Feeds

back to article Botnet with 60GB of stolen data cracked wide open

Researchers have cracked open a botnet that amassed more than 60GB of passwords and other stolen data, even as it cloaked itself using a state-of-the-art technique known as fast flux. When its command-and-control server was infiltrated, the Mumba botnet had snagged more than 55,000 PCs, according to the researchers from anti- …

COMMENTS

This topic is closed for new posts.

Come the revolution!

Come the revolution, these creeps should be first against the wall along with politicians, lawyers, bank and insurance executives and all other manner of evil weasels.

If this is an 'arms race' be waged with the criminals, they are winning. We need to do something with our infrastructure to harden it against botnets and the attacks that spawn them. Certainly we need to have a better way of tracing individual IPs and foiling spooking attempts.

Definitely time for a change on the internet.

5
7
Silver badge
FAIL

What exactly are you suggesting should be done

I see a lot of handwringing and "think of the children" style proclamations but absolutely nothing of substance.

This is the sort of empty "motherhood statement" that is so beloved of our politicians, full of noble intent but devoid of content.

And yes, I am currently being subjected to the lamest election campaign that I can remember between two utterly vacuous candidates with absolutely nothing important to say and nothing inspiring to offer.

5
0

Err...

How are you going to run the world with no politics, insurance, banks or law?

Oh, it's the summer holidays...

If I may be permitted a Ben Goldacre quote: "I think you'll find it's a bit more complicated than that."

1
1
Silver badge

I wonder...

... what the spread of OS's where in the compromised machines. I'll not bet against older versions of Windows though.

"We need to do something with our infrastructure to harden it against botnets and the attacks that spawn them."

Well we could diversify the workstation landscape.

1
1
Anonymous Coward

The revolution will not be tweeted

The revolution will be no re-run brother

The revolution will be live

And after the revolution, everybody will wander about wondering what to do without telecomms, power, 24 hour tesco metro and other such things like money and law and order that keep us safe in our beds at night*.

*your safety in bed at night may vary, I'm talking on average here.

3
0
Silver badge
FAIL

How would diversification help?

This BotNet had 55,000 PCs, from a world-wide installed base of, what, 2.5 billion? So, say we diversify to 20 OSs on 10 different hardware platforms, all spread uniformly throughout that population - it'll still be easy enough to grab a few tens of thousands once an exploit is found.

In essense, diversification is security through obscurity writ large, and as we all know, that is no security whatsoever,

GJC

1
1

Diversity

Divertsity is NOT security through obscurity, not even close. Diversity doesn't hide possible exploit routes and hope that nobody finds them - it limits the damage that any one exploit can do.

If an organisation runs all of its boxes on one OS (doesn't matter whether it's Win, Lin, HPUX or whatever) then one exploit can move throughout their entire network. If you have 5 OSes then one exploit will likely not be able to affect all 5 OSes. It's not necessarily impossible, but the work involved would outweigh the benefits unless you're talking about targetted industrial/state espionage.

Your argument that you can find 55k vulnerable OSes has *some* merit but not as much as you think. The fact is the bot only found 55k vulnerable Win installations. If 10k of those boxes had another OS on them the botnet size would be 45k, because regardless of the millions of other Win boxes out there they were never subject to the bot were they?

Diversification is not a magic bullet that stops all exploits, but it helps mitigate the damage that they can cause. Arguing that because it isn;t perfect means it has no value is like arguing for the cessation of immunisation because it doesn't protect against all diseases. You fix what you can...

3
0
Anonymous Coward

@Err

Out of interest, just why is it that the world needs to be 'run'?

0
0

@Mark 149

Assuming you're not trolling (and it is a big assumption) how do you suggest anything could get done without having agreed methodologies and organisations to devise them?

0
0

Credit where it's due.

Blame the tricksters all you like, but what about the people who fall for dumb tricks? Get rid of those and the tricksters would need a new job.

As long as there are dumb users who fall prey to the simplest of traps, there will be botnets and people willing to come up with newer and more sophisticated defenses to protect botnets from attack. Social engineering is the oldest form of hacking and, if the explosive growth of phishing scams are any suggestion, easily the most lucrative.

