Attack of the zombie computers a growing threat, experts say

In their persistent quest to breach the Internet's defenses, the bad guys are honing their weapons and increasing their firepower.
With growing sophistication, they are taking advantage of programs that secretly install themselves on thousands or even millions of personal computers, band these computers together into an unwitting army of zombies, and use the collective power of the dragooned network to commit Internet crimes.

These systems, called botnets, are being blamed for the huge spike in spam that bedeviled the Internet in recent months, as well as fraud and data theft.

Security researchers have been concerned about botnets for some time because they automate and amplify the effects of viruses and other malicious programs.

What is new is the vastly escalating scale of the problem — and the precision with which some of the programs can scan computers for specific information, like corporate and personal data, to drain money from online bank accounts and stock brokerages.

"It's the perfect crime, both low-risk and high-profit," said Gadi Evron, a computer security researcher for an Israeli-based firm, Beyond Security, who coordinates an international volunteer effort to fight botnets. "The war to make the Internet safe was lost long ago, and we need to figure out what to do now."

http://www.nytimes.com/2007/01/07/technology/07net.html?ex=1325826000&en=cd162d550cd204c8&ei=5089&partner=rssyahoo&emc=rss

One more damned crisis unfolds.

Work I program



and at home I use

You probably are smart enough not to go clicking willy-nilly on every popup and link within e-mail and IM messages. A great portion of Internet users are NOT like that. A neighbor of mine actually said, "if it has my name in it, then this person knows me! I have to click!"

I also have a Windows aprtition I use occasionally (the license came with the used laptop I bought) and I boot it up fairly often for work purposes. I also am clean, but I have no illusions this is because of Windows' security or even the antivirus.

this the golden age because so many people have such complex equipment that they can't use. Hackers just drive around in vans looking for SSIDs the say defaults like "Linksys", and then just hack into that persons computer and grab their bank accounts.

Plus, zero-day nasties for Mac (and Linux) do exist. And their antivirus utils aren't exactly "there" yet.

Even with people I know who send me stuff, I scan it first. They may have clicked on something from somebody they do not know.

...but even I know not to open email from stuff I didn't ask for and people I don't recognize.
I also ask people when they email me for the first time to please identify themselves in the subject line..."It's ______, don't delete!" After the first one, I'll recognize the address.

I think my record for mass simultaneous unsolicited email deletion is 37 at once right now...
left-click and shift, DELETE and presto! All gone...:)
My pop-up blocker has caught four already today, and I've NEVER accepted an IM from an unknown sender...
I do so appreciate my IM catcher. :loveya:

:)

Open source could certainly quell this sort of stuff.

I'm running Parallels with VMs of Windows XP and Ubantu Linux. Have you tried running Linux under OS X?

(I just upgraded my Mac Pro to 6 GB of RAM and added two 500 GB SATA-III drives. I'm giddy with power!)

Unix guys have heard of Unix root-kit viruses I'm sure. No one is safe, and root-kit viruses are much harder to remove than Trojans! If Unix ever becomes popular among the unwashed, watch out!

We're well aware of them. :)

But I'm running OS X which is a nice GUI atop (basically) a FreeBSD system. And since the internet(s) is largely run on the backs of *nix servers and they haven't gone down, I'm not too worried.

and dynamic link libraries. I understand BSD finally has them now!

:evilgrin:

:rofl:

Old Unix hand here...

Each Unix thread package had its own syntax and semantics. Not easy to port. We at IBM knew that.

But, hey, you don't ever have to worry about Unix becoming popular with commands like these:

find /usr/src -not \( -name "*,v" -o -name ".*,v" \) '{}' \; -print

:evilgrin:
:evilgrin:
:evilgrin:
:evilgrin:
:evilgrin:
:evilgrin:
:evilgrin:

:)

That is sort of like saying Apple invented point and click windows. Apple would have been hosed if Xerox PARC had patented their stuff.

:smile:

Billy made a fortune by copying CPM and "making" his DOS.

OS/360 -> MFT -> MVT -> SVS -> MVS -> MVS/XA -> MVS/ESA -> OS/390 -> z/OS. And somewhere along the line Unix came "alive."

But I'm a youngster. My first computer was a Sinclair 1000. No disk, but you could hook it up to a cassette recorder (if you wanted to save your Basic program).

During my junior year in college I upgraded to the HP 150 Touchscreen Computer. I thought I'd died and gone to heaven! :)

DOS won hands down and has been there ever since.

:toast:

permanent memory, and a Z-80 microprocessor that was so slow that it could be used as an oscillator for AM radio waves! For my final exam, I got it to play Rocky Top.

:toast:

Just kidding. But could you imagine?

