Mariposa Botnet Beheaded 177
northernboy and many other readers sent news of the beheading of the Mariposa botnet with three arrests in Spain. "Defense Intelligence of Ottawa working with ISPs and Spanish authorities have taken down yet another > 12M PC botnet, called Mariposa. The three top-level operators are in custody, but remain anonymous under Spanish law (how quaint: apparently in Spain, the accused have some right to privacy). AP is claiming that the botnet included systems in roughly half of the Fortune 1000 companies, scattered over 190 countries. Interesting details: none of the three principals has a prior criminal record. Although apparently hardworking, they are not uber-hackers, but rather had connections to the Spanish mafia, which apparently helped to equip them. At the time of arrest, they were not showing signs of their significant new income level. From the article: 'Chris Davis, CEO of Ottawa-based Defence Intelligence, said he noticed the infections when they appeared on networks of some of his firm's clients, including pharmaceutical companies and banks. It wasn't until several months later that he realized the infections were part of something much bigger. After seeing that some of the servers used to control computers in the botnet were located in Spain, Davis and researchers from the Georgia Tech Information Security Center joined with software firm Panda Security, which is headquartered in Bilbao, Spain. The investigators caught a few lucky breaks. For one, the suspects used Internet services that wound up cooperating with investigators. That isn't always the case.'"
Another... (Score:2, Funny)
Another one bites the dust...
Good for them, but I still don't see a noticeable reduction in my spam mail. Gotta keep working at it, guys.
Re:Another... (Score:5, Funny)
This was done much better than the previous one done by Microsoft. Catching the human masters and putting them in "federal pound me in the ass prison" is the right solution to this problem.
Re: (Score:3, Funny)
...putting them in "federal pound me in the ass prison"...
This isn't Riyadh. You know they're not gonna saw your hands off here, alright? The worst they would ever do is they would put you for a couple of months into a white-collar, minimum-security resort! Shit, we should be so lucky! Do you know, they have conjugal visits there?
Re: (Score:2)
Re: (Score:2)
You won't see a reduction until the ISPs start to be accountable for their users.
ISP should be pro-active in managing connections - only open up certain ports where the users have requested it.
eg. SMTP - home users should only be able to connect to port 25 on their ISPs mail server.
Do home users need remote access to Windows Filesharing? I don't think so, so the ISPs could block those ports by default too.
The old days of only clueful people connected to the net are long gone (by about 20 years).
Re: (Score:2)
I don't really understand why egress filtering like this isn't being done as a routine course of business these days.
Re:Another... (Score:5, Insightful)
What the hell is wrong with you two? The only situation I can find this even remotely acceptable is in response to verified abuse complaints, and even then the appropriate resolution is attempt to contact the customer then disable the entire connection if the customer is unable to resolve the issue. Depending on the severity you don't necessarily need to do it in that order.
I'm leasing an internet connection. You route IP packets destined for my address directly to me, and you route any and every IP packet I send to the appropriate next hop. The end. No if's, and's or but's. No blocked, ports, no traffic shaping, no injected tcp resets... nothing. Just route the damn traffic.
Re: (Score:2)
Er, what if I want to send an email through my work mail server, or one provided by someone that isnt my ISP? You two have just locked me out of securely authenticating to any other mail servers ...
Re: (Score:2)
Re: (Score:2)
SASL and TSL don't require port 25.
Re: (Score:3, Insightful)
SMTP - home users should only be able to connect to port 25 on their ISPs mail server. I don't really understand why egress filtering like this isn't being done as a routine course of business these days.
Probably because of a large number of other email options out there, which offer SMTP and POP3 and aren't connected to the ISP. GMail for example...
Re: (Score:2)
My ISP (iiNet*) does this - they filter a bunch of commonly exploited ports by default. If you want to enable them, it's as simple as going to their website and ticking a checkbox. This seems to be the optimal solution, since anyone who actually needs those ports can manually enable them, while the more ignorant users are still protected.
* You might remember them from the iiNet vs. AFACT case.
Re:Another... (Score:5, Informative)
Jesus Christ, use a little bit of critical thought before nerdraging.