You could call for heavy-handed and ultimately useless measures to make the internet more secure by force, and you will fail if you do because you have not solved the original problem. Better yet, you could put the same amount of effort into teaching as many people as possible that:

1. Legitimate system administrators do NOT need your password for any reason, and anyone asking for it is a fraud;

2. Downloading e-mail attachments from strangers is stupid;

3. Giving your bank credentials to strangers is even more stupid.

It'd do a whole lot more good that all your impotent rage against "hackers".

0
0
Silver badge

Diversity?

You don't need to inoculate everybody against a disease to prevent it's spread.

Not all infections come directly from the source and not all workstations have access to all other workstations. Each infection must have followed a path from the initial source through other infected machines which act as gateways. If only small percentage of the these gateways are closed then the damage is limited by a far greater degree. Conversely one infection on a PC on a business with a network of a thousand identical ghosted drive machines will be a thousand botnet network within minutes.

The botnet will only be useful if it can reach a critical mass, You can't run a successful DDOS attack through 5 pc's and a few dozen compromised passwords will not make you a criminal millionaire. If you limit the spread you kill the disease.

0
0

So many passwords.

There's not much they can do with that many passwords. They might go for big organisations or rich people of renown but I feel okay because they won't waste time taking from me.

0
1
FAIL

Naivety?

You naivety with that statement shocks me, if they have your login details they can sell them on. Just because they have 60 million to wade through doesn't mean they "wont" use yours. Then use automated scripts to check accounts too

0
0

It's just not your turn (yet)

Just because they are not looking for you does not mean this is something to be ignored. As Pastor Martin Niemöller (1892–1984) wrote;

"THEY CAME FIRST for the Communists,

and I didn't speak up because I wasn't a Communist.

THEN THEY CAME for the trade unionists,

and I didn't speak up because I wasn't a trade unionist.

THEN THEY CAME for the Jews,

and I didn't speak up because I wasn't a Jew.

THEN THEY CAME for me

and by that time no one was left to speak up."

He was speaking of the intellectual community in Germany during the rise of the Nazi party, but the effect is the same.

0
0
Unhappy

Very true

These sorts of things always remind me of the song Empire by Queensryche. The song details the fact that disenfranchised kids are making businesses selling the seedy side of life, drugs, guns, etc,. While they may appear useless and complete wasters to teachers and parents, these 'wasters' are running businesses with a ruthless efficiency that puts Alan Sugar to shame, making pot loads in the process.

Agree with Highlander, those who are supposedly in charge of the infrastructure need to wake up a bit sharpish and get a handle on this stuff.

1
0
Flame

Why am i paying this?

If people are stupid enough still to get infected through not securing their computers and clicking those flashing adverts, telling them they've won something, then they should get charged for removing their computer from any botnet they may be part of.

Why as taxpayers are we paying for police to fight botnets?

The people always getting infected should be paying or at least going on a computer course to teach them how to use it safely.

0
1

It's not that simple either

Unfortunately you can be the most careful and well informed user, using the best firewall, non-IE browser etc, and still pick up such nasty little infections. You don't even need to click dodgy links or visit porn sites. All it takes is for one of your usually visited innocent sites to be hacked and infected and as soon as you drop in there to check out the latest chat about your hobby of interest (it was old audi's in my case) then kaboom.

The real solution lies with the authorities of the countries that have the ISPs that host the top level of the botnets.

1
1
Silver badge
Alert

Obvious, really

@Tigra 07: "Why as taxpayers are we paying for police to fight botnets?"

Why as taxpayers are we paying for police to arrest burglars?

Why as taxpayers are we paying for doctors to vaccinate people against epidemics?

... and so on.

I think we all know the answer.

1
1
Grenade

Re: Kubla Cant

The people who leave their doors and windows open at night are the people who are easiest to burgle, just as the people with no computer knowledge and no security are the people who we always hear of in botnets.

And let's not forget the people who click all those flashing adverts telling them what they've won.

Computer training is a must-have skill nowadays and trying to get more elderly people online will only add more numbers to these botnets unless it's done properly and safely.