Next thing you know, we'll be talking about Heathkits!

:o

I employ my soldering station to build guitar EFX pedals nowadays.

:toast:

whatever o/s becomes the "mainstream" choice, flaws will be identified and attacked...it is the economics of scale.

if you were writing exploits, would you go after o/s's that make up 1-2-5% of the computing world or the ones that make up 70-80-90%?

then couple in the fact that the average home/consumer users have little or no sense of the concept of updates or patches, no o/s will ever be iron clad safe. believing otherwise is pure hubris.

The power of open source is the power of the multitude. (Vox populi vox os?) With a proprietary, closed source OS, you have a limited set of eyes looking at how to solve the problem.

Let's say there are 10,000 Windows hackers out there. How many people can look at the Windows source code and try to find a fix? 1,000? 10,000?

These same hackers instantly switch to *nix as soon as it gains more than half market share. How many people can look at the *nix source code and try to find a fix?

At this moment most servers on the internet(s) are running some variation of Unix. Those are big numbers yet where are the exploits that are taking them down?

Note: This is not a religious argument. I don't really care what OS anyone uses. Or mix of OSes. (I'm a slut like that; I run them all. Well, except for BeOS and that was pretty cool.)

And average/home users? Fsck them. Power tools are for power users. There are only 10 types of people in the world: Those who know binary and those who don't.

I was really fascinated by the number of spiders and worms that were hitting back from 1999 -2001. Especially, what I assume was Rove's spiders out looking for 'election complaints' that was pounding on servers already in the summer before November of '99... I've also noticed a decrease in spam whenever he's uh... occupied with some WH crisis, too back I didn't track daily numbers but hey I've had to block something like 680,000 spam messages since then.

Yes, they are a very serious problem, but the phrase "zombie computer" still brings to mind "Night of the Living Dead." :rofl:

I want to see footage of the zombie computers! :rofl:

Any files we should be removing?

I'm r e a l l y ticked off about the emails that come in lately, that have personal information in the subject line. AND they seem to have access to details about where I shopped for christmas this year...and charged with my visa card. For each store that I shopped in and each type of item i bought....a 'gift card' email came in---with data in the subject line very closely matching my shopping pattern. (all those emails just deleted by the way_

I now use avast 4.7 anti-virus on my Windows XP. It works great, not only does it continuously protect while online,once a week I run a boot time scan to find hidden trojans. I also run Spybot and ad-aware on top of that. I will never pay for anti-virus protection as long as these are free. I highly recomend these, they work!

http://www.avast.com/index.html

http://www.safer-networking.org/en/index.html

http://www.lavasoft.de/

with Grisoft's Anti-Spyware freebie lately. I'd been using Lavasoft's AdAware SE, but the Grisoft product found things that AdAware didn't.

recommended I run spybot as well. I will check out Grisoft, I have not heard of that one before. It has been a long time since I have had a chat with my friend about spy-ware, thanks for the tip laptoprepairguy.

:toast:

of bad guys there who want your money. Get something like Norton Internet Security or some equivalent package. Stick with a big company like Norton or McAffee. This is their business.

Second, as to those emails, don't worry about them. All that they really reflect is that you visited some server of some company that recorded what web pages you looked at. To advoid this, you could use some anonymous surfing packages, but they are often slow and this recording of your IP address is really not a security problem for you. e.g., Paylees shoes knows that you like high-heels. There is almost nothing you can do about this except surf anonymously so that the IP address the server gets can't be correlated to you email address.

What this article is talking about are Trojans. These are malicious programs that sneak onto your computer piggy-backing on some other program you either download or some link that you click on. These programs can search your computer, record all of your keystrokes, etc. Norton and McAffee stop them really well and using a little common sense about not clicking on links that you don't know will go a long way.

Oh, and you can get learning anti-spam packages. I use Yahoo's and it is great. I get a hundred or so spam messages a day that I never even see. They go into a spam bucket which just gets deleted.

visit web sites for stores. and I use all those softwares you've all listed. I'm saying that somehow all of my in-store visa purchases are known/available to parties online. i.e. I bought 3 travel drives for my granddaughters....an email for THAT store came in a day later. This happened for e v e r y store I bought items in...including the big 3 electronic stores, and dept stores. It was too many store or product specific emails, coming in to my email, close to those purchases dates, to be a coiincidence.
I sell Pre-Paid Legal Identity theft protection plans. I'm very aware of keeping my info private, and I'd like to find out how/where this personal purchase info is being accessed and then converted into email contact. It's obvious it's a automated 'system' that plugs names into fields, via symbolics. Just blocking spam isn't always the answer.

give an email, or you use a credit card that is selling info to the consumer database companies, they really can't track you if you are using cash.