Re: (Score:2)
I knew exactly what he was referring to, thanks.
Re: (Score:2)
You won't see a reduction until the ISPs start to be accountable for their users.
You're quite right, but I assume you aren't positioning that as a good idea (I will give you the benefit of a doubt).
The more we consider and treat ISPs as common carriers - and yes, I know this is a grey area - the safer we users of content will be. If ISPs become accountable for their users, then the regulators will step in and determine just exactly how those accounts should be drawn up. And I, for one, would not salute our new robotic overlords.
w00t (Score:2)
apparently in Spain, the accused have privacy (Score:5, Insightful)
From TFA:
how quaint: apparently in Spain, the accused have some right to privacy
That's because in Spain you're not guilty until proven guilty by a court of law. The days of the Spanish inquisition are over.
What country doesn't protect its accused in the 21st century?
Re: (Score:3, Insightful)
Re:apparently in Spain, the accused have privacy (Score:5, Informative)
Of course, we are talking about botnet script-kiddies after all, so whose to say these upstanding individuals aren't actually minors as well?
The Cnet [cnet.com] article provides their ages, which range from 25 to 31.
Re:apparently in Spain, the accused have privacy (Score:4, Interesting)
Of course, we are talking about botnet script-kiddies after all, so whose to say these upstanding individuals aren't actually minors as well?
Do you seriously believe that today's bot nets have any resemblance with the irc-botnets of yesteryear? Bot nets are used primarily by organized criminals these days, trading in identities and performing phishing and scamming operations. The script kiddies were replaced by real crooks with guns a long time ago.
Re: (Score:2)
Re:apparently in Spain, the accused have privacy (Score:5, Informative)
In both the USA and Canada, you're allowed to publish the names of the accused as long as they're adults. The accused need to request that the court protect their anonymity by ordering that their names not be published until after the trial, and the court maintains the right to deny that request.
For juvenile offenders, it's a different story... young offenders must always be referred to by pseudonym to protect their anonymity, and their records are expunged when they turn 18. Unless, of course, they're tried as adults, which has been known to happen in cases of violent crime.
Re: (Score:2, Interesting)
In both the USA and Canada, you're allowed to publish the names of the accused as long as they're adults.
Which is done, of course, with the understanding that these people are again innocent as they have not been proven otherwise. Since they are innocent, there is nothing for them to be embarrassed about, and no reason not to publish their names.
Also, the publication of names can have the effect of bringing forth witnesses.
Unfortunately, the court of public opinion has no presumption of innocence.
Re:apparently in Spain, the accused have privacy (Score:5, Insightful)
Unless they stand accused of something embarassing, like: rape, paedophelia, fraud, beating up grandmas, etc.
Re: (Score:2)
Their records can be sealed when they turn 18, not expunged. An expunged record means that it never happened in the eyes of the court, no exceptions. A sealed record means that it legally never happened, though there are exceptions. A petition must be made to the court (at least in some states) to seal the records, and they are then available only in very limited circumstances. The court may deny the petition, and certain serious crimes (murder, arson, carjacking, etc.) are not eligible for seal.
Re: (Score:3, Interesting)
I always loved the US idea of declaring someone to be a juvenile, yet trying them as an adult in order to get a harsher punishment.
Either someone is a juvenile or they aren't...and if you try a 16 year-old as an adult and they are acquitted, does that mean they can now drink and drive like an adult as well?
Re: (Score:2)
I always loved the US idea of declaring someone to be a juvenile, yet trying them as an adult in order to get a harsher punishment.
Either someone is a juvenile or they aren't...and if you try a 16 year-old as an adult and they are acquitted, does that mean they can now drink and drive like an adult as well?
Chances are, if their crime was deemed brutal enough for them to be tried as an adult, they already were drinking and/or driving like one. Mind you, in the U.S. Kids can legally drive at 16 or something so that may not be any big deal. Binge drinking at 16 however is likely to be relevant.