0
0
Bronze badge
Headmaster

Eh?

"AVG's discovery is only the latest time that researchers have been able to"

'only the latest time' are you sure?

0
0
Joke

is my mac affected?

sorry, just cant resist.

1
1
FAIL

@Is my Mac affected?

http://blogs.computerworld.com/16575/security_firm_says_apple_has_more_security_holes_than_anyone

Sorry couldn't resist.

1
1
Thumb Up

Nope, Macs weren't affected although Windows 7 was.

Read the whole report and no Macs were attacked here. They did find ways to get through the latest Windows 7 however. So halms, good point, you were safe from this attack if you used a Mac.

1
1
Grenade

These articles do a great disservice....

These articles do a great disservice.... when the reporter fails to dig a little further. A VERY important detail to expose to the reader here is what OS and browsers are prone to Zues (and the vast majority of botnot infections for that matter) and which ARE NOT. Like this commenter as well I have moved to a different OS (in my case GNU/Linux), in part because of the massive malware epidemic out there. Yes, running an alternative OS does not make you immune, but it is like having a vaccine that cuts that risk of infection by 98-99%. This type of information needs to be exposed to the reader to allow for informed choice.

0
0
Go

@Fraser

If I may be allowed to quote myself..."Fraser, you've a lot to learn." Think beyond. There are many folks designing a future without those very things you think are sacred. Try googling for Reality Info dot org or The Zeitgesit Movement or The Venus Project. Break on through dude :)

0
0
Silver badge
Headmaster

Researchers?

sound more like enforcers.

Still, if they are doing research, perhaps they could give us a breakdown of the machines owned by OS, manufacturer, AV running, and age?

0
0
Bronze badge
Flame

Time for Vigilante Computing

If these researchers can take down a botnet of this complexity and have discovered the IP location and logins of the affected PC's; then it is time that the researchers or Anti-Virus manufacturers create a way to remotely disinfect these compromised computers without their owners consent.

If the owners of zombified PC's cannot help themselves, they don't need to be on the Web contaminating the rest of us. The CDC quarantine mad cows as a "Public Health Hazard" and these computers are no different and no less of a problem.

There is nothing on those computers that is of greater value than the health and safety of the rest of the responsible people who are not infected with a "deadly virus".

I say they should all get a remote low level secure format and wipe. Just do it, NOW!

1
0
Thumb Down

This is fascism

I choose not to run a firewall or anti-virus as it slows down my rig. I can live with a few infections as that is a small price to pay for the extra performance I get.

I also run an anaonymous ftp service as my contribution to the community - you probably think that's wrong too?

Your proposal would remove my right to make this choice - who are you to decide this for me?

0
0
WTF?

@A/C

How about the poor sod receiving 1,000,000 spam mails a day, or those having credit card info stolen because of self centered C***'s like you.

So I don't make the choice, but I hope your ISP does.

Arsehole.

0
1
Thumb Up

what you dont know that i do. pentagon and microsoft involved since aug 2008.

this info on this site is half right. the hacker's name is bill parks from the pentagon in the department of transportation according to a news reporter after seeking help.

microsoft has been involved every step of the way starting with microsoft and verison certs injected into parts of the worm. the conficters were decoys. the traffic and psychological downsizing is why this is all happening. the botnets were enhanced to cover the tracks while the traffic was used to connect to asia to what is called dns joint forces. the protocol in the law passed that was based on the traffic before the botnet is what this is all about. go to my site for details at www.deepandcrazy.com.....

the media and news is used also to cover the tracks. this hacker has to much power.

the 3 ways the worm affected our machines uses our hubs and phone radio waves to send and recive outside our systems.

the textboxes such as this one is used to inject memory points that come from kernel or higher.

the strange emails that were noticed at the begining with strange subjects were linked to a list of numbers in an xml file that gives the backdoor commands that made it change a lot.

the botnet was enhanced to take blame for the traffic while the pentagon hacker hacked through a pixel error into our graphics memory that is used without any os installed. it gets way more complex after this...

0
1
This topic is closed for new posts.