Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Storm Botnet Subsides For Now

timothy posted more than 6 years ago | from the wait-until-weather-2.0 dept.

The Internet 90

Stony Stevenson points out an iTnews Australia story about the decline of the biggest botnet of recent times, excerpting "The Storm botnet decreased to just five percent of its original size during April, but overall web-based malware levels increased by 23.3 percent, new monitoring data reveals. MessageLabs' Intelligence Report for April 2008 said that new malicious software removal tools aimed at removing Storm infections were responsible for the sudden reduction in Storm-infected computers." According to their estimate, Storm-compromised computers are now down to about 100,000 rather than numbers closer to two million.

cancel ×

90 comments

Sorry! There are no comments related to the filter you selected.

Hmm... (1)

theaceoffire (1053556) | more than 6 years ago | (#23262734)

I know at one point they were supposing that they were going to sell parts of Storm's Botnet...

Could this just be the result of that?

Re:Hmm... (1)

Crazy Taco (1083423) | more than 5 years ago | (#23265066)

I know at one point they were supposing that they were going to sell parts of Storm's Botnet... Could this just be the result of that?

No. The real reason is that people are finally moving over to Vista, which is of course stopping storm dead in its tracks with UAC.

Re:Hmm... (0)

Anonymous Coward | more than 6 years ago | (#23270792)

Damn retards shouldn't be using Windows. They should switch to Mac/Linux. If you're too fucking dumb to run antivirus/spyware checks, you shouldnt be using Windows.

These ppl downloading crap, fuck the internet for the rest of us.

Next up.. (1)

stimuli_ii (1266556) | more than 6 years ago | (#23262754)

Now batting...

[Insert next bot name here]

I know why. (1)

AltGrendel (175092) | more than 6 years ago | (#23262764)

People finally switching to Linux.

Well, one can hope.

Re:I know why. (1)

gad_zuki! (70830) | more than 5 years ago | (#23262950)

No, its because MS put an anti-storm package in its recent patch tuesday.

I'm still curious about all this web-based junk. Why dont all web site operators do some kind of malware/virus scan nightly. Hell ClamAV is free, although I'm not sure if it detects these kinds of things.

Re:I know why. (1)

Megane (129182) | more than 5 years ago | (#23263004)

Maybe because the "junk" is merely cross-site scripting links to the actual sites hosting the malware? I'm not sure that ClamAV is smart enough to go through a MySQL database looking for weblinks to "ka3122ha1.net", etc.

Re:I know why. (1)

gad_zuki! (70830) | more than 5 years ago | (#23263040)

Yeah but my understanding is that a lot of the sites doing the hosting are in themselves compromised on the user level. On the system level the admins could be running anti-virus. The real downside is that they have no incentive to do this, which is a shame.

Re:I know why. (0)

Anonymous Coward | more than 5 years ago | (#23263436)

Right, but it only takes few hosts -- a very small percentage of potential targets. So those who don't patch and scan their systems are the low-hanging fruit. And until you get every admin to run antivirus tools regularly, without shortcuts, there will always be easy targets -- and I just don't see that happening.

Re:I know why. (1)

Megane (129182) | more than 6 years ago | (#23276438)

And the compromised systems that become the hosts for malware often don't have "admins". They're just random computers hanging off of DSL or a cable modem somewhere. They don't have to be actual web site servers to be capable of hosting malware. In fact, it's better if they aren't, because there's not already something listening on port 80.

Re:I know why. (1)

jellomizer (103300) | more than 5 years ago | (#23263382)

Why would they switch to Linux when all they need to do is run an update... It is like moving to fort knox where all you needed to do was change the lock on your doors.

Re:I know why. (1)

insane_machine (952012) | more than 5 years ago | (#23264328)

Because fort knox has faster internet.

Re:I know why. (1)

cmacb (547347) | more than 5 years ago | (#23266928)

It is like moving to fort knox where all you needed to do was change the lock on your doors.

No, I think it's more like moving to a gated community vs changing the lock on your doors every day or two.

Re:I know why. (1)

WNight (23683) | more than 5 years ago | (#23267388)

Because the lock failed to provide security before. Replacing it with a nearly identical part isn't going to do much in the long run.

Re:I know why. (1)

sir fer (1232128) | more than 6 years ago | (#23273506)

Yeah but which improvement is harder to overcome? And I'm not sure your average Linux box is like Fort Knox either...if 90% of the world used unix-based o/ses there'd likely be a spitload of malware for them too.

