digg

Facebook Connect Join Digg About

Zombie Computers Decried As Imminent National Threat

blog.wired.com Across the world, thousands of home computers have been conscripted into zombie computer gangs that cyber criminals use to spam, attack and defraud others on the net, causing considerable consternation to law enforcement and security professionals alike, who count the so-called botnets as the most vexing net threat today.

Who dugg this? Made popular Apr 10, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

223 Comments

show profanity settings
expand all
  • OBDriftwood, on 04/10/2008, -2/+74"Hi, I'm a Mac"
    "Braaaainzzz...."
  • slug007, on 04/10/2008, -0/+44A class on "locking down your home gateway" should be offered at every community center. It could replace the "how to attach a file to an email" class.
  • cersad, on 04/10/2008, -3/+32From the article:
    "The problem is no one is doing anything," Winkler said, proposing that users be fined or blocked if their computer is infected.
    "Guess what? If your system has a bot on it, you don't get on the internet," Winkler said, summarizing his proposal.

    Sounds to me like this panelist wants to punish the average Joes to get at the criminals.
  • aaron4, on 04/10/2008, -3/+32"remove the connection or destroy the processor"
  • mandarin, on 04/10/2008, -0/+26Hey ! They prefer to be called the Living Impaired!
  • noahhoward, on 04/10/2008, -3/+26You don't always get a choice, it's not like all viruses pop up and say "Hey can you install me so I can ***** up your *****?"
  • DeFex, on 04/10/2008, -0/+19computer sales in north america would fall by around 80%
  • wtfbrok3n, on 04/10/2008, -0/+17How about this as a title instead;

    Stupid Computer Users Decried As Imminent National Threat.
  • SmokedL, on 04/10/2008, -3/+19"Sounds to me like this panelist wants to punish the average Joes to get at the criminals."

    Disconnection after an ignored warning would be perfectly fine. Your computer is your responsibility. If it is causing harm you are responsible for fixing it. If you do not it should be disconnected so that is cannot cause any more harm.
  • artificialgrey, on 04/10/2008, -2/+18"Malware-infected Windows Computers Decried As Imminent National Threat"

    There, fixed it for you
  • Stradenko, on 04/10/2008, -1/+15If you have drug-resistant tuberculosis, the CDC is going to quarantine your sick ass.
    Why is a computer different?
  • coyote1284, on 04/10/2008, -0/+13You are a bigot against Persons of Post-motem Ambulance. They have a disease that needs to be treated and cured. We don't kill people with AIDS just because you're afraid of being infected. (This message brought to you by PETU, People for the Ethical Treatment of the Undead)
  • thecheatah, on 04/10/2008, -1/+14And people say "use any OS you want as long as it works for you".
  • Dimensio, on 04/10/2008, -1/+13I do not believe it unreasonable to take measures to prevent or punish negligent bevahiour that causes harm to others. While those who utilize "zombie" computers to engage in acts of fraud, denial of service or other criminal behaviour should also be punished -- preferrably by a publically displayed event where such offenders are slowly tortured to death and then where their bodies are left on display as a warning to others -- I believe that it would also be prudent to address the problem of individuals negligently allowing their computers to become an infected resource of criminals.
  • frontporsche, on 04/10/2008, -0/+12"less frequently, used to make a political point in the case of attacks on Estonia and the Church of Scientology."

    Are they accusing Anonymous of controlling a bot net? or does CoS have people planted in Homeland Security?
  • orangefly, on 04/10/2008, -1/+13you're right....get off my internet....
  • sv650touring, on 04/10/2008, -2/+14LOL

