the only way to deal with a company like that (which openly breaks international laws like that and is basically just pure scum, but protected by politicians and bribes and bought favours etc), is to cut off the whole of russia.

the rest of the world should annex russia from the phone system until its politicians get their act together enough to play ball and stop the child porn hosts and other scams. or maybe just st petersburg.

under that sort of pressure they will break under the anger of fellow russians. i mean, im sure most people are honest and decent, but they need to sort it out and stop spoiling it for everyone.

its kind of like the argument about muslims sitting by and saying that most of them are innocent and peaceful, instead of taking upon themselves to oust their disruptive element, seeing as they have the closest ties and best ability to do so. (or any other religion etc)

i dont like spamware and trojans and phishing scams and having to spend hours virus checking and fixing my non-IT-literate-relative's computers. wouldnt it be much easier for someone to just cut the whole place off for a bit?

for example like the Russ1ans did to the australian bank website.

read this

http://economist.com/displaystory.cfm?story_id=9723768

ps. yeah i know the activists will get a bit moany if we cut off russias communications, but if what VeriSign say is true ("Every major trojan in the last year links to RBN") then I think we certainly need to do something drastic and extreme.

"Russian Business Network" I'd sure like to add them to my hosts file

:)

I know - lets run the possibility of totally disrupting a country's economy so that we can shut down something that we don't like.

Next, if that is done and works, lets cut off the communications links from Iraq, since they are still fighting back and objecting to being "liberated".

Then do the same to Iran, since they're not playing nice and are developing a nucular program.

Next stage would be spam nets - let's kill any ISP that allows its users to have infected machines.

Finally, lets get all the lies off the internet. Any website that contains lies designed to misrepresent the great and good truths of the world (democracy is perfect, Christianity is the one true faith, etc) should be banned!

Comrade, our work is done.

I dumped Adobe Reader ages ago and switched to Foxit Reader instead. Much smaller and faster. www.foxitsoftware.com

And just think how clean our inboxes would be if there was no spam coming from russia. Unfortunately we would all miss the "My name is ------- and I am from Russia, I would like to send you my pics and meet up for ....." "just send me your bank details so I can by a plane ticket to cum meet you" messages I get.

I think the solution to this is very simple - the debate about ISP's taking ownership of such problems has been an ongoing issue. The problem being the corporations supplying the detection software want the additional license money from the individuals - which is fair enough.

I think a similar scenario would have to be making guns legal in the UK and us having to purchase bullet proof vests, if we didn't purchase them then it would be our own fault for not doing so in the event of being shot.

It's a simple system to put in place but then again this may stop the authorities using the same tactic -

http://www.theregister.co.uk/2007/10/23/teutonic_trojan/

A scenario one organisation is considering against an ISP is that by allowing this type of attach to pass through their systems unchallenged they are effectively condoning the attack. Sanctioned by inaction.

Anyhow, the issue in my opinion isn't about individuals carrying out such attacks as in modern business you will do what you have to to survive - its about stopping them and removing the option.

If you are STILL stupid enough to run closed-source software, you deserve whatever the hell you get. There is Open Source software available to do everything, nowadays (including reading and writing PDF documents). Knowing what I know, I'd sooner use a pencil and paper than closed-source software.

Any software whose Source Code has not been independently audited (i.e., by someone other than the vendor) should be considered potentially unsafe. Any software whose vendor is unwilling to supply the Source Code for audit should be considered actually dangerous. You wouldn't buy a cake without a list of ingredients and a breakdown of protein, fat and carbohydrates, would you? Would you stand for the manufacturer telling you it was none of your damned business what was in their cakes? Why the hell are you putting up with this sort of behaviour from software vendors?

IT buyers -- you're in a great position to do something about this. Demand the Source Code; and if your suppliers won't budge, then *you* budge. Tell them straight -- if other people are willing to show us their Source Code which does the same as what your program does, then it can't be *that* special. Harassed family members -- just give your granny Ubuntu or Mandriva and let her get on with surfing and e-mailing, and get your kids a games console (or maybe send them into the Big Blue Room to get some fresh air and exercise). Everybody -- write to your MP and demand that the vile practice of concealing Source Code from users be outlawed.

... that would work </sarcasm>

1 Cutting off the phone system wouldn't stop internet traffic

2 They would cut off the west from their oil and gas in retaliation - £2/litre petrol anyone? No central heating this winter?

3 They managed for years as a super power with little telephonic communication with the west. Putin would just retrench back into Soviet style cold war politics.

4 Trojan sites moved to satellite countries - cut those off too? where do you stop? Some ex-Soviet satellites are members of the EU now; cut off all of Europe? How about China?