Re: (Score:3, Insightful)
For the accused? None. It means that, for example, if a girl wants to screw a guy over for the rest of his life she just has to accuse him of rape. The newspapers will publish his name as a suspected rapist and his name is tarnished for the rest of his life, even if he's ultimately exonerated.
For the newspapers? It sells newspapers and makes them more money. It's a seriously fucked up system. But unfortunately, it's one that's enshrined in that simple concept of freedom of the press: that the press can publ
Re: (Score:2)
For the innocent family of the accused or people who share the same name as the accused it could lead to harassment as well.
Re: (Score:2)
It doesn't have to be anything as serious as rape; having your name published with respect to any crime or
a wide number of legal activities could hurt your chances of employment.
Re:apparently in Spain, the accused have privacy (Score:5, Funny)
The days of the Spanish inquisition are over.
I wasn't expecting that...
Re: (Score:3, Funny)
well obviously you weren't, nobody expects the Spanish Inquisition.
Re: (Score:2)
Speaking of jokes, here is everything [slashdot.org] that we need to know about you.
Re: (Score:2)
Offtopic, but relevant.. (Score:4, Insightful)
'How quaint' that you're innocent until proven guilty?
Am I the only one that is getting tired more and more frequently by juvenile editorial quips?
I used to come here for impartial, to the minute news - neither of which seem to exist in any great quantity anymore.
Re: (Score:2)
Re: (Score:2)
Well, it is kdawson -- what were you expecting? Just be thankful that he's better than jon katz or michael.
Anyway, back to the topic at hand -- all these creators of botnets and worms need deterring sentences. Having had to just replace a hard drive and having lost a lot of data because of a recent infection (despite backups), I have the overwhelming urge to shove these bastards into the electric chair. But since we're civilized, we'll settle for hours of lost productivity and psychological damage, and give
Re:Offtopic, but relevant.. (Score:4, Insightful)
When you find a source of that, will you ask them if they can give me a pony unicorn? Preferably a pink one that flies.
Re:apparently in Spain, the accused have privacy (Score:5, Informative)
"Three alleged EVIL HACKERS were arrested today for allegedly HACKING MILLIONS OF COMPUTERS! ZOMG!" And then they'd go to the person's home, and knock on the door. If no one answered, that would be taken as damning evidence by the reporter. If a family member came to the door but said the accused wasn't there, that would be taken as damning evidence by the reporter. If the accused were seen and questioned, but said they couldn't comment on the case, that would be taken as damning evidence by the reporter. If a dog farted, that would be taken as damning evidence by the reporter...
allegedly
Re: (Score:2)
In our media, you'd get to hear in an adjective-heavy article how these individuals are the worst slime on earth, should be roasted, burned and quartered, only to have the article close in the formula "The presumption of innocense applies".
Re: (Score:2)
And in some non-US countries, that “reporter” would go to jail himself for that. (Slander)
Re: (Score:2)
Errm... where's the frightening headline?
SUPER NET ZOMBIE SMASH-DOWN HACK-MAGEDDON!!!!!
Roll the foreboding theme music. Cue the Burger Despot "L337 Hakzor Happy Meal" promo in... 3...2...1...
Re: (Score:2)
Three Spaniards arrested in alleged global hacking scheme [cnn.com]
Accused Masterminds of World's Largest Computer Virus Network Arrested [foxnews.com]
I don't particularly think the comment above was funny, but at least I wouldn't be so confused if that's why it was modded up.
Re: (Score:2, Insightful)
So you prefer being arrested and imprisoned without the public or anyone else being aware of it. Law enforcement transparency is the first defense against tyranny.
Re: (Score:2)
There is a difference between pulic records and huge bold letters on the front page of a newspaper......
Re: (Score:2)
It's a necessary evil that goes along with a free press. Besides, most arrests don't go reported in the newspaper.
Re: (Score:2)
It's part of a declining trend, at least in newspapers. The LA Times and the Orange County Register both used to have crimelogs, and the Times has not had it in several years. The last time I went looking for it in the Register, I couldn't find it.