Linux isnt always the silver bullet (1)

TiggertheMad (556308) | more than 5 years ago | (#23265018)

People finally switching to Linux.

Well, one can hope.


You realize that if the entire world switched to *nix tomorrow, you would have almost the same level of virus, spyware, and malware infections, right? The botnets would still exist, and probably in the same numbers you are seeing today.

It will probably ruffle some feathers, but the problem isn't MS products, its user knowledge and ability. While MS has produced some craptacular software, most of the problem is people using computers that don't have a clue what they are doing.

Millions of idiots using MS == rampant botnets. Millions of idiots using *nix == rampant botnets. Be glad they aren't switching, it is keeping your boxxen safer through obscurity. Half the reason *nix is so 'secure' is because it is more daunting for idiots to use.

Re:Linux isnt always the silver bullet (1)

Monsuco (998964) | more than 5 years ago | (#23265486)

Half the reason *nix is so 'secure' is because it is more daunting for idiots to use.
Yes, I am sure it has nothing to do with decent user permissions and holes being patched quicker.

Re:Linux isnt always the silver bullet (0)

Anonymous Coward | more than 5 years ago | (#23265864)

"Yes, I am sure it has nothing to do with decent user permissions" - by Monsuco (998964) on Thursday May 01, @01:30PM (#23265486) Homepage
Linux distros, by default, are no more "decently secured" outta the box/oem stock than Windows are!

Stock setup on both (via BOTH Linux &/or Windows default security policies), relatively suck. In fact, your own Bert64 (a slashdot poster no less) helped PROVE that much, & w/ an SeLinux bearing LINUX distro no less (i.e.-> BOTH Linux and Windows score around 47/100 oem stock outta the box on the multiplatform CIS Tool).

Proof? See here:

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun" to do, via CIS Tool Guidance:

http://www.tcmagazine.com/forums/index.php?showtopic=2662 [tcmagazine.com]

----

Thus, with THAT proof aside (via screenshots w/in the very first post there, of BOTH Linux & Windows test results on CIS Tool (both after security tuning & also non-security hardened stock as well))?

I wish you /. ignoramuses would cease your stupid "F.U.D." anti-windows campaigns, because I hate to tell you this - it's too essy to make you look stupid for doing it.

---

"and holes being patched quicker." - by Monsuco (998964) on Thursday May 01, @01:30PM (#23265486) Homepage
Yea, and TONS MORE HOLES than Windows does by far as well. Maybe they patch faster, but they have to patch 10x as many holes, & the funniest part is, on an OS that does 1/2 of what Windows can & DOES do because Linux runs only about 1/2 the hardwares peripherals AND SOFTWARES than Windows does (plus Windows also maintains largely nearly perfect backwards compatibility with older MS OS' softwares (all the way thru DOS + Win3.x wares, thru those for Win9x as well).

Linux vs. Windows? No contest on TOO many levels (& Linux is not the winner, market share alone shows that much).

Re:Linux isnt always the silver bullet (0)

Anonymous Coward | more than 5 years ago | (#23266358)

Are you paid to post that junk or are you just an idiot?

LOL, is that the "best" you've got? Apparently! (0)

Anonymous Coward | more than 5 years ago | (#23268814)

"Are you paid to post that junk or are you just an idiot?" - by Anonymous Coward on Thursday May 01, @02:34PM (#23266358)
Oh, hey everyone: Look @ the "linux monkay", unable to reply w/ facts... lol!

& actually, to answer your question cretin?

Very recently, this year, @ PCPitstop, I was paid ($100 January winner) for that exact same content...

Again, proof? Search "Alexander" on this page:

http://pcpitstop.com/news/winners.asp [pcpitstop.com]

or "APK", here:

http://forums.pcpitstop.com/index.php?s=704769b8ca8503ffe4f5c3aaa65fe11a&showtopic=152256 [pcpitstop.com]

(How STUPID do you feel now?)

Now, I am simply going to ask YOU the same: Have YOU ever been paid for anything online you've written, & actually have people thank you for it, because it works?? Big deal if YOU have, because that??? That which I put up above is only a small sample, because my name's in commercial wares out there, chumley... is yours????

Re:Linux isnt always the silver bullet (1)

marcansoft (727665) | more than 5 years ago | (#23266516)

That's the other half.