5 What about phone lines routed through Russia? Assume the Russians wouldn't tap into those or cut them off too? So that is about two-thirds of the world cut-off by now.

Why not cut off the US too, as they are the source of about 80% of spam?

If you want to cut-off anything (rather than your own nose to spite your face) why not persuade ISPs to block/label all emails with RBN's IP addresses in the header. That at least has the benefit of actually being possible - it's already being done for some IP addresses, by ISPs in the US and Europe.

While were at it, lets disconnect the USA. One of the largest providers of Spam and kiddie porn...

Stu..

You wouldn't buy a cake without a list of ingredients and a breakdown of protein, fat and carbohydrates, would you?

err yes most people aren't that anal.

Just because you have a list of ingredients doesn't mean you know who to put it together. Never drunk Coke?

After all a car is a lump of metal and plastic. Pop to Ford and ask for the detailed plans (engine design, ECU assembly and programming) and see what they tell you.....

In fact why doesn'y everybody just give up trying to make money, share everything with everyone.

Damn that's called Communisum and the good ol' USofA won't like that.

Let the buyer beware still apples, but this is based on the unvoiced "let the buyer be aware". Software is purchased by wonks in business organisations who DO NOT CARE or even bother to try to understand the distinction between open- and closed-source. The other category of purchaser is those who just want to get on t'internet to see PH's bedroom antics NOW! The remaining 0.00236% (us) understand your point and agree with you.

The correct economic incentive for purchasers in business organisations is to make the Purchasing Boss and all his team PERSONALLY liable for the cost of business disruption arsing from a published exploit.

The cake analogy could backfire...

M$ 'disclosure' would be along the lines of: "this software contains 5.7 % enumerated types and gives the user a wide range of rich application execution experiences" i.e. typically fatuous and unhelpful.

Where's Richard Stallman when you need him? :-)

I think you could possibly get people for that anyway - and it sounds like a great idea to me.

"Corporate negligence" should cover it, and allows you to go after management rather than the poor saps (like me) on the floor that can't do anything about it anyway.

(apologies for the spiderman quote, and even more apologies for not knowing the original source)

An outstanding point Vladimir - why are we blaming individuals for defaults in the software?

If you leave your keys in your car and its stolen your insurance is void -

If it goes on fire through a manufacturing defect the manufacturer is liable -

If Microsoft or Adobe f**k up we have to buy the next version to resolve the problem fully or accept an update which throws something else out!!!!

Where does it say on the Microsoft or Adobe EULA

"The chances of this product being compromised is highly likely and any personal data stolen may bankrupt you. This is not our fault as we do make the effort to secure our systems"

Most shocking findings to date for me personally - Office 2007 is a patched locked down version of - Office 2003 which s a patched locked down version of - Office 2002 which s a patched locked down version of - Office 2007 which s a patched locked down version of - Office 97.

Same applies from Vista - XP - 2000 - NT

Yet they were bundled as new operating systems and priced accordingly.

Bottom line - you go for products from the big guys and get burnt - go cry elsewhere.

PDF is a derivative of postscript, which is a fully turing-complete interpreted language. They trimmed some of postscript's more egregriously risky features, like access to the i/o and filing systems, but it's always basically been that a PDF is an executable script.

The update appears to be just for the latest version of Reader. Does that mean that older versions are OK? I'll just go on using Firefox, I guess...

Re your quote: "its kind of like the argument about muslims sitting by and saying that most of them are innocent and peaceful, instead of taking upon themselves to oust their disruptive element, seeing as they have the closest ties and best ability to do so. (or any other religion etc)"

I don't see the Christians sorting out Bush or Blair (who continues to spread dissent and verbal malware throughout the world.)

Until then, I think it's unfair to blame the majority of the world's largest landmass for a couple of dodgy businesses who spread porn and viruses. Let's face it, at least Yeltsin was more fun when drunk.

We run Acrobat Pro 6.X here at work. I was starting to get pissed about no patch available for Acrobat 6.X then I finally managed to unearth this from Adobe's site:

"Adobe Reader 6.X and Acrobat 6.X are not vulnerable to this issue."

http://www.adobe.com/support/security/bulletins/apsb07-18.html

Good thing we haven't "upgraded"(?) to the latest Acrobat bloatware, eh?

You! Russky bashers! GTFO my Internets!

First, Anonymous Coward: The IP you gave is only one of many.

Now, how to protect your network:

deny from 81.95.144.0/22

This will cover only the IP block discussed, however. You need to block all of AS41173, so include:

deny from 81.95.156.0/22

This should be done at the BGP level if at all possible. Otherwise, implement it at the highest level firewall under your control.

