Invasion of the Computer Snatchers

[dalek]

This is a very interesting article about Botnets and those that use them to take control of 1,000's of PC's.

In the six hours between crashing into bed and rolling out of it, the 21-year-old hacker has broken into nearly 2,000 personal computers around the globe. He slept while software he wrote scoured the Internet for vulnerable computers and infected them with viruses that turned them into slaves.

Now, with the smoke of his day's first Marlboro curling across the living room of his parents' brick rambler, the hacker known online as "0x80" (pronounced X-eighty) plops his wiry frame into a tan, weathered couch, sets his new laptop on the coffee table and punches in a series of commands. At his behest, the commandeered PCs will begin downloading and installing software that will bombard their users with advertisements for pornographic Web sites. After the installation, 0x80 orders the machines to search the Internet for other potential victims.

Rest of the Article

[karmine]

hes still no zero_cool.

[brokencrow]

I've been onto botnets since the Sobig virus in '03, which was determined to have originated from a woman's computer turned botnet in B.C. At the time, I found it stunning that one of the world's fastest spreading viruses could have such lowly origins as a single home PC belonging to a clueless user. The public's got no clue what a botnet is, or that they might even have one in their home or office.

The question that burns me now about botnets is...how many Linux or Apple boxes have been turned into botnets? Not many, not many at all is my guess.

And in the whole scheme of things, 99.9% of these botnets are probably Windows machines. And that's probably a conservative estimate. A 100% is probably closer to the truth.

Viewing the whole of the internet as a network, Microsoft Windows offers vulnerabilities no other OS can offer.

[JonnyFrond]

It is very interesting as a newbie learning about this stuff to find how there are different ways to attack computers. This to me I thought was kind of what a lot of viruses and malware gets onto the internet in the first place.

So is this one of the latest new threats to become popular as a way of being a pain in the butt, or has it been around for a long time and the article just wandered past you Darlek?

The Frond Inquisitor

[dalek]

Originally posted here by JonnyFrond
It is very interesting as a newbie learning about this stuff to find how there are different ways to attack computers. This to me I thought was kind of what a lot of viruses and malware gets onto the internet in the first place.

So is this one of the latest new threats to become popular as a way of being a pain in the butt, or has it been around for a long time and the article just wandered past you Darlek?

The Frond Inquisitor

Botnets

Botnets have been an issue for the past few years; the first botnets of any size were first sold on the computing black market in 2002. The number of botnets has increased proportionally with the number of Internet users has grown and the number of vulnerabilities detected in Windows.

Today, the term botnet is used to refer to any network of infected computers that is controlled by a single (malicious) remote user. Initially, infected computers were linked via an IRC channel and received commands from the remote user via IRC, and this is still the most popular way of controlling botnets from a single central point and is used by the Agobot, Rbot and SdBot families, which are the most common malicious bots. They all penetrate victim machines by exploiting common vulnerabilities in Windows. Malicious bots usually exploit the RPC DCOM and LSASS vulnerabilities, but there are bots that exploit as many as 8 vulnerabilities simultaneously. Modern bots also use password generation algorithms/techniques to penetrate shared network resources.
The term botnet refers to a network of infected computers that is controlled remotely by a single malicious user.

July 16 2003, the day the RPC DCOM vulnerability was detected in Windows 2000 and XP, was a decisive day in the history of contemporary botnets. In January 2004, Email-worm Mydoom placed a second cornerstone in today's botnets . Mydoom would open a single port in the range between 3127 and 3198 which gave anyone access to the infected system. Mydoom was also able to download files from the Internet and launch them.. A special 5-byte combination provided access to the backdoor, and other virus writers quickly discovered and began using this hole. The Internet was flooded with worms attempting to penetrate computers already infected by Mydoom. Virus writers also wrote scanners that allowed potential controllers to search computers for the Mydoom backdoor component: if the backdoor was detected, the new controller would drop and execute new malware on the infected machine. At the height of this outbreak, infected machines were passing from controller to controller several times a day.

The critical LSASS vulnerability, first detected in April 2004, was the third key factor in the increase in botnets. Sasser infected a large number of machines via this vulnerability, leaving potential zombies in its wake. Virus writers immediately seized this opportunity and began using Sasser-infected machines, as well as the LSASS vulnerability, to extend their reach.

Researchers estimate that the number of zombie machines in botnets increases by 300,000 to 350,000 every month. The total number of zombies is estimated at several million. All of these infected machines are being actively used by cyber criminals as spamming platforms in order to make money. Botnets can also be used in DoS attacks and to spread new malware - such threats often lead site owners to pay cyber criminals not to attack their sites. Botnets are also used to mail out more and more new Trojans that harvest and send banking information to the controller. Today, virus writers from Brazil dominate this area of cyber crime.

Botnets are the greatest threat to the Internet as we know it. They stimulate the creation of new malicious programs as they require constant refreshment, both in terms of new malware and new zombie machines to extend the network. Detection and prevention of botnets should be a priority for both the IT industry and end users, since the future of the Internet depends on coordinated action now.

Virus List

No.... I caught this article, and found the part that was interesting is how prevalent it is still today, and how easy it is for someone to get involved, as well as the amount of uneducated users out there who don't even realise they have become one of the "Zombies"....

[westin]

I remember as early as 2001 [possibly earlier] hearing about thousands of PC's being infected with software that would run a massive DDoS attack upon the 'bot-masters' request... [kind of the same idea] ... as far as creating a bot-net to download spyware/malware etc... I am not sure how far it dates back.

[Deeboe]

Wow, that is a very good article actually. One thing that struck me as funny though:

He says his work earns him an average of $6,800 per month, although he's made as much as $10,000.
...
Now, with the smoke of his day's first Marlboro curling across the living room of his parents' brick rambler, the hacker known online as "0x80" (pronounced X-eighty) plops his wiry frame into a tan, weathered couch, sets his new laptop on the coffee table and punches in a series of commands.

This jerk is making an average of $6,800 a month and still lives with his parents?

One thing I will never understand about these types of people is the fact that they are smart as heck on a computer, but dumb as a rock in everything else.

Good article though. Thanks Dalek!

-Deeboe

[JonnyFrond]

That is well interesting, I think this is what happened to my computer, and I just only discovered it clearing off a browser hijacker.

So in this case, browser hijackers and the like, are actually not good for the cyber crime element as they force you to clean out your computer just by (well certainly in my case) preventing use of the default browser; and lets face it, most people that I know only use a computer really for the internet, or internet things. I know only a small handfull who have computers that are not online, and they are usually musicians.

It starts to make me wonder what the ethics are of some malware writers. I definitely think there are mavericks out there who have the attitude of "can I make you take notice of your security".

Nicely posted Dalek.

Inspector Frond

[Dr.PooP]

This jerk is making an average of $6,800 a month and still lives with his parents?

One thing I will never understand about these types of people is the fact that they are smart as heck on a computer, but dumb as a rock in everything else.

Ummm... he's living pretty much tax free and from the sounds of it the rent ain't that bad neither.

[illischillis]

He doesn't have any ethics. he feels that you wouldn't leave your front door to your house open because someone would come and snatch your TV, and your comp. for that matter. So you wouldn't leave the front door of your comp. open by not proberly securing it. Problem is, there's no fine line between an open and fully shut door for your comp. At least I can't really tell.

Its a jungle out there