Re:I know why: Rather perhaps, I do (& not LIN (0)

Anonymous Coward | more than 5 years ago | (#23265232)

OR, users of Windows applied this:

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun" to do, via CIS Tool Guidance:

http://www.tcmagazine.com/forums/index.php?showtopic=2662 [tcmagazine.com]

(At over 70,000 views strong to date, from Dec. of last year to date, I'd say it's a safe bet that my assumption is quite true)

Two birds, one stone (1)

MikeRT (947531) | more than 6 years ago | (#23262766)

It would behoove people to leave their computers off overnight unless they have a compelling reason for leaving them on. Not only does it waste electricity, it also enables many computers to be used as spambots. If instead of banning incandescent light bulbs, Congress had told the American people to turn off their computers overnight, we would have been able to take out two birds with one stone.

Re:Two birds, one stone (2, Interesting)

MightyYar (622222) | more than 5 years ago | (#23262840)

I'm one of the guilty ones, and the reason is really stupid.

I run a tiny PHP application that automatically shares any photos stored in my pictures folder, so that I don't have to upload anything to get an online photo album, and I don't have to abandon the 10-year-old system I have of dumping photos into directories by date/event.

A simple rsync might do it, but many of my pictures are in TIFF format from scans and collectively are too big to host anywhere affordable. Plus the little PHP script also shares video. So, I've been slowly writing a script that converts anything in the pictures folder into jpegs and THEN uploads them... but I've been working on that for quite some time now and still haven't finished.

Until then... the computer is on 24/7 :(

(I also like being able to ssh in, but that is secondary.)

BitTorrent (1)

Mental Maelstrom (1268890) | more than 5 years ago | (#23263074)

In addition to some HTTP services, i'm also seeding on bittorrent 24/7. I wonder how many bittorrent client have a "power off after downloading" feature?

Re:BitTorrent (1)

MightyYar (622222) | more than 5 years ago | (#23263306)

I keep thinking that I should get one of those cheap network appliances and run my persistent stuff from that. I doubt it'll handle on-the-fly photo conversion, but it might be worth the try.

Re:BitTorrent (1)

maxume (22995) | more than 5 years ago | (#23263358)

utorrent has a wide range of shutdown options. Shutdown when everything complete(I think this waits until the seed ratio hits 1), hibernate when complete, shutdown when downloads complete, etc.

Re:BitTorrent (1)

BrokenHalo (565198) | more than 5 years ago | (#23265452)

1), hibernate when complete...

does it aestivate during the summer months?

Re:Two birds, one stone (1)

Mad Merlin (837387) | more than 5 years ago | (#23263112)

So, I've been slowly writing a script that converts anything in the pictures folder into jpegs and THEN uploads them... but I've been working on that for quite some time now and still haven't finished.

You mean like this?

for i in *tiff; do convert "$i" $(basename "$i" .tiff).jpg; done

Re:Two birds, one stone (1)

MightyYar (622222) | more than 5 years ago | (#23263246)

Thanks, figured that part out already :) I can convert the video, too.

It also has to be smart enough to only upload things that are new or have changed, and delete things that are gone.

Re:Two birds, one stone (0)

Anonymous Coward | more than 5 years ago | (#23263566)

You mean like this?

cat >GNUmakefile <<EOF
TIFFS = $(wildcard *.tiff)
JPEGS = $(SOURCES:%.tiff=%.jpg)

.PHONY: upload
upload: $(JPEGS) clean
rsync -a --exclude '*.tiff' --delete . remote:path

.PHONY: clean
clean:
for i in *.jpg; do \
test -f "$(basename $i .jpg)".tiff || rm $i; \
done

%.jpg: %.tiff:
convert $< $@
EOF

Whitespace, due to forum constraints, is left as an exercise to the reader. (As is the proper escaping in the "clean" target.) Run with "gmake", or if you have N cores, "gmake -jN".

Re:Two birds, one stone (1)

MightyYar (622222) | more than 5 years ago | (#23263696)

That's an interesting approach. I don't have a host with rsync, but I'll have to look around.

I really only need shared hosting - any cheap rsync hosts? Have to stay below the cost of electricity :)

Re:Two birds, one stone (0)

Anonymous Coward | more than 5 years ago | (#23264822)

That's an interesting approach. I don't have a host with rsync, but I'll have to look around.

I really only need shared hosting - any cheap rsync hosts? Have to stay below the cost of electricity :)
TronicTech [tronictech.com] . 2gb for $5.95/mo. You can use rsync over ssh quite easily, which is how I manage everything through them. For passwordless logins you'll need to use public/private keys.

