Botnets - Are we assisting criminals?

SilverFox

Flashaholic
Joined
Jan 19, 2003
Messages
12,449
Location
Bellingham WA
I was alarmed to read this article on Botnets. It seems that one out of every five computers is infected, and that is very sobering.

There is a discussion going on about the increase in spam in this thread. I wonder if some of these Botnets are being spread through the use of spam.

I am almost to the point of saying that if you want to pass some information to me, call me. I can deal with telemarketers, but using my computer behind my back for criminal activity seems like a low blow.

Tom
 
Last edited:

Mad1

Enlightened
Joined
May 10, 2006
Messages
711
Location
UK
Statistics are silly really. I could show you 5 computers that arn't infected.

We're assisting them but we dont know about it. The average zombie pc is someone who doesnt have the first clue about computers, or the kind of person that thinks "well I don't go on dodgy sites so I won't get infected" which is just blind igornance.

Botnets (on a large scale) would'nt even exist is people just took the 5mins to scan that file before opening it or to use a decent firewall and update the virus database.
 

BB

Flashlight Enthusiast
Joined
Jun 17, 2003
Messages
2,129
Location
SF Bay Area
The article is doing a bit of a scare job to sell anti-virus software... The quote:

[font=Arial,Helvetica] Out of sight is out of mind is the axiom that online fraudsters rely on to take money out of the pockets of their victims. According to the Panda Software website, over 20% of all home, school or office computers in the U.S. are infected with malicious code and, just to hammer the point home, most of them will never know it. This means that one in five computers in the U.S. might, at any time, turn into a higher-functioning zombie. Though computers that become zombies appear to run normally, someone else is using part of their processing power. That someone is likely doing illegal things. A medium sized network like the one broken up by RSA and Panda is 50,000 computers strong. Each zombie has its own IP address and each can be used to fully mimic human behaviours or to scan and record personal information when ordered to by its operator.[/font]

Malicious Code could be almost anything (at times, that seems to include my Microsoft Windows XP Home OS too). :ironic:

Certainly, Microsoft is not helping the situation too much right now... But since Windows is a single user (originally primitive) OS based on DOS cobbled together to run in a network environment did not make a good starting point (blame IBM?).

-Bill
 
Last edited:

eluminator

Flashlight Enthusiast
Joined
Mar 7, 2002
Messages
1,750
Location
New Jersey
I blame IBM for the stupid IBM PC. I figure people bought them because they thought all IBM products were good. Apparently Bill Gates screwed IBM out of the business, which makes me chuckle.

Windows as in Win 3.1 or Win9x was based on DOS. XP is actually NT renamed to Windows apparently to get the "Windows" crowd to migrate to it. NT was more or less based on DEC's VMS.

As far as the security holes are concerned, I guess you win the battle of the marketplace by getting there first and hope your customers don't notice the flaws for a while.

The clueless people with the zombies didn't have much choice. They weren't going to run Linux. Linux is getting pretty easy to install and use now, but it wasn't always like that.

Then there was Apple, but this post is getting too long.
 

jtr1962

Flashaholic
Joined
Nov 22, 2003
Messages
7,506
Location
Flushing, NY
While things like this are alarming the fact is that people enable these scammers by not checking email attachments, opening spam emails, clicking on links in questionable sites, downloading from questionable sites, and worst of all actually making purchases from shady retailers who employ these techniques. If the site, store, email, etc. isn't above board then just have nothing to do with it. Usually if something sounds too good to be true it is. To borrow a line I once heard in a movie: "If it wasn't for people like you forgetting to lock their foot lockers there wouldn't be any thievery in this world." This is very applicable in the online world.
 

chesterqw

Flashlight Enthusiast
Joined
May 9, 2005
Messages
1,968
Location
singapore,jurong
oh wow... like i don't gets those emails about their products and how dangerous the world is.

come on, even a cotton ball is harmful!!! you could choke on it! :p
 

SilverFox

Flashaholic
Joined
Jan 19, 2003
Messages
12,449
Location
Bellingham WA
I had to change the first link. The original was pointed to their main front page, which changes daily. The link now points to the archived article.

So, how does "pay per click" work?

As Bill pointed out, there may be some anti virus/security slant on this article. I missed the word "might" and was assuming that we were all doomed to criminal assistance... :)

Now that the criminals have discovered it and are utilizing it, it is possible to put Botnets to constructive use?

