Comments on: The Rise of Point-and-Click Botnets http://krebsonsecurity.com/2010/01/the-rise-of-the-point-and-click-botnets/ In-depth security news and investigation Fri, 30 Jul 2010 04:29:12 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Toby Simpsonhttp://krebsonsecurity.com/2010/01/the-rise-of-the-point-and-click-botnets/#comment-7618 Toby Simpson Tue, 20 Jul 2010 01:23:52 +0000 http://www.krebsonsecurity.com/?p=775#comment-7618 Franchising business is good but some franchise needs some cold hard capital to start with.~~~ Franchising business is good but some franchise needs some cold hard capital to start with.~~~

Like or Dislike: Thumb up 0 Thumb down 0

]]> By: Esme Fisherhttp://krebsonsecurity.com/2010/01/the-rise-of-the-point-and-click-botnets/#comment-6892 Esme Fisher Thu, 17 Jun 2010 07:25:59 +0000 http://www.krebsonsecurity.com/?p=775#comment-6892 the franchising business is actually good specially if the product for franchise is well known.*-* the franchising business is actually good specially if the product for franchise is well known.*-*

Like or Dislike: Thumb up 0 Thumb down 0

]]> By: Rickhttp://krebsonsecurity.com/2010/01/the-rise-of-the-point-and-click-botnets/#comment-1307 Rick Sun, 31 Jan 2010 06:52:55 +0000 http://www.krebsonsecurity.com/?p=775#comment-1307 Don't fall into the AV/anti-malware trap. Those tools are only good for performing Keystone Kops types of security - when the bad guys are already inside the perimeter. Concentrate instead on making sure you have multiple barriers and not just a by definition flaky defence at the perimeter. Don’t fall into the AV/anti-malware trap. Those tools are only good for performing Keystone Kops types of security – when the bad guys are already inside the perimeter. Concentrate instead on making sure you have multiple barriers and not just a by definition flaky defence at the perimeter.

Like or Dislike: Thumb up 0 Thumb down 0

]]> By: buckhttp://krebsonsecurity.com/2010/01/the-rise-of-the-point-and-click-botnets/#comment-1229 buck Fri, 29 Jan 2010 03:41:22 +0000 http://www.krebsonsecurity.com/?p=775#comment-1229 does the graph really indicate that HTTP is outpacing IRC as the human (being generous in use of the term here) operator's C&C protocol or that the bots coordi- nate their botwork using HTTP, because of the broad acceptance of the Firewall Enhancement Protocolhttp://www.faqs.org/rfcs/rfc3093.html?[note the publication date on that one, if you're not familiar with this ``protocol'' and its widespread (ab-) use as the transport protocol for just about every high- er (or lower [grin]) layer protocol implemented lately that moves just about any data around that's not email or BitTorrent, so, yes, i suppose it's natural it's moving people's credit card numbers and personally identify- ing information around, too, and bot C&C. my only question, in that case, is do the bad guys use XMLRPC, SOAP, JSON, REST, or what?] does the graph really indicate that HTTP is outpacing
IRC as the human (being generous in use of the term
here) operator’s C&C protocol or that the bots coordi-
nate their botwork using HTTP, because of the broad
acceptance of the Firewall Enhancement Protocol

http://www.faqs.org/rfcs/rfc3093.html

?

[note the publication date on that one, if you're not
familiar with this ``protocol'' and its widespread (ab-)
use as the transport protocol for just about every high-
er (or lower [grin]) layer protocol implemented lately
that moves just about any data around that’s not email
or BitTorrent, so, yes, i suppose it’s natural it’s moving
people’s credit card numbers and personally identify-
ing information around, too, and bot C&C. my only
question, in that case, is do the bad guys use XMLRPC,
SOAP, JSON, REST, or what?]

Like or Dislike: Thumb up 0 Thumb down 0

]]> By: xAdminhttp://krebsonsecurity.com/2010/01/the-rise-of-the-point-and-click-botnets/#comment-1227 xAdmin Fri, 29 Jan 2010 02:47:14 +0000 http://www.krebsonsecurity.com/?p=775#comment-1227 Exactly, computer security is an ongoing process. Not a set it and forget it type of thing. AV/malware software is NOT a panacea! The most important part of that process is the user behind the keyboard! It's kept me safe 14+ years (even using the dreaded Windows + IE! ;P). A computer is NOT an appliance to be used like a toaster! It reminds me of a line in Spiderman, "With great power, comes great responsibility!" Botnets wouldn't have a great majority of their spawn if people took responsibility for the power their computers wield! Most only have themselves to blame for becoming a botnet victim! Exactly, computer security is an ongoing process. Not a set it and forget it type of thing. AV/malware software is NOT a panacea! The most important part of that process is the user behind the keyboard! It’s kept me safe 14+ years (even using the dreaded Windows + IE! ;P). A computer is NOT an appliance to be used like a toaster! It reminds me of a line in Spiderman, “With great power, comes great responsibility!” Botnets wouldn’t have a great majority of their spawn if people took responsibility for the power their computers wield! Most only have themselves to blame for becoming a botnet victim!

Like or Dislike: Thumb up 0 Thumb down 0

]]> By: Botnet C&C Switching To HTTP - Away From IRC | Business Computing Worldhttp://krebsonsecurity.com/2010/01/the-rise-of-the-point-and-click-botnets/#comment-1202 Botnet C&C Switching To HTTP - Away From IRC | Business Computing World Thu, 28 Jan 2010 17:16:08 +0000 http://www.krebsonsecurity.com/?p=775#comment-1202 [...] Well-known Internet security blogger Brian Krebs calls it the rise of “Web Fraud 2.0.” [...] [...] Well-known Internet security blogger Brian Krebs calls it the rise of “Web Fraud 2.0.” [...]