Nearly all providers that offer SSH access have rsync installed.

rsync -ar --delete --exclude="*.tiff" source: user@host:~/the_dir/

If you've never used ssh keys, do this:

ssh-keygen -t dsa

Either type a password or leave it blank (not a good idea, but only insecure if someone gets access to your user account). Copy "~/.ssh/id_dsa.pub" to the server as "~/.ssh/authorized_keys". Make sure "~/.ssh" is 0700 and the authorized_keys file is 0600 on the server.

If you type a password, you can authorize it with:

ssh-add

Then you don't have to enter passwords until you terminate the session. Scripts running out of cron, however, will not have access to the session.

Re:Two birds, one stone (1)

Albanach (527650) | more than 5 years ago | (#23264958)

Or you could use something like a kurobox or hacked buffalo linkstation to serve webpages. Then you'd only be powering your router and a USB/network drive overnight.

Re:Two birds, one stone (1)

MightyYar (622222) | more than 5 years ago | (#23265608)

Yeah, that might be fun too.

I'm trying to weigh that against a host. Time is probably not an issue since I'll likely blow way too much time on either solution :)

Re:Two birds, one stone (1)

barzok (26681) | more than 5 years ago | (#23263876)

rsync?

Re:Two birds, one stone (1)

MightyYar (622222) | more than 5 years ago | (#23264190)

rsync would work straight out of the box if I didn't need to convert the TIFFs to JPG and the huge MPG videos to smaller mp4s.

Someone suggested using the make system together with rsync. I hadn't thought of that, but it looks like it would first make a local copy so I'll have to weigh it against disk space usage.

And then, of course, I'd need to find a super-cheap host that supports rsync.

If flickr supported more than 90 seconds of video, I would probably just do that.

Re:Two birds, one stone (1)

WNight (23683) | more than 5 years ago | (#23267668)

Dreamhost is fairly good - they fix their problems, refund overbillings politely, respond to email. You should be able to find a "promo code" for the first year almost for free.

Re:Two birds, one stone (1)

camperdave (969942) | more than 5 years ago | (#23262880)

The bulk of computers (not to mention continuously lit lights) are in offices, not in peoples homes. They are frequently left on for virus scanning, updates, and backup purposes. Congress needs to speak to the American corporations moreso than the American people.

Furthermore, if they want us to turn our computers off, then they need to dramatically cut down the time it takes to boot up.

Re:Two birds, one stone (1)

tokul (682258) | more than 5 years ago | (#23262910)

They are frequently left on for ... backup purposes.
Wake-on-lan. Shutdown when backup is finished.

Re:Two birds, one stone (1)

RulerOf (975607) | more than 5 years ago | (#23265048)

Unless you know something I don't, Wake-on-lan isn't a very well implemented feature of corporate networks. I don't know what exists in the linux world, but in the Microsoft world, if you could marry DHCP's MAC records and the appropriate DNS records *and* make WOL (and perhaps BIOS boot order) configurable through Group Policy *and* shove it all into an MMC with AD support, I could totally see that happening.

As it stands, you can't even do something as simple as right click an MS DHCP lease and convert it to a reservation on the spot... so my wish list isn't *that* crazy :P

Re:Two birds, one stone (0)

Anonymous Coward | more than 5 years ago | (#23265980)

You can't even (AFAIK, could be wrong, wouldn't be the first time) change your IP pool without destroying all of your reservations. Many things are dead easy on Windows Server, I don't understand why DHCP is in the stone ages.
 
I'd love to use WOL for our machines but they were purchased sort of piecemeal...some of them support it, most don't. The lesson here is this kids: next time you buy a motherboard, make sure it's got WOL. Or wake on USB with an external NIC, or PCI + internal, etc. It's very nice to have.

Re:Two birds, one stone (1)

tokul (682258) | more than 5 years ago | (#23266518)

It does not depend on OS. Wakeonlan depends only on hardware. I am doing backups that way, because I am too lazy to watch how hundreds gigs of data are backuped after working hours. It takes hours even on gigabit network.

"Leave computers turned on" policy fails to eliminate most vulnerable part of backups. Human factor.

Re:Two birds, one stone (1)

RulerOf (975607) | more than 6 years ago | (#23279488)

WOL is a hardware function, true, but it'd be much nicer to browse an AD OU, right click a computer, see if it is online, and if it isn't, see if it's at least plugged into the network, and then WOL it with a button in a contextual menu. Currently, if you want to WOL a machine on a network, you have to look it up its MAC address in a DHCP console, and use a third party program to wake it.... Plus, I think it would need to be on the same subnet as the WOL broadcast... my point is that full scale WOL across a domain or multiple forests sounds like a real pain is the ass and doesn't really integrate well with Windows and AD DS.

