Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: The 2007 Pandemic of the botnets

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry Pandemic of the botnets

    FYI...

    - http://news.bbc.co.uk/1/hi/business/6298641.stm
    25 January 2007 ~ "Criminals controlling millions of personal computers are threatening the internet's future, experts have warned. Up to a quarter of computers on the net may be used by cyber criminals in so-called botnets, said Vint Cerf, one of the fathers of the internet... Mr Cerf, who is one of the co-developers of the TCP/IP standard that underlies all internet traffic and now works for Google, likened the spread of botnets to a "pandemic"*. Of the 600 million computers currently on the internet, between 100 and 150 million were already part of these botnets, Mr Cerf said... "Despite all that, the net is still working, which is amazing. It's pretty resilient," said Mr Cerf... Whatever the solution, the fight against botnets was a "war" that could only be won if all parties - regulators, governments, telecoms firms, computer users and hardware and software makers - worked together."

    - http://en.wikipedia.org/wiki/Botnet
    "...Botnets have become a significant part of the Internet, albeit increasingly hidden. Due to most conventional IRC networks taking measures and blocking access to previously-hosted botnets, controllers must now find their own servers. Often, a botnet will include a variety of connections, ranging from dial-up, ADSL and cable, and a variety of network types, including educational, corporate, government and even military networks. Sometimes, a controller will hide an IRC server installation on an educational or corporate site, where high-speed connections can support a large number of other bots. Exploitation of this method of using a bot to host other bots has proliferated only recently..."

    * http://www.thefreedictionary.com/Pandemic
    "...Epidemic over a wide geographic area and affecting a large proportion of the population.."

    >>> http://www.shadowserver.org/wiki/pmw...=Stats.Botnets

    Last edited by AplusWebMaster; 2008-03-19 at 23:10.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    - http://isc.sans.org/diary.html?storyid=2495
    Last Updated: 2007-03-23 21:28:02 UTC ~ "According to data by Shadowserver*, the number of botnet-controlled machines has tripled in the last month. Specifically the jump seemed to start on March 8th or so and has kept going ever since. For the most part, they haven't tracked a significant increase in the number of botnets (only about a 20% jump), just the number of machines. The biggest C&C nets are near New York, Southern California, and near Germany. The biggest concentrations of botnet infected machines are in China, Brazil, and Argentina. So it appears botnet controllers are getting better at increasing the size of their herds."

    * http://www.shadowserver.org/wiki/pmw...otCounts#month

    - http://www.securityfocus.com/brief/466
    2007-03-22 ~ "...The weekly tally of bot-infected PCs tracked by the group rose to nearly 1.2 million this week, up from less than 400,000 infected machines two weeks ago. The surge reversed a sudden drop in infected systems--from 500,000 to less than 400,000--last December..."

    Last edited by AplusWebMaster; 2007-03-25 at 16:37. Reason: Added SecurityFocus reference...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    (McAfee Threat Center - 2nd issue of McAfee Avert Labs security journal- Sage)
    - http://www.mcafee.com/us/threat_center/default.asp
    Apr 2007 ~ "...Botnets: Cybercrime Central - The largest enabler of cybercrime today is the “botnet,” a network of robot-infected PCs centrally controlled by an attacker, or bot herder. Bots gained their current status as a result of several factors. Perhaps the most important is that bots leverage the work of others. Several bot families are considered open source projects, developed collaboratively and refined by many. But even more important, bot developers piggyback on the work done by well-intentioned security researchers... When such vulnerabilities are made public in an effort to raise awareness, bot authors incorporate the work into new versions of their threats. If the payout for a crime exceeds the risks involved and the effort required, attackers will flock to it..."

    (Monthly Botnet size currently at 2.4 million)
    - http://www.shadowserver.org/wiki/pmw...otCounts#month

    .
    Last edited by AplusWebMaster; 2007-04-13 at 02:02. Reason: Added Shadowserver current stats...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs up

    FYI...

    - http://www.pcworld.com/printable/art...printable.html
    May 15, 2007 ~ "A tech trade group and a leading cybersecurity vendor applauded new legislation introduced in the U.S. Congress that would broaden penalties for cybercrime, including first-time penalties for botnet attacks. The Cyber Security Enhancement Act, introduced Monday, would create for the first time criminal penalties for botnet attacks often used to aid identity theft, denial-of-service attacks and the spread of spam and spyware... The bill would also broaden the definition of electronic data theft related to interstate or foreign communication, and expand the cyber extortion statute."


    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Online Criminal Gangs Battle With Botnets

    FYI...

    - http://www.informationweek.com/share...leID=199601992
    May 18, 2007 ~ "Criminal cyber gangs are trying to steal zombie computers from rival botnets so they can boost their own numbers and raise the price they get from spammers.
    Two or three online criminal gangs are waging an all-out battle for control of the largest botnets, sending out waves of malware aimed at stealing zombie computers from rival gangs to build up their own army. Each online gang is trying to build up the biggest botnet because the bigger the army of infected computers they control, the more money spammers and hackers will pay to use them, explains Shane Coursen, a senior technical consultant for Kaspersky Lab. Since the gangs have their own botnets already built up, they're all trying to pilfer victimized computers from their rivals, to diminish their competitor's botnets while they build up their own... the author of the well-known Storm Worm, also known as Zhelatin, is going head to head with the author or authors of the Warezov and Bagle worms. It's unclear whether one group is responsible for both the Warezov worm and the Bagle worm or if different groups are behind each one... "Instead of just one group that was kind of active, now we're looking at two definite groups and possibly three groups. The activities have increased very significantly over the last six months. We see a huge increase in the amount of spam, and it's largely because of this war"."


