Zombie PCs being sent to steal IDs

[SDK]

Bot nets, collections of compromised computers controlled by a single person or group, have become more pervasive and increasingly focused on identity theft and installing spyware, according to a Honeynet Project report.

The report, released on Monday, summarizes the findings of researchers who have tapped into more than 100 different bot nets since last summer. Some of the networks were made up of more than 50,000 computers, said the Honeynet Project, a security group that sets up heavily monitored systems, or honeypots, and allows them to be attacked.

While many of the networks had been used to hit other bot nets with denial-of-service attacks, others had been used to gather sensitive identity information and install adware and spyware, a practice that is increasing, said Thorsten Holz, a computer science research student at RWTH ****** University of Technology in Germany and one of the primary authors of the paper.

"Our research shows that some attackers are highly skilled and organized, potentially belonging to some well-organized crime structures," Holz, a member of the Honeynet Project, wrote in the paper. "Even in unskilled hands, it should be obvious that bot nets are a loaded and powerful weapon."

Over the past year, security experts have become increasingly wary of bot nets. Once used mainly by online vandals to attack each other, the large networks of compromised computers are now a tool for groups of criminals bent on making money through identity fraud or adware installation. A person whose computer is infected with bot software runs the risk of having sensitive information such as account passwords and credit card numbers sent to the controller of the network.

A bot-net onslaught is believed to have caused an outage at Internet service provider Akamai Technologies last summer.

At least a million computers worldwide are unwitting hosts to bot software, Honeynet researchers calculate--but that's a conservative estimate, Holz wrote in the report. A typical bot could be connected to 10,000 other computers, use the old-school Internet chat system--known as IRC--for command and control, and have a plug-in architecture that allows new features to be quickly added, he noted.

The report also describes how the researchers monitored the bots and intercepted communications. The Honeynet Project plans to release the software programs it developed to the community at large.

Some interesting applications of the malicious networks have been noticed by researchers, Holz said in an interview. In one case, bot software detected whether the game "Diablo II" was installed on the host PC. If the game was present, the program would steal items from the player's characters and drop them at preplanned places in the online game world. The bot net's controller would then collect the items and sell them on auction site eBay, Holz said.

"It was pretty clever and hard to detect," he said.

Future bot nets will likely move to peer-to-peer communications, which are harder to intercept and shut down, Holz said. Moreover, there is a trend toward smaller numbers of bots in each network--a measure that makes the collection of compromised computers that much harder to detect, he said. While a network of 3,000 to 8,000 computers is harder to detect than one of 20,000, it can be as damaging, he added.

"Even those small bot nets can cause much harm, especially if the compromised machines have good Internet connectivity or are located within interesting places," Holz said.

Source : http://news.zdnet.com/2100-1009_22-5616202.html

20,000 computer a click away! Scary!

[TheSpecialist]

Future bot nets will likely move to peer-to-peer communications, which are harder to intercept and shut down, Holz said. Moreover, there is a trend toward smaller numbers of bots in each network--a measure that makes the collection of compromised computers that much harder to detect, he said. While a network of 3,000 to 8,000 computers is harder to detect than one of 20,000, it can be as damaging, he added.

There has already been p2p based botnets for many, many, many, many years now. Its just that no one took notice to it intil one thousand Agobot variants later and this guy says the above. Good god, what a dick-head.

[The Duck]

What surprises me most is how many people still don't use an updated AV, or even have one!

[TheSpecialist]

What surprises me most is how many people still don't use an updated AV, or even have one!

I don't use anti-viral programs at all. Big deal... its a waste of time, money, space, & performance. Im surprised how many people like you are brain-washed by these companies into some twisted belief that these programs are actually usefull for anything but dumb'in down clean-up for the clueless.

[Kite]

I have computer-ignorant parents that arent smart enough to avoid getting hit with viruses and other malware, and since I am forced to use the same computer an anti-virus/spyware killer program is very usefull. But thats just my opinion.

[TheSpecialist]

I have computer-ignorant parents that arent smart enough to avoid getting hit with viruses and other malware

Funny, I see that as failure on your part. What are the odds that they do everything on a limited user account and have something like regprot along with something to help audit activities and keep checksums of files. Uhhh... I'd say the odds are somewhere around slim and none.

What I do is a real preventive measure though... im not just giving people a tottaly false sense that they are safe by useing firefox as a browser or installing AV software just for the sake of being redundant and cliche'.

[xierox]

Originally posted here by TheSpecialist
Funny, I see that as failure on your part.

Funny, I don't remember you championing for the education of a unknowledgable user back here...
http://www.antionline.com/showthread...0&pagenumber=1

- Xierox

[TheSpecialist]

Man... shut the hell up, Batman. At what point does that have to do with this thread or the one you've brought up.

[xierox]

Just the fact that you're criticizing Kite for something you seem to advocate.

- Xierox

[The Duck]

I don't use anti-viral programs at all. Big deal... its a waste of time, money, space, & performance. Im surprised how many people like you are brain-washed by these companies into some twisted belief that these programs are actually usefull for anything but dumb'in down clean-up for the clueless.

There are AV's out there that are free, not a waste of performance and space or time. Like AVG or Avast! for example. Now, AV's like norton, that's a different story, that is a waste of money, resources, etc.

What are the odds that they do everything on a limited user account and have something like regprot along with something to help audit activities and keep checksums of files

I don't know about you, but the average citizen does not have the time nor desire to constantly check logs and get pop up alerts everytime a registry key or value was added or edited...

I have 3 computers, 2 behind a router/firewall and avast! and a number of anti-malware programs, and another with sygate avast! and a number of anti-malware programs, and both are just fine. Every program I use is free of charge and are not system resource hogs, at least not with a 400fsb 2.4+gh cpu and 512mb ram system, havn't tried it on any computer with less performance yet...

I guess my point is, these programs will do a good job at keeping you secure, and with common sense (knowing not to download every email attachment), and everytime you install a program, check the registry after the uninstall to make sure it got all the keys and values, and of course patching your OS and update your security programs... 95% of the time you'll be fine... that's it...