Now if I could do something like "WOL.exe boxinacloset.domain.com," we'd have something quite useful indeed.

Re:Two birds, one stone (1)

maxume (22995) | more than 5 years ago | (#23262940)

You just accidentally implied that Congress should make our computers boot faster.

Re:Two birds, one stone (1)

tepples (727027) | more than 5 years ago | (#23263042)

You just accidentally implied that Congress should make our computers boot faster.
Wouldn't that fit into the "Energy Star" program?

Re:Two birds, one stone (1)

Shados (741919) | more than 5 years ago | (#23263034)

Sleep and/or Hibernate, depending on usage. Computer usuable within -seconds- from hitting the switch. Power usage minimal (or none).

Re:Two birds, one stone (0)

Anonymous Coward | more than 5 years ago | (#23263142)

The last time we checked, the Dells at work still consumed 20-25W when they were completely turned off. So you really need to completely kill the power on the circuits they are connected to if you want to have no power usage.

Re:Two birds, one stone (1)

freemywrld (821105) | more than 5 years ago | (#23264648)

I remember a time when the university my mom works at started telling everyone to leave their computers ON to save power. The issue (this was many a year ago so certainly some things have changed) then was that booting up took more power.
I think another thing to consider is the enormous strain on the grid at 8am when everyone shows up for work and starts booting up their computers. Leaving computers on, but turning off the monitor and turning out the overhead lights would make a difference, as well as keeping machines that are rarely used powered down (as well as their power strip, if possible) until they are needed.

Re:Two birds, one stone (1)

GooberToo (74388) | more than 5 years ago | (#23265166)

Congress needs to speak to the American corporations moreso than the American people.

You are correct, but that is only a drop in the bucket. Office buildings typically leave theirs lights on to ensure they use MORE energy so they can qualify for various bulk discounts. In other words, for most office buildings in the US, it is actually cheaper to use more energy than it is to conserve.

If Congress needs to speak to anyone, it's the power companies and their huge efforts to ensure corporate conservation does not happen.

Re:Two birds, one stone (1)

RulerOf (975607) | more than 5 years ago | (#23264844)

/agree

I started shutting my machine(s) down whenever I'm not using them for more than an hour or so, and the savings on the power bill are enormous.

I also think the ban on incandescent bulbs is ridiculous, because TCO on incandescent vs. CFL is obvious to just about anyone, meaning simple economics could solve what congress decided we needed a bill to do instead. Furthermore, there are very, very simple things that incandescent bulbs can do that CFL's *never* will. Working properly with a dimmer is one very simple example.

Re:Two birds, one stone (1)

michrech (468134) | more than 5 years ago | (#23265180)

There are CF bulbs that work properly with dimmers. They are usually slightly more expensive than a non-dimmer CF bulb, but they exist.

/agree

I started shutting my machine(s) down whenever I'm not using them for more than an hour or so, and the savings on the power bill are enormous.

I also think the ban on incandescent bulbs is ridiculous, because TCO on incandescent vs. CFL is obvious to just about anyone, meaning simple economics could solve what congress decided we needed a bill to do instead. Furthermore, there are very, very simple things that incandescent bulbs can do that CFL's *never* will. Working properly with a dimmer is one very simple example.

Re:Two birds, one stone (1)

RulerOf (975607) | more than 6 years ago | (#23279520)

There are CF bulbs that work properly with dimmers.

I was kind of half-truthing that, I know that dimmable CFL's exist, but from what I understand, they suck. A lot. :P

Re:Two birds, one stone (1)

ConceptJunkie (24823) | more than 5 years ago | (#23268562)

Don't worry, mercury poisoning will kill us all off before anyone realizes how stupid that ban is.

Congress's unintended consequences are getting ridiculous. I find it hard to believe they can even pretend they are acting in the interests of this country and its citizens. These days, when Congress "fixes" a problem, we are lucky indeed if they don't make it worse.

Re:Two birds, one stone (1)

witherstaff (713820) | more than 5 years ago | (#23267242)

Some /. article about Hard Drives recently had a comment that mentioned thermal fluctuations from power cycling led to a decrease in life span. I have no idea if this is true or not, there was no FA to RT concerning the post.

Besides, how can I help find aliens if I can't let my seti work overnight as a screen saver?

