised. (rolls eyes)
said by linicx :
Until someone gets a handle on this bot...
It's not just *one* bot. I've seen a large variety of IRC bots and FXP sites - and they all contribute to the same problem.
These kinds of activities though are going to be what blows the lid off of the computer underground. You have a lot of kids out there installing root kits, bots, and FTP servers en mass, and it is starting to draw attention. This has always been a problem for people like myself who deal with it everyday, but now the public at large is starting to get involved, and that will change the game.
Although, this is the first time that I've seen it all refered to as "organized crime". When I first read it, I got a chuckle out of it. But if you think about it: pre relase movies, music, and applications are very commonplace in the underground, and that can be used as a platform to call such activities "organized crime". Not that the older stuff isn't crime, it just doesn't have the same life as the major pre-release stuff.
-end-of-early-morning-rant- | |
| | | | B777300
join:2002-01-02
| Re: Scary reality ... said by INHCNN :
said by linicx :
It is very scary if you own a machine with a Microsoft Operating System running it.
Yep, because *nix systems aren't ever compramised. (rolls eyes)
I hope that was a joke, or that would show your ignorance. | |
| | | | | russotto
join:2000-10-05
Collegeville, PA | Re: Scary reality ... Unix systems tend to be compromised, when compromised, by attacks directly addressed to the system which is compromised.
Microsoft systems are compromised by attacks addressed "to whom it may concern". | |
| | | 
rklein
God Among Hogs
join:2001-01-18
Worcester, MA | You don't run your own mail server, do you?
--
-Rich | |
| | | | veh
join:2003-04-05
San Francisco, CA | Re: Scary reality ... I don't. | |
| | | LrdVader
Premium
join:2003-12-18
San Diego, CA
| said by linicx :
Until someone gets a handle on this bot, the smart thing for every ISP to do is shut down the mail servers so it can't spread; locate the infected machines and notify the owners.
So every time there's a new virus found, email should grind to a screeching halt?
Do you know how ridiculous that sounds? Think about it. If ISPs listened to you, email would be down more than it would be up, and would be completely useless for anything even remotely important.
Is that really what you want? | |
| | | |
linicx
Caveat Emptor
Premium
join:2002-12-03
United State | Re: Scary reality ... If ISPs listened to me they wouldn't have few virus problems to begin with. and their clients would have safe email.
--
Macintosh: no windows, no gates and the Apple inside | |
| | | | | LrdVader
Premium
join:2003-12-18
San Diego, CA
| Re: Scary reality ... said by linicx :
If ISPs listened to me they wouldn't have few virus problems to begin with. and their clients would have safe email.
No, if ISPs listened to you they would go out of business, because their clients would refuse to tolerate the constant interruptions in service.
Here's a nice link about this type of practice going back to 1999. It was silly then, and it's still silly now.
»vmyths.com/rant.cfm?id=241&page=4 | |
| tdkyo
join:2002-12-07
Rochester, NY | Woa Very interesting. Didn't know these underground losers had such a organized system of exchanging resources. I initially thought each group worked independently. | |
| |
Corvus
Flaming Tards Since 2003
Premium,VIP
join:2003-11-26
| Re: Woa
From ThinkGeek |
copyrights ThinkGeek
--
Jesus saves, but only Buddha makes incremental backups. | |
| | | | 
newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD
| RICO Act? quote:
"The trade of BotNets on compromised machines is becoming an industry in itself. Organised crime is making use of this industry,"
So . . . are broadband companies who fail to act on complaints of infected and compromised machines, as identified by their IP address, liable for inclusion in possible criminal complaints for "aiding and abetting"?
--
The Rules of Spam | Maryland's New Anti-Spam Law
Where are we going? And what's with the hand basket? | |
| | 
Vvian Kalyss
join:2003-10-14
Stage 5.0
clubs:
| Re: RICO Act? They damn well better show they DID try to investigate the complaints. Right now their attitude seems to be "thanks for emailing us, stfu and have a nice day kthxbai". I'm not saying they're all bad, but this is the kind of response I got when I contacted my ISP months ago over this problem. Maybe I should've asked for a tech rep instead of talking to the PR drones but wth are clueless people manning the help lines?!
--
" Her eyes were just the end of Hell-- / All pain, / Articulate " | |
| 
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
 ·Cox HSI
·Speakeasy
| Some Numbers... In an average three hour period, one of my mail servers allows 5000-6000 messages to pass through to the rest of the mail system. In that same three hour period, an average of 15000-17000 messages are rejected. In other words, 75% of the traffic hitting my front-line mail servers is rejected due to anti-spam rules.
Interestingly, of that 15000-17000, fully half are rejected by using an RBL that blocks SMTP connections from dynamic IP blocks (i.e., ones typically used by residential dial-up and broadband users). Prior to turning on that rule, an average of 68% of emails were bounced due to being spam (as determined by content analyzers rather than descriminating against source). What using the RBL did for me wasn't so much cut down on how much SPAM gets through as cut down on the computational expense of blocking that SPAM.
Given the numbers "zombies" out there (based both on publicised numbers and the per CIDR rejection numbers I see), descriminating based on source seems to be a valid form of filtering.
It should be noted that these numbers come from mail systems that serve a user base of less than 300 people.
-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron" | |
| 
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB | Where the heck is law enforcement on this? Where the heck is law enforcement on this?
And are there some ISPs or their workers getting kick-backs by keeping customers from knowing of complaints about their computers from places like DShield and myNetWatchman. | |
| | | |
|
|