For more information, see http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK7465

Re: "you're saying that the 150 million lost to scams is a kind of hidden tax..." Errr, no. I am saying if you slap the Russian bear because one of its fleas bit you, be prepared to get a face full of claws. It's better to tackle the flea itself. 150 million? pah! an hours lost production if the gas is cut off. Try persuading the politicians that that sacrifice is worth making (x 24 x 365 x n). One wonders who would be the ones "cut off" Let's see, tighten up ISP security, or a new cold war and global recession? Hard choice. (unfortunately the politicians take the third choice - "do nothing")

This is not a third world Afghaniraqistan we're talking about. The West is in no position to cut off their phones - and as I pointed out, the internet doesn't work on PSTN dial-up - the internet backbone lines are separate from the phone system. (Quote "annex (sic) russia from the *phone* system...") so I'm not sure what it would acheive.

Yes RBN is a problem that needs sorting, but get real!

> I'm tempted to add something to the effect of Reg readers not being stupid enough

I take it you don't read their comments?

Ronnie Regan's law that was supposed to make the Soviet Union illegal - bombing will start in 5 minutes...

1. Straying off into religion / faith. Bush, Blair may or may not be driven by 'greed' (a term that may require further refinement); however, this does not mean that they are not also driven by their faith. They have both publicly declared that they are so driven. In my personal opinion people of faith who also seek political power need to demonstrate the intrellectual horsepower to *separate* the two - not combine them, as these 2 dangerous people have done.

2. Ken, when Morley Dotes writes, e.g. 'deny from 81.95.144.0/22' you can take it to mean 'block all inbound traffic from that IP range', i.e. 'blocking Russian IP addresses' will stop everything including 'you accidently viewing Russian web sites'. Blocking outbound requests also helps ;-)

3. Agree with AJ S when he writes: "The statement "requires Acrobat Reader" which often accompanies PDFs on web sites is just flat-out untrue"; however AJS's open-source advocacy (proselytising) needs also to be taken with a pinch of ('show the evalaution report!') salt.

Morten Ranulf Clausen's 2 facts are apposite; my suggestion to address his invitation to 'discuss the infrastructure to handle it' is the classic security engineering approach: Layered Defence (aka Defence in Depth).

Defence at the application layer (buy applications with a proven behaviour {admittedly, not universally available}). Defence at the network interior layer: appropriate corporate security policies (expressed, understood, monitored, enforced) about acceptable use, principle of least privilege, host-based intrusion detection and alerting, locked-down host computer configurations, network-based intrusion detection, heuristic analysis, automated alert & response, anti virus. Defence at the corporate boundary: firewalls (stateful, deep packet inspection), AV, content and application proxies. Defence at the ISP / service provider layer (duplicating all approaches already listed). Use a 3rd party service provider for mail filtering (perhaps).

Downsides?

A.It all costs a bundle

B. Will take everybody (everybody!) *years* to implement it all; especially the

"applications with a proven behaviour" & "defence at the ISP / service provider layer" bits - I admit that.

In summary: in the meantime - good luck to you all and plenty of work for me for years to come.

Steve: The address of the Russian Business Network is http://www.rbnnetwork.com/ - but I strongly discourage you from trying to block that from your hosts file. Hint: ping it to see what IP address it resolves to. (Anybody else - if you don't know what that IP means, don't mess with it, because you're going to cut off your connection to the Internet.)

Costa Mihalidis: Word (and Excel, and PowerPoint) documents are dangerous to open even if they do *not* contain macros. There are many exploits in these applications that allow the execution of malicious code even from macro-less documents.

Oh, and everybody: This is *not* an Acrobat exploit! Acrobat's only fault is allowing automatic execution of embedded URLs (instead of you having to click on them manually). The vulnerability is in Internet Explorer 7 on Windows XP machines. Acrobat is just an attack vector. Adobe patching it closes this attack vector - but the very same vulnerability can be exploited from other applications - Firefox (already patched), Skype (already patched), mIRC, Miranda, etc., etc. We're still waiting for Microsoft to patch the root of the problem. :-(

Anonymous Coward & Chris Ovenden: Foxit is vulnerable to this exploit too! The only difference is that Acrobat runs it automatically, while with Foxit you have to be tricked to click on an URL in the document.

Pascal Monett: The RBN does not break any Russian laws, so the Russian police cannot do anything about it. Only its *customers* break laws - and the police does what it can. While what the RBN does is certainly unethical, prosecuting them is no different than prosecuting the phone company for allowing some of its (probably criminal) customers to use encrypted mobile phone communications.

A J Stiles: Open source software for PDF viewing won't save you from this exploit, if you have IE7 installed on a WinXP machine.

Glenn Gilbert: This exploit is in IE7/WinXP - that's why there is no Acrobat update for Linux and Mac. The exploit doesn't work there.