Re:Two birds, one stone (1)

stephanruby (542433) | more than 6 years ago | (#23271738)

It would behoove people to leave their computers off overnight unless they have a compelling reason for leaving them on. Not only does it waste electricity, it also enables many computers to be used as spambots. If instead of banning incandescent light bulbs, Congress had told the American people to turn off their computers overnight, we would have been able to take out two birds with one stone.
Then what? Turn power plants off during the night. The problem is not power consumption during the night, it's excess power consumption during peak hours. Since power storage is really-really expensive, and since most power is generated 24 hours a day 7 days a week. Turning off the turbines during the night would be a waste also.

And then, there is the replacement cost of your hardware. Turning computer hardware on and off shrinks and expands different at different rates. And it's often better to leave it on always -- to keep the temperature more constant.

first post (0)

Anonymous Coward | more than 6 years ago | (#23262776)

first post

Re:first post (0)

Anonymous Coward | more than 5 years ago | (#23263858)

YOU FAIL IT

Wouldn't its original size be 1? (0)

peipas (809350) | more than 6 years ago | (#23262792)

I assume that means the remaining .05 computer is running DOS 5.0 and programmed using QuickBasic.

I'm so funny (0)

Anonymous Coward | more than 6 years ago | (#23262798)

(insert witty comment about 'eye of the Storm' here)

Are you kidding me? (1)

zappepcs (820751) | more than 6 years ago | (#23262834)

All this means is that the number of computers that are showing the world that they are infected has decreased.

For all we know, Storm has begun morphing and is not being detected in as many computers. There is nothing that says Storm can't be replaced, or hasn't been.

No car analogy, but this is like saying that the number and frequency of active earthquakes is down to 3% of average for this time of year. WTF

I'm not saying that we should see more Storm bots, just that not seeing them does not mean they are not there.

Re:Are you kidding me? (1)

Thelasko (1196535) | more than 5 years ago | (#23263896)

There is nothing that says Storm can't be replaced, or hasn't been
...by Kraken
There, fixed it for ya!

I believe you are 100% correct. Storm "subsides" just as this "new" botnet appears. The botnet operator just upgraded to version 2.0.

Re:Are you kidding me? (0)

Anonymous Coward | more than 6 years ago | (#23271764)

Although Kraken seems to be easier to "crack" than stormbot was, can't be arsed to find the link now..but Google "owning Kraken" or something like that and theres a cool article with a pretty video of Kraken being pwned. interesting stuff.

Storm may be gone, but don't forget about Kraken (1)

sshuber (1274006) | more than 5 years ago | (#23262848)

Storm had a good run but I'm sure eventually fixes will be found for all of these botnets. It's kind of like drug dealers and our war on drugs. We go out and shut down a smuggling/selling ring only to have another pop up in its place to take over that market we shut down. It's the same thing with botnets, as we shut down things like Storm another will pop up in its place, i.e. Kraken. As long as there is a demand for malicious use of these botnets, there will always be a supplier.

Re:Storm may be gone, but don't forget about Krake (0)

Anonymous Coward | more than 5 years ago | (#23266688)

I agree. /offtopic
Basically i was hoping microsoft would publish the correct checksum of all files. It would be easier to see if you had compromised machine(s).

Fools... (0)

Anonymous Coward | more than 5 years ago | (#23262860)

It's just the eye of the storm!
Find cover while you can!

Evolutionary Arms Race (1)

Silver Sloth (770927) | more than 5 years ago | (#23262928)

All this is hardly surprising - there is a straightforward evolutionary arms race between the black and white hats. Faster cheetahs mean faster gazelles and vice-versa. Ironically, although I am no fan of any form of malware, there is a positive aspect in that necessity is the mother of invention. The rise in computing 'exteligence' - to use a term developed by Terry Pratchett - that is a direct result of the need to either overcome the rise in malware, or, alternatively overcome the rise in protection, is quite impressive.

Designed? Arms Race (1)

PRMan (959735) | more than 5 years ago | (#23264674)

Isn't this an Intelligently Designed arms race? I mean, it's not as if random code on one computer suddenly because a self-replicating botnet or anything. Someone did design it.

Never seen the data (1)

mapkinase (958129) | more than 5 years ago | (#23262978)

I have never seen a particular example of a machine taken by Storm or the type of work done on that machine: server? some forgotten old machine in the corner of the big office?

Is there an analysis of typical owner of such machine?

Re:Never seen the data (0)

Anonymous Coward | more than 5 years ago | (#23263284)

Maybe it's a hoax!

Re:Never seen the data (1)

prshaw (712950) | more than 5 years ago | (#23265744)

Since Storm was spread through social engineering it stands to reason that the machines taken over by it are machines with active users at the keyboard reading email.

It was spread by sending massive numbers of email asking a user to click on a link that would install the program. It was not a true 'worm' that could spread by itself, it required the user to actually click on a link in an email, and then say run the program.