Tom
 

Monolith

Enlightened
Joined
Mar 5, 2004
Messages
746
Location
NJ
SilverFox said:
So, how does "pay per click" work?
When you click on a link, you do not go directly to the website indicated. Instead you go to an accounting website that logs the access and then redirects you to the website you originally thought you were going to. Typically, this redirection occurs fast enough that no one notices. You can, however, watch the line at the bottom of your browser and see if it is redirected. I use my computer's host file to dead-end the redirects at my computer.

Advertisers are then charged based on the number of clicks that their website has received.
 
Last edited:

js

Flashlight Enthusiast
Joined
Aug 2, 2003
Messages
5,793
Location
Upstate New York
I'm so cool, I'm running Mac OS X on my home computer. Yes, I'm just THAT cool. :)

Seriously, though, it is comforting to know that the virus/spyware/malware situation for Macs running OS X is still pretty good relative to PC's. Stuff like this is indeed very sobering.

I believe that in the future, the net will have to be completely overhauled to be much more inherently secure, and also that there will have to be built in ways to ensure the identity of those who are on it, or sending emails. Fees and charges will certainly be involved. Change will definitely happen one way or another, that's for sure.
 

h_nu

Enlightened
Joined
Jul 18, 2004
Messages
444
Location
Virginia
js said:
I Fees and charges will certainly be involved.

The people who stand to gain want us to think spam can be eliminated by charging us more for internet access. If all US ISPs blocked all email from their own networks that doesn't go through their own mailservers (or at least has a legitimate IP address) and all email coming into this country had a foreign origin header, there would be no spam. We could block it more effectively without paying extra.
 

js

Flashlight Enthusiast
Joined
Aug 2, 2003
Messages
5,793
Location
Upstate New York
h_nu said:
The people who stand to gain want us to think spam can be eliminated by charging us more for internet access. If all US ISPs blocked all email from their own networks that doesn't go through their own mailservers (or at least has a legitimate IP address) and all email coming into this country had a foreign origin header, there would be no spam. We could block it more effectively without paying extra.

I am not suggesting, recommending, or endorsing "fees". I do not stand to gain from this in any case.

And right now, what you suggest may be workable and maybe would solve the spam issue. Or maybe not?

What I am saying is that IF the internet is given a major overhaul, with a significant change of format--think beyond IP addresses and packets--THEN there are going to be more fees involved. This is not pernicious; this is a fact of life. And it WILL become necessary in the not too distant future. I'm sure of it. As the virtual world becomes more and more inportant and prominent in our lives, and as traffic and business increases at something like an exponential rate, the internet will not be able to function in its current format, and a change will be needed.

Right now, you and I are the ones paying for the spammer who sends a million emails a day. WE pay for the servers via our ISP fees. We do not send a million emails, nor do we infect a thousand other computers with bot-ware to use to send our million emails. Email is free. And spoofing emails and using SMTP servers and all of that is pretty darn easy. As long as this continues, the spammers and less than honorable internet presenses will bog down the internet with many, many times their share of traffic. At some point, the internet will no longer function.

A change will be necessary. And it will cost a lot of money. And obviously, one way or another, all users will pay a share of it.

You don't like it? That's fine. I don't care. I'm not ENDORSING IT! I'm just saying that I think it WILL HAPPEN in the next decade or two, if not sooner.
 

Codeman

Flashlight Enthusiast
Joined
Nov 26, 2004
Messages
2,690
js said:
I'm so cool, I'm running Mac OS X on my home computer. Yes, I'm just THAT cool. :)

Seriously, though, it is comforting to know that the virus/spyware/malware situation for Macs running OS X is still pretty good relative to PC's. Stuff like this is indeed very sobering.

I believe that in the future, the net will have to be completely overhauled to be much more inherently secure, and also that there will have to be built in ways to ensure the identity of those who are on it, or sending emails. Fees and charges will certainly be involved. Change will definitely happen one way or another, that's for sure.

While OS X is less vulnerable, it's not immune: http://www.kb.cert.org/vuls/id/800296 is the most recent CERT Vulnerabiity, but there's been quite a few others in the past. Mac users should actually be glad Windows is around in its current state. If Windows was even with OS X from a vulnerability standpoint, both OS would be targeted equally.