Like or Dislike: Thumb up 0 Thumb down 0

]]> By: Frankhttp://krebsonsecurity.com/2010/01/the-rise-of-the-point-and-click-botnets/#comment-1188 Frank Thu, 28 Jan 2010 01:50:55 +0000 http://www.krebsonsecurity.com/?p=775#comment-1188 Brian, Some interesting data here. The trend of the graph is eye opening. Is there a version of the graph that goes back 12 or 18 months? Brian,
Some interesting data here. The trend of the graph is eye opening. Is there a version of the graph that goes back 12 or 18 months?

Like or Dislike: Thumb up 1 Thumb down 0

]]> By: jo kerrhttp://krebsonsecurity.com/2010/01/the-rise-of-the-point-and-click-botnets/#comment-1165 jo kerr Wed, 27 Jan 2010 17:11:32 +0000 http://www.krebsonsecurity.com/?p=775#comment-1165 The best basic thing I ever read about security is from a sticky in the Security Forum at Ubuntu Forums: (abridged)"Introduction : Security is an ongoing process and, like an onion, it has layers and stinks. The best defense you have is to read and learn how to secure your OS.Alas, there is no single action you can take to achieve absolute security (the only safe computer is one that is turned off, disconnected from the Internet, and in a locked vault) and security concerns and "ease of use" are sometimes competing concerns.Summary: There is no such thing as "security in a box (tm)". Information security is an active job -- it is not installing some product on the system and sitting back and relaxing."http://ubuntuforums.org/showthread.php?t=510812

The best basic thing I ever read about security is from a sticky in the Security Forum at Ubuntu Forums:
(abridged)

“Introduction : Security is an ongoing process and, like an onion, it has layers and stinks. The best defense you have is to read and learn how to secure your OS.

Alas, there is no single action you can take to achieve absolute security (the only safe computer is one that is turned off, disconnected from the Internet, and in a locked vault) and security concerns and “ease of use” are sometimes competing concerns.

Summary: There is no such thing as “security in a box ™”. Information security is an active job — it is not installing some product on the system and sitting back and relaxing.”

http://ubuntuforums.org/showthread.php?t=510812

Well-loved. Like or Dislike: Thumb up 11 Thumb down 0

]]> By: JackRussellhttp://krebsonsecurity.com/2010/01/the-rise-of-the-point-and-click-botnets/#comment-1159 JackRussell Wed, 27 Jan 2010 15:58:36 +0000 http://www.krebsonsecurity.com/?p=775#comment-1159 This reminds me of what used to be called a "script kiddie". Essentially a toolset that allows someone that isn't that technically sophisticated to break into a computer.Years and years ago I had a machine broken into. This was in the days before consumer firewall boxes were available -you used to need to set up a dedicated machine to work as a firewall.In my case I had a Linux box connected directly to a cable modem. One morning I got a call from the ISP asking me to check things out - they had complaints from a 3rd party that my machine was attempting breakins, and that they noted what appeared to be a backdoor in my machine. It didn't take long for me to confirm their findings. I started to try and undo the damage and then got a message on my console from the bad guys taunting me - I just shut down that machine right then and there so I could go to work.Later I brought the thing back up without the network being connected, and used RedHat tools to identify which binaries were compromised. It was pretty amazing the lengths they would go to hide their tracks. They had replaced many of the normal tools that one would use to monitor the machine, and these would hide the evidence of their intrusions (backdoors, etc).I bring this up as a counterpoint to those that assume that if they are running Mac or Linux that they are completely safe. You are only safe if the bad guys aren't targeting your machine.

This reminds me of what used to be called a “script kiddie”. Essentially a toolset that allows someone that isn’t that technically sophisticated to break into a computer.

Years and years ago I had a machine broken into. This was in the days before consumer firewall boxes were available -you used to need to set up a dedicated machine to work as a firewall.

In my case I had a Linux box connected directly to a cable modem. One morning I got a call from the ISP asking me to check things out – they had complaints from a 3rd party that my machine was attempting breakins, and that they noted what appeared to be a backdoor in my machine. It didn’t take long for me to confirm their findings. I started to try and undo the damage and then got a message on my console from the bad guys taunting me – I just shut down that machine right then and there so I could go to work.

Later I brought the thing back up without the network being connected, and used RedHat tools to identify which binaries were compromised. It was pretty amazing the lengths they would go to hide their tracks. They had replaced many of the normal tools that one would use to monitor the machine, and these would hide the evidence of their intrusions (backdoors, etc).

I bring this up as a counterpoint to those that assume that if they are running Mac or Linux that they are completely safe. You are only safe if the bad guys aren’t targeting your machine.

Well-loved. Like or Dislike: Thumb up 14 Thumb down 0

]]> By: Rickhttp://krebsonsecurity.com/2010/01/the-rise-of-the-point-and-click-botnets/#comment-1155 Rick Wed, 27 Jan 2010 14:38:43 +0000 http://www.krebsonsecurity.com/?p=775#comment-1155 People always applaud ease of use. ;) People always applaud ease of use. ;)

Like or Dislike: Thumb up 3 Thumb down 0

]]>