    I don't have any numbers to back it up, but I suspect that Microsoft's share of the "Zombie PC" market is even better than their 90%+ of the desktop market.
  • inactive, on 04/10/2008, -1/+12block the internet connections of the zombie computers, i am sure once the person realizes they have no internets they will call, and can be told that they cant get back on the net until they clean up the zombie computer.
  • Austin7687, on 04/10/2008, -0/+11I think the number of 'zombie computers' would be cut in half if people just stopped visiting furry porn websites.
  • YodaJones, on 04/10/2008, -2/+13Why doesn't homeland security just say out loud what operating systems these "Zombie" computers are running? Or at least provide a chart with percentages?
    No homeland security balls.
  • pwnies, on 04/10/2008, -3/+13This sounds to me like it'll end in people who don't know anything about technology making the rules about it. Yes, there are botnets out there. Yes they have a lot of combined processing power and can DDoS attack up the wazoo. But that doesn't mean you should suddenly disconnect Grandma Bonny's computer for reasons unknown to her.
  • SmokedL, on 04/10/2008, -0/+10Send an email and a snail mail warning telling Granny with:
    The information that her computer is causing harm.
    Instructions on how to fix it herself.
    Contact information to various companies that can provide the service of fixing it for her.
    A warning that if she does not get this fixed her connection will be disconnected in 14 days.
  • petebert, on 04/10/2008, -2/+12raaaammmss, raaaaAAAMMMS, raAAAAAAMMMMSSS
  • pilobilus, on 04/10/2008, -5/+14100% of botnet zombies are installed on Microsoft computers. "Blame the user" is just propaganda *****: Small business networks administered by MCSE certified technicians are as likely to be infected as Junior's game box at home. There is only and exactly one solution: Repeal laws that make Microsoft and other software vendors 100% immune from liabilities for damage done for knowingly shipping defective products. Due to gross negligence shielded by bought and paid for politicians, Microsoft owes its customers tens of billions of dollars in compensatory damages. Return our right to sue them for negligence and malfeasance, and Microsoft will fix its products in record time.
    Botnets do not take over computers because "super hackers" are inhumanly evil and clever, they take computers over because Microsoft makes it painfully easy for them to do so. Under the blanket protection of legal immunity, Microsoft saves money by spending nothing on security, and makes money every time an ignorant user replaces a "worn out" or "broken" machine disabled by Microsoft garbage.
  • rderveloy, on 04/10/2008, -0/+9I agree that they should quarantine infected computers. However, the ISP should give the account holder both written and verbal notice and provide assistance in removing the infection. However, neither the Government nor ISPs should fine the end user as 99.9999999...% of bot software is installed without the owner's knowledge.

    If someone's business website were shut down because the server got infected, then it would open the ISP to lawsuits.
  • Pixelante, on 04/10/2008, -2/+10Shoot the CPU, anywhere else will only slow it down.
  • inactive, on 04/10/2008, -0/+7My computer just bit me.

    Should I be concerned?
  • dondara, on 04/10/2008, -2/+9If I am playing with a gun and shoot somebody, I can't use "I am not good with guns." as a defense. Time to do some hand slapping. ISP's should be dropping any machine that is infected and it's not hard to figure out which ones are.
  • AzBats, on 04/10/2008, -0/+7Or switch the connection on but only so that PC tcan be forwarded to somewhere that has all the anti-botnet software - like Google's etc.
  • tiuk, on 04/10/2008, -0/+7This is actually exactly what my ISP (Cogeco) does. If they find a computer on your network spewing spam, they cut off your connection and redirect you to a page explaining the problem (also has s number you can call if you need to talk to somebody about how to fix it). I know because this happened to one of my parents' PCs.
  • santaliqueur, on 04/10/2008, -0/+6Considering there isn't any known working spyware on OS X or Linux, I'd say Microsoft's spyware marketshare is nearly 100%.
  • wrxpert, on 04/10/2008, -1/+7Dugg for Zombies.
  • leetdood, on 04/10/2008, -0/+614 days is a bit long, 3 days should be reasonable, if she's not using the computer enough to notice the email and take immediate action then she doesn't exactly need the internet immediately.
  • CrackyJSquirrel, on 04/10/2008, -4/+9Trying to steal anything of importance off a Mac is like trying to steal shoes from a man with no feet.

  • CAPITALLETTERS, on 04/10/2008, -6/+11Simple solution: Don't allow idiots to use computers with internet connections.
  • LongShlong, on 04/10/2008, -2/+7Well, perhaps they aren't looking for a solution... This could just be another way to make the interwebs look like an unruly no-man's-land... Which would pander nicely into putting massive restrictions on it, or laying the groundwork for Internet2, or some such...
  • Flummoxer, on 04/10/2008, -0/+5Someone might have used one against CoS.
  • coyote1284, on 04/10/2008, -0/+5CoS is the new Masons
  • dondara, on 04/10/2008, -2/+7Uh huh, like maybe 100%.
  • fnordy, on 04/10/2008, -5/+9Sue the company that writes the software that makes the bot nets function....Microsoft Windows! According to reports all of the zombies systems are Windows based. Fix Windows, and you eliminate the problem.

    ttyl
    Farrell
  • and303, on 04/10/2008, -0/+4As a rabid George Romero fan, the first fraction of a glance at the headline made me really excited.
  • CAPITALLETTERS, on 04/10/2008, -0/+4It isn't a Windows hole, exploit or bug in any way.

    A bot is simply just a program that connects to others with sockets, how would windows know the difference between a normal program opening sockets(such as an irc client) and a malicious bot? It wouldn't and it isn't the job of windows to protect against that, it is the user's responsibly to not run the malicious software.
  • subliminalurge, on 04/10/2008, -0/+4Digg's population would certainly drop dramatically.
  • DanBoodro, on 04/10/2008, -0/+4Anyone else think that Michael Chertoff kinda looks like Christopher Lloyd from Back to the Future?
  • DyceFreak, on 04/10/2008, -1/+5this is crap... Sure zombie computers could potentially be a problem. but the problem is truly with the uneducated user. That is the single most weak point of any computer system, the user's education. Anyone who says otherwise... uses windows only and sucks ***** for a living... Any who, the computer, like any other modern day machine, carries responsibilities. I hate the people who just say "I just want it to work", they obviously don't want it enough, because no average home user is willing to do it themselves. I've seen so many WEP networks with the key GEEKSQUADROCKS its disgusting. Its like after age 40, people shut down their learning capabilities, and anything that has to do with learning something new, they just get out their wallet instead...

    The Internet is survival of the fittest, be too lax and you will be eaten.

    P.S.
    after installing an enterprise-level firewall on my home connection, it is now quite apparent that there are tons and tons of harmful traffic, from worms, to exploit attempts, to attempted network break ins, more than 10 a day for a home connection! Attacks any LinkSYS router would have just routed through : )
  • ybnormalman, on 04/10/2008, -1/+5You mean "antivirus" and "anti-spyware" protection software should be made available to the public for free and/or purchase? That's such a novel concept!
  • Shadowgamers, on 04/10/2008, -1/+4Hey! This awesome person who I don't know of sent me a valentines card in this email!
  • RevEng, on 04/10/2008, -0/+3The comments on both Digg and Wired highlight the real problem nicely. Comments such as, "Use a Mac, then you can't get viruses," and, "Everyone should have a firewall, antivirus, antispyware, antimalware, and (ten other expensive technological bandaids)," illustrate a complete lack of understanding among the vast majority of people (even those with general computer knowledge). It's not about the OS, it's about education. The sad truth is, computers are complicated. Technology has grown at such a pace that we as a society can't keep up.

    The DDoS is an old concept -- one of the most infamous ones was caused by the Morris worm in 1988. Why do they keep happening? Because we don't have a good solution to the problem. The problem exists on many levels: the sender of a packet can easily be spoofed; there aren't any user protocols for telling upstream routers to filter specific traffic from lower-bandwidth downstream connections; there's no reliable way to tell the difference between legitimate and illegitimate traffic; most users don't know (and can't be expected to know) how to prevent and fix infections; and many other fuzzier problems.

    The hardest security problem is the user problem. DHS "awareness programs" are futile attempts to solve this. Expensive apps such as the likes from Norton, Mcafee, Lavasoft and the rest spend so much time touting their usefulness that they only make the problem worse for users, lulling them into a false sense of security ("I've got Norton, so I can't get a virus."). And worst of all, the people producing malware have more time, money, and interest into causing problems than users have to fix them.

    As for calling this all an "imminent national threat," well, that's typical DHS rhetoric. Ask a real expert, like Bruce Schneier, and he will tell you that temporarily disabling public websites isn't a security threat because society won't topple over if we can't reach eBay or whitehouse.gov for a day. The DHS is only concerned because, as they clearly state, "temporarily unavailable government or financial websites would erode public confidence," which isn't a security issue, but is embarassing to the government. And as for them being used to "attack critical infrastructure", what publicly-accessible website is considered critical infrastructure? They suggest attacks that could result in "inflicting minor power outages". If any utility company has their power control systems connected to the Internet, we have bigger issues than botnets.

    The real damage botnets cause is economic. Electronic commerce has become a major part of our economy and it's already been shown that taking down commerce websites for even a few hours can cause untold financial losses. We can live without the Internet, but those who rely on it for their business would suddenly lose a lot of money if it were interrupted even temporarily.

    So, as with most "imminent national threats" the DHS will bemoan, tackling DDoSes, botnets, and all other sorts of online mayhem is not a national security threat, or a threat to critical infrastructure, but it is a threat to economy, control, and the public image of the government. It's also not a problem that will disappear because of legislation or awareness programs. So long as the attackers have more education and dedication than the victims, we will never be able to cull this threat.
  • a2fan, on 04/10/2008, -0/+3"When the U.S. government wants to get things done, they know how to put people in jail."
    No argument there.
  • Fetching more discussions...
    Show 51 - 100 of 222 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.