Internet V2 is in the works, Tom, for both bandwidth and security reasons. Yes, it will cost more, and may very well be fee-based. I've not seen or heard any real details nor any timeframes. What I do expect, though, is for large institutions and companies to be the primary users, while John Q. Public remains on the Internet V1, or the Wild West as I think of it.
 

Gransee

Flashlight Enthusiast
Joined
Jan 26, 2001
Messages
4,706
Location
Mesa, AZ. USA
The human body is adaptable to new code (mostly as memes) and as a result spends a significant amount of resources in combating malicious code. Per average bit of code, the human system (including its defense mechanisms) is more brilliant than any artificial system. And this will likely be the case for some time.

Usually, when an adaptation is fielded, the trend is to make it less and less adaptable (shibboleths, novelty OSs, increased operator attention, etc) until it is eventually replaced by injecting outside complexity. This produces a sawtooth plot.

As the systems get closer to parity with human complexity, less demands will be placed on the human operators to safeguard the system. The systems will then slow down or cease their rate of complexity increase.

We should get used to the idea that a certain percentage of the machine/operator resources must be devoted to defense systems. It is a fact of life. Increasingly, people/code who can't keep up will just have less meaning to the system.

This includes first; being an informed operator, and second; use the latest defense software.

Peter
 
Last edited:

Codeman

Flashlight Enthusiast
Joined
Nov 26, 2004
Messages
2,690
Even with an autoimmune-style system for the internet, there would still be problems. Throughout history, cons and thieves have always found ways around their day's technology. That will be no different in the future. As long as humans are in the loop, social engineering will always provide an "in" for malicious activity.
 

js

Flashlight Enthusiast
Joined
Aug 2, 2003
Messages
5,793
Location
Upstate New York
Codeman,

Yes. I know that OS X is not immune. That's why I put in the "relative to PC's" bit. However, I think OS X's immunity is partly due to its UNIX kernel and a design that comes locked down, with the root account disabled and share settings off, and with fewer buffer over-run exploits and the like, and not simply because PC's are easy targets. But correct me if I'm wrong!

Peter,

I'm having difficulty in understanding the internet and security issues from the perspective of the human autoimmune system analogy. Could you help me out here and give an example of what using this analogy in thinking about the future of the internet would tell us or suggest in terms of security? How on earth would an "auto-immune" style internet system work? Do you really think of the internet as an orgainic whole, as a SYSTEM, like the auto-immune system?
 

Codeman

Flashlight Enthusiast
Joined
Nov 26, 2004
Messages
2,690
Yeah, I know, Jim. There are a lot of other folks, though, who do see OS X as invulnerable. My comments were meant for those folks.

I'm going to try to answer the question you posed to Peter...

Right now, we have to have specific tools to stop specific methods of attack. When new virus are discovered, our virus software has to be updated to effectively fight them. In theory, an autoimmune system would work the same as the human version - generalized objects that could automatically detect an "intruder" (even one never seen before utilizing an attack mechanism never seen before), adapt itself to stop the intruder, and then remain in the system to stop future attacks. In other words, the defense wouldn't need to already know specifics on how to stop a specific attack. It would be able to observe the attack, know that it was an attack, figure out how to fight it, and then do so without any human intervention. For example, with botnets, as soon as a botnet was discovered, an "antibody" type curative botnet would automatically spring into action to wipe out the bad botnet. Curative botnets have been played with in lab settings, but I don't think one has ever been actually used "in the wild". Plus, there are a lot of ethical considerations to be worked out before such good botnets could be used in the open.

The closest thing we have right now is heuristic virus scanning, which is only slightly intelligent. Heuristic scanning is very rudimentary artificial intelligence that looks for known virus behaviors that aren't tied to a specific virus's signature.

Such autoimmune systems are in the theoretical stage right now, but it is believed that the internet's similarity to the human body in terms of multiple connections to objects, yielding multiple paths, will make it very suitable to such a system, if/when one becomes practical. To re-use the bad bot/good bot analogy, as soon as one computer detected a bad bot, the good bot would propogate across the internet automatically to innoculate all of the other computers.


Think of it this way. Right now, we need antivirus software to stop viruses, antispyware to stop spyware, firewalls to stop un-authorized access, and intelligent users who can defend themselves against social engineering (such as spam). And we have to constantly update all that software/hardware. In an ideal autoimmune-type system, the OS and/or hardware would be able to defend against all such attacks, and those that haven't been thought up yet, without a human having to write attack-specific software to guard against those attacks.