Why did it spread so much? They picked timely, and valid, subjects. Around holidays the link said it was to an online greeting card, we all have family members that send those so if we reconize the from email we think it is safe. Some were said they were about the major news story of the day, same thing, people clicked on them.

So the typical machine has a user that clicked on a link in an email and ran a program that it asked them to read.

Re:Never seen the data (1)

mapkinase (958129) | more than 5 years ago | (#23265930)

Thanks for the answer, but I still feel unsatisfied. I guess I needed the answer that could help me to "visually generalize" the type of people who do things like that, so I can visually spot them on the pedestrian crossings and run them over.

Easy Solution (0)

Anonymous Coward | more than 5 years ago | (#23263224)

If you are an ISP, block all Microsoft Windows computers.

Want to be able to connect to the internet? Stop using an operating system that pees in the pool.

Re:Easy Solution (0)

Anonymous Coward | more than 5 years ago | (#23263444)

and watch your subscriber base go down to >5% of what it originally was... i don't think companies want go bankrupt overnight jackass..

Victory or Defeat? (2, Interesting)

MozeeToby (1163751) | more than 5 years ago | (#23263434)

Is this really a sign of victory or defeat? If the article had said that storm decreased to 5% its largest size because of such and such efforts it would be a victory but it doesn't say what caused the reduction. It seems to imply that Storm is being removed by other malicious software, not the efforts of researchers.

For all we know this is just the operators of Storm paring down the system to a more usable, less scary size or hibernating large portions of the network so that if a bot killer is implemented they still have 95% to recover. It could also be the "selling off" that everyone was talking about earlier except instead of selling the botnets power they actually sold off access to the computers themselves (We'll open the backdoor to install your software then remove ourselves so you have freedom to act). Unless they can find a good reason that the network is shrinking this actually makes me more nervous, not less.

Re:Victory or Defeat? (1)

sshock (975534) | more than 5 years ago | (#23263714)

It seems to imply that Storm is being removed by other malicious software, not the efforts of researchers.
When the article says "new malicious software removal tools", I think it refers to something like Microsoft's Malicious Software Removal Tool, not other malicious software.

Re:Victory or Defeat? (1)

kasot (1274250) | more than 5 years ago | (#23263862)

That's what I'm thinking too. Storm were getting too much attention, so the owners portioned it. Nobody needs a 2 million botnet (unless you're taking down Google or a whole country). A 100k botnet is likely to be able to take down any website, and is capable of sending out massive amounts of spam. So they may be renting out some of these or selling them.

Re:Victory or Defeat? (1)

gad_zuki! (70830) | more than 5 years ago | (#23264114)

This was done with MSRT via patch tuesday. Some details here:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9080958 [computerworld.com]

MOD Parent UP (1)

PRMan (959735) | more than 5 years ago | (#23264718)

If we can actually bring ourselves to praise Microsoft for something they did right.

Re:Victory or Defeat? (1)

Tofflos (942124) | more than 5 years ago | (#23269380)

it doesn't say what caused the reduction
It's mentioned in the first paragraph of the article and then again in the second sentence of the Slashdot summary. Here it is again so you don't have to scroll all the way up to the top:

malicious software removal tools aimed at removing Storm infections were responsible for the sudden reduction in Storm-infected computers

Re:Victory or Defeat? (1)

Stan92057 (737634) | more than 5 years ago | (#23269612)

"The Storm botnet decreased to just five percent of its original size during April, but overall web-based malware levels increased by 23.3 percent, new monitoring data reveals. MessageLabs' Intelligence Report for April 2008 said that new malicious software removal tools aimed at removing Storm infections were responsible for the sudden reduction in Storm-infected computers." Its the first paragraph

Give Microsoft Credit (0)

Anonymous Coward | more than 5 years ago | (#23263638)

"MessageLabs' Intelligence Report for April 2008 said that new malicious software removal tools aimed at removing Storm infections were responsible for the sudden reduction in Storm-infected computers." - oh, I guess they mean:

"Microsoft has flushed about 200,000 computers clean of Storm since September, according to Anstis. "

http://www.pcworld.idg.com.au/index.php/id;593529606 [idg.com.au]

The Simple Fix (1)

crossmr (957846) | more than 5 years ago | (#23263864)

