In comp.os.linux.advocacy, Roy Schestowitz
on Tue, 17 Oct 2006 09:53:59 +0100
> Is the Botnet Battle Already Lost?
> ,----[ Quote ]
> | It's dress-down Friday at Sunbelt Software's Clearwater, Fla.,
> | headquarters. In a bland cubicle on the 12th floor, Eric Sites
> | stares at the screen of a "dirty box," a Microsoft Windows
> | machine infected with the self-replicating Wootbot network worm.
> | [...]
> | Botnets filled---and easily replenished---with compromised
> | Windows have emerged as the key hub for well-organized crime
> | rings around the globe, using stolen bandwidth from drone
> | zombies to make money from nefarious Internet activity,
> | according to security experts tracking the threat.
> | [...]
> | Statistics from multiple sources justify Evron's pessimism.
> | According to data culled from Microsoft's MSRT (Malicious
> | Software Removal Tool), back-door Trojans and bots represent
> | a "significant and tangible threat to Windows users."
> | Since the first iteration of the MSRT in January 2005, the
> | tool has removed at least one Trojan from about 3.5 million
> | unique computers. Of the 5.7 million infected Windows
> | machines, about 62 percent was found with a Trojan or bot.
> | [...]
> | During the attack, which exploited a Windows Server Service
> | vulnerability, security researchers at the German Honey-net
> | Project discovered that hijacked PCs were being used to
> | install ad-serving software from DollarRevenue, a company
> | that pays between a penny and 30 cents per installation.
> | Within 24 hours, the IRC-controlled botnet seized control of
> | more than 7,700 machines. During a four-day stretch, the
> | researchers counted about 9,700 infections from a single
> | command-and-control center and calculated that the attacker
> | earned about $430 in commissions from DollarRevenue alone.
> I think I have seen this article before, but the date is current.
You might have; Google doesn't seem to know what's going
on as it can't even find the given article when typing
in the title exactly as shown. However, zombies are far
from new, and this is hardly news -- just a reminder that
Windows users are all still relatively vulnerable.
So are Linux users who get sloppy, though there at
least the so-and-so's will actually have to do a little
work at it. But Port 22 attacks are common enough; the
Internet Storm Center (http://isc.sans.org) reports 98,954
reports thereon today, from 370 sources attacking 43,430
targets. One of them, apparently, was my box this morning.
(They didn't succeed.)
At least on Linux they actually have to knock the door down,
or find what is the equivalent of an open window. On Windows,
they just sneeze on the flowerpot and the wall disintegrates. :-)
(Or one is reminded of the short _Insect to Injury_
(http://www.imdb.com/title/tt0151064/); ultimately Popeye
defeats the termites by constructing an all-metal house.
Hmm...did he ever use Linux? :-) )
Linux. Because it's there and it works.
Windows. It's there, but does it work?