The idea of not being able to have an arrest reported in the paper lies perilously close to the government being able to arrest someone and not have anyone know about it. BTW, the names of juveniles charged can (and do) appear in the press, but law enforcement
Re: (Score:2)
This does nothing for transparency of government, though. I like to know what my government is doing and that means publishing information. It seems scary to me that the government could arrest you and not have to tell anyone about it. I think Bush and Cheney would have loved that to be accepted in general.
If you want a transparent government, then you have to accept that a certain amount of information is going to be revealed. I think that is a reasonable price considering the amount of power that a go
Re: (Score:2)
Unfortunately, that's not always the case. There was a recent nasty episode [typicallyspanish.com] when this guy was falsely accused of abusing and murdering his stepdaughter. It turned out in a previous hospital visit doctors had ignored evidence of severe injuries from a playground accident from which she ultimately died. Of course, nobody dared mention the negligent doctors' names, but the stepfather's face and full name were front page of some major newspapers [blogspot.com]. Truly disgusting in many ways. I'm glad at least sometimes they b
Re: (Score:2)
Re:apparently in Spain, the accused have privacy (Score:5, Insightful)
Keeping those accused anonymous to the public until the conviction helps prevent jury prejudice from what they see in the media.
How can you expect a jury not to be influenced by what they is in the media before they sit for the trial.
Re: (Score:2)
There's definitely a balancing act between having the police held accountable for their actions, and to maintain the privacy of people who are accused (but not yet, or possibly ever, convicted) of a crime. I don't know that the US system is better than Spain's or vice versa, but they both seem accomplish their stated goals.
You also have to remember that libel laws in the US work different than in Europe due to our First Amendment protections. As long as what you're writing is true, you can't be sued (at lea
Re: (Score:2)
Re: (Score:2)
but only if the average citizen understands the difference between "appeared on the police's books" and "guilty".
- on average, average citizens are able to differentiate between these concepts because on average they are smarter than the average. It's easy to see from an average example of an average guy, such as G.W.Bush for an average example.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Japan will be sad to hear they're not "civilized" anymore.
Well, they don't seem to care about world opinion on whaling.
They seem to have the attitude that - For scientific purposes we're trying to see whether we can drive these populations extinct to see whether that will increase the price of whaleburgers.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
isp's cooperating (Score:4, Insightful)
Great that another one went down, but the line about catching a lucky break was disturbing. ISP's dont normally cooperate when told they are harboring botnets? Isnt not cooperating pretty much the same as supporting it? Why not just publicly list them and black hole them? I would imagine it wouldnt take much of that to get them to want to cooperate.
Re: (Score:2)
how do companies have so many computers that can be remotely controlled?
Re: (Score:2)
It's in the interest of the corporation to have all computers able to be remotely controlled (pushing software to computers, by example). They don't want to have the computers controlled by anybody else, though.
As for "how", maybe they used some IE6-only internal sites, so they were open to exploits, maybe it was social engineering, and so on.
Re: (Score:3, Insightful)
Its called privacy. I for one am glad that both major ISPs in the area have publicly stated that they don't give out any information without a warrant.
Like the drug war (Score:3, Insightful)
All these stories remind me of the war on drugs. Every so often, the government nabs a big drug gang, and they have some impressive sounding stats and a PR photo with as much loot spread out as possible "this cache had a street value of 8 billion dollars", with of course all the guns and other stuff lined up, and, yet, the price of drugs on the street continues to fall, people are still running out of emergency rooms with iv's inserted so they can mainline... this whole sorry truth is that you can't expect the gov't to really defend your computer any more than it can defend your house.
W32.Pilleuz (Score:5, Informative)
Source: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99 [symantec.com]
Re: (Score:2)
Never thought I'd see modern malware that ran on Windows 95, 98, or ME.
like apples and oranges (Score:2, Interesting)
Why is it so hard? (Score:4, Insightful)
Why is it so hard to dismantle a botnet? Rather than find the botnet owners by technical means, surely all they need to do is determine who are the businesses being advertised via spam from the botnet, and get them to spill who they did their advertising deal with.
I mean the advert always has to specify somewhere to send your money right?