    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Member
    Join Date
    May 2007
    Posts
    32

    Default

    wow..... so basically there is an army of haxorz out there just spreading viruses like crazy? ......WOW over 100million shesh wtf!! im thinking there should be computers that are like are 100% immune to viruses,worms, and spyware i mean that would end most problems like the computer itselfs prevents from any of its important things to be deleted, anything being recorded like keystrokes, etc.
    If that could happen it would be great..

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow

    "WOW over 100 million..."

    Actually, the numbers are quite a bit less (currently estimated at 2.8 million).

    See: http://www.shadowserver.org/wiki/pmw....BotCounts#day


    ...but we're keeping a close watch, and will continue to do so.


    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    February 2007 Root Server Attacks...
    - http://preview.tinyurl.com/3dxn74
    June 9, 2007 ~ Arbor Networks - "...Nice summary of what actually occurred during the February 6/7, 2007 DNS attacks... actual targets of this attack were:
    * F-Root, G-Root, L-Root and M-Root
    * A9.INFO.AFILIAS-NST.info
    * B9.INFO.AFILIAS-NST.ORG
    * C9.INFO-AFILIAS-NST.info
    * And another set most folks haven’t heard of, ns[2-5].opihhkj.com
    * and pehaps ns1.opihhkj.com, but not certain
    He went on to cite more mis-information provided by the media and emphasized how difficult it was to find an accurate story... Some of the unique information that John shared about the attacks included details on the botnet involved (these were the numbers and distribution of the bots themselves, firepower from each varied):
    * ~4500-5000 bots on Microsoft Windows Boxes
    * ~65% from South Korea
    * ~19% from United States
    * ~3.5% from Canada
    * ~2.5% from China
    * The rest from various places
    The botnet controller was HTTP-based, physically located in Dallas, TX, USA, and was located by the bots via DNS, with a backup DNS name as well. The botnet itself was associated with a Russian-affiliated reseller and has continued to be used for DDoS attacks up until 2007-05-23.
    The attacks consisted of:
    * bots performed one DNS query per victim
    * bots setup three “threads” per victim
    * unique but stable source port per thread
    * each thread employed it’s own 1023-octet payload “seed”
    * UDP packets were then flooded to each victim on port 53
    * source address was NOT spoofed
    * each UDP packet of random 0-1023 seed payload
    * each thread was set to last 24 hours
    As for mitigation, because non-spoofed some source-based mitigation/filtering could be employed but difficult... many of the other targets hit by the botnet were of “Russian origin”..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb

    FYI...

    Operation Bot Roast
    - http://www.fbi.gov/page2/june07/botnet061307.htm
    6.13.2007 ~ "...Operation Bot Roast was launched because the national security implications of the growing botnet threat are broad. The hackers may use the computers themselves, or they may rent out their botnets to the highest bidder. The more computers they control, the more they can charge their clients. A bot-herder can do a lot with compromised computers:
    * Steal the computer owner’s identity;
    * Launch massive spam campaigns;
    * Engage in click-fraud—schemes which artificially inflate the number of visitors to a website; and
    * Launch denial of service attacks that can cripple web servers and crash sites.
    One of the difficulties in fighting this type of cyber crime is that it is difficult for computer owners to know if their machines have been infected. There is no easy way to tell, unfortunately. It may be running slowly, your outbox may be full of mail you didn’t send, and you may get mail stating you’ve sent spam. 'The majority of the victims are not even aware that their computers have been compromised or their personal information exploited,' said FBI Assistant Director James Finch, who heads our Cyber Division.
    That’s why we urge every computer owner to implement the security precautions that are available. Prevention is always better than reaction."

    (More detail at the URL above.)

    :
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry

    FYI...

    FBI finds a million botnet victims
    - http://www.theinquirer.net/default.aspx?article=40321
    14 June 2007 ~ "THE US Department of Justice and the FBI said that they have found more than a million botnet crime victims during "Operation Bot Net"*. A team, which included members of the Computer Emergency Response Team Coordination Center at Carnegie Mellon University and Microsoft, aimed to notify as many of the victims as possible. The FBI hoped that through this process it might uncover additional incidents in which botnets have been used to facilitate other criminal activity..."
    * http://www.fbi.gov/pressrel/pressrel07/botnet061307.htm

    Shadowserver - 13.06.2007: New Graph: Total Malware Count
    - http://www.shadowserver.org/wiki/pmw....Malware#count

    - http://www.us-cert.gov/current/#fbi_charges_bot_herders
    June 14, 2007

    Last edited by AplusWebMaster; 2007-06-15 at 04:39.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •