FBI tries to fight zombie hordes

[Matt W]

BBC NEWS | Technology | FBI tries to fight zombie hordes

Quote:

The FBI is contacting more than one million PC owners who have had their computers hijacked by cyber criminals. The initiative is part of an ongoing project to thwart the use of hijacked home computers, or zombies, as launch platforms for hi-tech crimes. The FBI has found networks of zombie computers being used to spread spam, steal IDs and attack websites. The agency said the zombies or bots were "a growing threat to national security".

Such a shame it wasn't real zombies.....but a great title nevertheless!

Bugger about the PCs, though. How many here are concerned about their security measures?

[Milton Bradley]

Not worried enough to let the FBI go poking around on there.

[Jubloz]

Aww, and I was just about to grab my crowbar, too. :(

[Jack]

This is why I get so frustrated with computer owners (like my brother) who don't bother keeping their AV updated because "I don't do anything to get me in trouble on the internet". An always-on connection and outdated virus definitions combined with no protection at all from zero-day exploits makes for a potential zombie machine...which then relays worms and viruses onto other people's systems/networks.

You can't force people to be security conscious, but sometimes I wish you could.

[Chris]

I am extremely worried. This is the new virus. People arent going to send you an "I love you" virus now a days, they arent interested in harming your pc, they are interested in using it to make money for themselves. Like a parasite is willing to live in a host - they want your pc to be healthy so you unwittingly make them more money.

Crazy

[Apeman81]

Quote:

Quote by: Matt W BBC NEWS | Technology | FBI tries to fight zombie hordes Such a shame it wasn't real zombies.....but a great title nevertheless! Bugger about the PCs, though. How many here are concerned about their security measures?

Indeed a great title!

When I first read it, I was hoping Sean (of the Dead) had been co-opted by the FBI for a special op.

Preach to the choir. Keep your computer, your computer. You paid for the processor and memory, why let someone else mess with it.

[Mr.Vicchio]

You guys do realize that this is just an excuse for the FBI to root around your computer to find "terrorist materials" and if you let them in, you'll never ever let them out and they'll know everything they need to about you.

[Apeman81]

Quote:

Quote by: Mr.Vicchio You guys do realize that this is just an excuse for the FBI to root around your computer to find "terrorist materials" and if you let them in, you'll never ever let them out and they'll know everything they need to about you.

I understand the slight paranoia. But if my system is open to "zombies", the FBI could get in as well.

I invite neither.

[Jubloz]

Quote:

Quote by: Mr.Vicchio You guys do realize that this is just an excuse for the FBI to root around your computer to find "terrorist materials" and if you let them in, you'll never ever let them out and they'll know everything they need to about you.

Great, so now I have to combat zombies and the FBI?! :eek:








Yes, that was a joke.

[Technosoul]

They should get their men in black on that right wasy.

The only way they can get into your compter to take it over for their useages is when you open e-mails or P.M.s (etc.). In businesses that would be nearly impossible not to do. But private computer owners can simply not open e-mails from anyone they do not know.

Sort of like the old "don't talk to strangers" advice.

I no longer even use my e-mail services anymore. And I might discontinue opening private messages as well.

Not sure how the FBI can stop them, that would be interesting to find out more about. The best bet would be to have the hardware and software computer companines find way to build in firewalls to keep the Zombie Bugs out.

[Jack]

Quote:

The only way they can get into your compter to take it over for their useages is when you open e-mails or P.M.s (etc.)

That hasn't been the only way for a while. Exploits have been found embedded in jpegs, pdf's and audio files, as well as the ever-popular buffer overflows and scripts.

Quote:

This past December, a new family of worms was discovered. The family, Santy, attacked Web applications written in the PHP scripting language. Santy is interesting for two reasons: First, its worms used Web search engines to locate likely targets; second, a Santy variant exploited a generic flaw in PHP applications, rather than a specific vulnerability.

2005 Worm Propagation and Generic Attacks

Quote:

Other worms can use multiple methods of spreading. The MyDoom worm, which started spreading in January 2004, attempted to copy infected files into the folder used by Kazaa, a file-sharing program. The Nimda worm, from September 2001, was a hybrid that had four different ways of spreading.

CBC News In Depth: Internet

Quote:

Another common way for a virus or spyware to spread is by piggybacking on other software that you download. If you just can't resist the latest toolbar, file-sharing gizmo, coupon dispenser or email enhancer, you may be at risk. Often these and other downloads come with malware, free of charge.

How Does a Virus Spread?

Quote:

Several new Adobe pdf vulnerabilities were recently announced. The author claims these are basic vulnerabilities in the pdf api or architecture. The author tested his poc's against Acrobat reader and Adobe professional. The details are available here. Hacker Anthology - Operation n Hacker Discovers Adobe PDF Back Doors Here is a quick risk assessment. How widely deployed is the application? Adobe reader is widely used and deployed. (9) Are vendor patches available? No patches currently available (10) Is mitigation available and if so how complete is the mitigation? No mitigation is currently available. (10) Is user participation required? Yes. The user first has to download or click the link to a pdf. (5) So some user interaction takes place. I have not tested the POCs but several people have and their results do not match. Depending on who tested it you may have to click allow. See this discussion on who tested the pocs and their results. Network Security: Detailed info on Re: [Full-disclosure] Backdooring PDF Files Is the vulnerability cross platform? Yes. Any exploits will still have to run system dependant malware on the end host but there are plenty of malware binaries that could be used. (8) Is proof of concepts or exploit code available? The poc for two of the vulnerabilities are publicly available (10)

SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc

Quote:

The first example of a working program designed to exploit a bug in Microsoft's GDI+ library—which allows malicious code to be run simply by viewing a JPEG image—has been found in the wild. EasyNews, a provider of Usenet newsgroup services, claimed it had already found two images containing code designed to take advantage of the flaw—by downloading remote control software to infected machines. In theory, this would give the creators of the images access to both files on infected machines, as well as giving them the ability to run remote programs on them.

2004 Windows JPEG Exploit Ventures into the Wild