It seems to me that if they made it as illegal to be an 'spamvertiser' as it is to be a botnet operator, and actually enforced it with presecutions, I bet the whole botnet and spam thing generally would stop happening due to a lack of businesses willing to pay to use that method for advertising.
Re: (Score:2)
But it isn't that simple.
Years ago we had some pirate TV stations that would come on late at night with porn.
They were paid in cash by advertisers so you'd go to them to stop the financing right?
Wrong, these pirate stations would sprinkle in adverts for companies that had nothing to do with them, just to muddy the waters.
Re: (Score:3, Informative)
The spamvertisers are *already* advertising and selling products illegally, such as prescription drugs without a prescription, ripped off merchandise, unauthorized copies of proprietary software etc. You don't need to make any new rules, just prosecute the spamvertisers for the laws they already break. The reason these businesses are using spammers to advertise is precisely because what they are doing is already illegal and therefore they cannot use the normal legal advertising channels to hawk their wares.
Re: (Score:2)
Re: (Score:2)
And how do you know that the businesses being advertised actually condoned the spamming, much less encouraged it?
Re: (Score:3, Interesting)
This was-in a way-Blue Security's [wikipedia.org] model, and it worked exceptionally well. So well that one spammer fought back on a very large scale, causing much hate and discontent towards Blue Security.
The problem now is that businesses have learned their lessons and obfuscate their websites better, as well as adding CAPTCHAs to prevent automated scripts like Blue Frog from attacking them.
And I've encountered a few spams from legitimate businesses who had no clue that they'd hired a spammer to do their email advertisi
If ISPs helped... (Score:5, Interesting)
If ISP helped authorities on these things, there wouldn't be botnets, nor spam. Many attempts at preventing spam stop at their refusal to help. It would be nice to force them by lay to cooperate with spam fighting efforts. Sadly laws to force them to cooperate fighting "piracy" seem to pass easier..... =/
Pentalty for 12 million botnet = 6 years (Score:5, Interesting)
Here's one reason botnets thrive: In addition to the fact that the perpetrators are likely to get away with it, per one article [cbsnews.com], They face up to six years in prison if convicted of hacking charges..
6 years max? For hacking 12 million computers? Ignoring the intrusions, how much did it cost the victims in labor and downtime to fix it? Hundreds of millions? And add to that the damage they did with the botnet; I don't know what this one did, but it could be spam, DDoS attacks, stolen personal info, extortion, etc.
Also, I still don't understand why the U.S. government doesn't treat these wide-spread, expensive crimes as a priority. Given the scale of these crimes, there should be a large task force pursuing them. I get the sense they are looked on as computer problems, not crimes.
Re: (Score:2)
Re: (Score:3, Interesting)
Here's why botnets and, more generally, spam continue to survive - people buy the products advertised!:
http://www.newscientist.com/article/mg20527491.500-spamdemic-tracking-the-plague-of-junk-mail.html [newscientist.com]
(From the text in the graphic) An analysis of just 1.5% of one botnet ("Storm") for one month in 2008 showed:
35 million spams sent
8.2 million passed filtering software
10,500 clicked on the link in the email
28 people actually bought the product
Although this represents only a 0.000008% conversion rate when scale
Let me guess (Score:2)
The F1 key?
Re: (Score:2)
I still don't understand why the U.S. government doesn't treat these wide-spread, expensive crimes as a priority.
When the US investigates or attempts to punish nationals of another country they are generally scorned. Maybe you should ask the Spanish?
At Least The Group At Georgia Tech Gets It (Score:5, Insightful)
Re: (Score:2)
I thought the slashdot groupthink was to call for grey-hat botnets to fight the black-hats. Or am I so far out of touch that even my language is outdated, and I only sound faggy and pompous?
Re: (Score:2)
I thought the slashdot groupthink was to call for grey-hat botnets to fight the black-hats. Or am I so far out of touch that even my language is outdated, and I only sound faggy and pompous?
I cannot speak for all of slashdot. I can say that whenever spam comes up in conversation the loudest slashdotters are generally the ones calling for blood.
Re: (Score:2)
I cannot speak for all of slashdot. I can say that whenever spam comes up in conversation the loudest slashdotters are generally the ones calling for blood.
I must be living on a particularly well-situated ivory tower, then, because most of the slashdotters with whom I have the privilege to speak to in person on at least an occasional basis are fairly soft-spoken. I'm not that loud, but I do have a tendency to loom.
Re: (Score:2)
I must be living on a particularly well-situated ivory tower, then, because most of the slashdotters with whom I have the privilege to speak to in person on at least an occasional basis are fairly soft-spoken. I'm not that loud, but I do have a tendency to loom.
To be more verbose, I do mean discussion on slashdot when I refer to conversation. I have not met any slashdot users in person, or at least not any who I regularly exchange messages with here now.
Indeed the people who I exchange messages with here may be quiet in person. However when an article on spam is brought up here, one can pretty well count on someone asking to have a spammer murdered. I suspect one could call this a parallel to Godwin's law - a discussion on spam will invariably reach a point
Re: (Score:2)
Next step is pull the dman plug! (Score:2)
The next step is for the ISP's of the world to pull he damn plug.
Look, I know it might inconvenience the owners of the bots. However it is their negligence which is enabling this and as such they are accessories to criminal activity. They may be an unwitting accessory but they are still an accessory and this is no different than a bar tender who keeps pouring drinks for a patron and then watches the drunk head out to the parking lot and drive away.
The bar tender in a case like this can claim all the innoc
"quaint"? (Score:2)
Guilty until proven innocent and all that so let's hear their names right now!
It's funny how people are quick to abolish basic rights for other people when those people might have done something they don't like. Or is it quaint, rather than funny?
Re: (Score:3, Insightful)
You'd probably still be caught red-handed, though...
Re: (Score:2)
It's ok, you can post a make-up joke.
Re:Dumb Criminals (Score:5, Funny)
If I ever had to 'go rouge' I feel that I could last for years just off of common sense alone by using different public computers in a place with no cameras.
I think I might do the same if I ever go "rouge [wikipedia.org]".
Re: (Score:2)
Pay someone else to push the keys.
Re: (Score:2)
Botnets are stolen and restolen fairly often between groups. Makes sense when you think about it, it's easier to use the sheep army of someone else than building your own. He probably assumed that it was just another group taking over his botnet.
Re: (Score:2)
They probably simply changed the IP addresses for the servers that were commanding the bot net. The ISP might have some explanations to do, if it broke the contract with the botnet operators, or the botnet operators might have some explanation to do if they broken their Terms of Service.
Re:Different article/same topic (Score:5, Interesting)
"What gives these bloody do-gooders the authority to "take over" other people's servers?"
The same authority I have to "take over" someones car keys if I see them staggering out of a bar, and fumbling around to find the lock on their door while throwing up all over the hood. If you're acutely aware, and certain, that your non-action is allowing an illegal activity to take place then why not intervene? The problem today is that too many people just stand there like idiots doing nothing in the face of evil or criminal activity. The fact the servers these shitbags were using were probably compromised, or funded by illegal activities is neither here nor there.
Re:Different article/same topic (Score:5, Insightful)
The most common things people do when they are witnesses to someone committing an illegal activity is re-elect him.
Re: (Score:2)
Our law. When I am aware of a crime happening, I have to stop it if it is in my power (without endangering me or anyone else) or call the police. Not doing either would make me an accomplice.
In other words, I pretty much have to take over those servers and shut them down or hand them over to the relevant authorities, or face criminal charges myself.
Re: (Score:2)
"When I am aware of a crime happening, I have to stop it if it is in my power (without endangering me or anyone else) or call the police. Not doing either would make me an accomplice."
Not true. If you have absolutely no relationship with either the criminal or the victim, you have no legal responsibility to stop or report the crime. Some cases in which you can be held responsible for the criminal acts of a third party are:
1. When you're an accessory, helping to plan or cover up the crime, fence the stole
Re: (Score:2)
Talk for your country, I'll talk for mine.
Re: (Score:2)
Wow nice. Kdawson is the next new internet meme.