It seems to me that the simple fix still remains out there yet no one wants to do it.
If we can detect the size of the botnet, it stands to reason you can probably identify which machines are part of this botnet by watching their traffic patterns. Any responsible ISP should immediately block the service of any customer whose machine appears to be a part of this botnet (with a very simple process to demonstrate that its not in the case of a false ID and/or that you've cleaned your machine). ISPs should then turn around and refuse to handle the traffic of any ISP who won't take this kind of corrective action. A list could then be published of which ISPs have taken a firm stance against harmful botnets and ones which haven't. Consumers would then follow to the responsible ISPs, and those ISPs which regularly found themselves harbouring spammers, etc and doing nothing about it would find their ability to operate severely limited. Spammers using botnets would also find their ability to peddle their crap limited as the industrialized world would stop allowing them to operate and accepting any mail from the few ISPs that still catered to them.
If there was some kind of non-government ISP monopoly in a country that was irresponsible it would become a very attractive market for an outside party to start a responsible one and steal their legitimate customer base.

Re:The Simple Fix (1)

nyctopterus (717502) | more than 5 years ago | (#23267522)

It's a simple fix, and also a stupid one. This would cripple the internet, and make people furious with their ISPs (I, for one, would immediately switch providers if they blocked my access under such a pretext). ISPs that did not take such action would gain a huge market share, and you'd be back where you started.

And, seriously, the internet works: the web works, email works--we don't need draconian measures to stop botnets. They're the cost of doing business.

Re:The Simple Fix (1)

crossmr (957846) | more than 5 years ago | (#23267700)

The internet is a community. Not your personal playground. If you're part of the community and your machine has be compromised to cause damage to other people who are part of that community there is no good reason that you can give for why you should be permitted to be part of that community until you fix your machine.

If you have the technical knowledge to be partaking in an activity that might resemble botnet behaviour, you'd also be smart enough to to let your ISP know of this and they could flag your machine as a non-concern. They key would be ensuring that any false positives were dealt with very quickly.

The inconvenience a user might experience over a potential false positive is far less than they might experience from a deluge of spam, worms, and dos attacks that originate from botnets. As time progressed the system would only improve and eventually it would move to a maintenance mode. As botnet operators found their ability to operate effectively essentially cut off, their business would dry up and there would be no reason for them to operate any more.
 

Re:The Simple Fix (1)

IonOtter (629215) | more than 5 years ago | (#23269310)

You have to keep in mind that ISP's don't deal with "techies", since most techies are savvy enough to fix 99% of their own problems.

What they have to deal with are the clueless users, grandmas and busy people who have neither the time nor the inclination to understand anything other than point-and-click.

And those clueless users comprise nearly 90% of their userbase.

Cutting off those clueless users would be tantamount to corporate suicide. Much like British Telcom found out back in 2001 with the outbreak of CodeRed? They tried your "simple fix" and lost thousands upon thousands of customers, when every clueless user was shut down.

Unfortunately BT was just as clueless. They wouldn't reconnect you until your machine showed up as clean on their network, and you couldn't clean your machine until you got the update. You couldn't get the update until you connected to the net to download it.

Quite typical for British customer service, but there you go.

Re:The Simple Fix (1)

crossmr (957846) | more than 6 years ago | (#23274524)

That's kind of my point. Since most of the users aren't technical any activity that looks like a botnet is probably a botnet.

As for BT they failed because they were a lone wolf. Users had alternatives. This has to be a universal fix. Users will be lazy if you give them the chance. If they have nowhere else to go they'll fix their machines. Have a blitz campaign on phishing and malware under the pretext that the new rules would be coming in X days, weeks, whatever.
It wouldn't be much for most ISPs to set up a page with simple instructions to popular, and free scanning and cleaning tools.
Since ISPs can do basically whatever they want with your traffic it would also be nothing for them to redirect all your traffic to that page with locally hosted files in the event that you were blocked. Since they already check if you have their service based on MAC address, it would be nothing to throw you in to 1 of 2 access lists. The regular list, or a second list where all of the users traffic is blocked except for that directed to webserver to access cleaning applications.

This would be a pretty painless way for users to quickly download the cleaning applications if they didn't have them, scan, clean and then get back online.

We're talking about putting any kind of malware vendor who relies on botnets or malware which attacks others out of business. This isn't just some "wouldn't it be neat" idea. Its also something these guys really couldn't get around. They might be able to trick some virus software, but when the ISP has shut off your communication, you're done.

The size of skynet (1)

Peaker (72084) | more than 5 years ago | (#23264402)

What's the updated size of Skynet now?

Re:The size of skynet (1)

bananoid (1282610) | more than 5 years ago | (#23265434)

it won't matter once the memristors are in place
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?