I think I'll shut up now. I want to hear what Peter has to say.

:popcorn:
 
Last edited:

Gransee

Flashlight Enthusiast
Joined
Jan 26, 2001
Messages
4,706
Location
Mesa, AZ. USA
Codeman said it well, if I made add some more words...

A brief comparison to human immune system:

1. Barriers

All portals (skin, respiratory, digestive, etc) have barriers in place that limit bacterial growth, impede invader movement, poisons, etc.

2. Inflammation

Body cells being attacked by marauders call for help. The cells know they are being attacked when certain parameters for themselves are not being met. When they call for help, the police show up, which are the next 2 steps.

3. Expert on self

The white blood cells, etc are adapt at recognizing cells that belong in the body. At this stage, they detect counterfeits by being experts in the original. When an invader is detected, it is remembered. The police first check the identification of the offender.

4. Memory of past invaders

When an invader is detected, it is often remembered so it can be detected more quickly in the future. In that case, the invader is compared to a known list of offenders. This can be quicker in some cases than waiting for a detail comparison to known law-abiding cells.

--

The current internet already has many similarities. Firewalls, filters, passwords and security certificates act as first line defense barriers. Computers that have been attacked call for help to central authorities that send out systems that look for known offenders and detect new offenders by contrasting them to a healthy system.

These systems can be improved but they where will always be a balance between invaders and healthy code. In the human body, the immune system has more mass than the brain. The brain also has many defense mechanisms of its own against physical and idea viruses (memes), which incidentally probably have killed more people than physical viruses.

--

The internet is just a communication system. It is more versatile than many other types of communication systems because of its ability to communicate a rich set of tokens, time shift those tokens, lower costs to participate in the conversation, etc.

This communications medium is an expression of the human mind. Just as there are boundaries between our minds, so there are boundaries between the internet and the minds that communicate over it. These boundaries produce an illusion of autonomy. So within this understanding, the internet could be thought of as a body with an immune system protecting its individual cells (the humans and computers connected to it).

Even when the internet becomes more automated, automation is still an expression of the mind. And if my expression effects your expression, then we are in communication. Sometimes people say things without considering all the consequences. Those consequences could range from mild embarrassment to killer robots. Not funny.

Malware is a harmful type of communication. It employs both direct expressions and less direct (more automated) expressions. When a virus attacks your computer, it is basically a human sending a message to a human. Some malware is a message to the good program writers. Other malware is sent directly to the operators (phishing, spam, etc).

It could be said that the first part of the Information Revolution was about increasing communication and the next part is ironically, about decreasing some of that communication. We found out we didn't want to talk to everyone about everything. People don't always say what you want to hear. No, I don't want to hear about your penny stocks…

Since they often require an answer, we have them, "talk to the hand because the ear isn't listening". This is when we have someone else answer their words with words we endorse. These "hired guns" are the defense writers and their automation.

How can mere communication steal from you? The word of one can trap the word of another and they agree to give up the control of resources. This happens at many levels and effects resources like labor, hard disk space, money, knowledge, etc. Botnets (topic?) are a method by how one person's word is trapping many other people's words and leads eventually to the loss of resources.

--

So in a way the internet as a whole acts like a body with the individual computers as cells. This is both a problem and a fact of life. The problem being that is it normal for individual cells to be sacrificed. At any given point, million of cells are being attacked and damaged by invaders while the system as a whole is fairly healthy.

From the sacrificed cell's perspective however, this is not so reasonable. A person could loose 6 months of work on their computer. Not a big loss for the internet as a whole, but a big loss for that person. One method is redundancy- don't just own one cell. Another is to move your cell to safer areas of the system (move further away from the ports, etc) but that has it disadvantages. Another is to try to make your cell act as a complete body, but by doing that, you may loose some adaptability. "No man is an island."

Peter
 
Last edited:

js

Flashlight Enthusiast
Joined
Aug 2, 2003
Messages
5,793
Location
Upstate New York
Thanks for the explanations, guys.

I still find this whole line of thinking to be strange and inapplicable. I find I have more and more objections to the analogy, the more I think about it.

But I'm not very knowledgeable about the interenet and computers, so I will defer to those who are.

Thanks again for the explanations!
 
Top