Possibly. What will happen if the Lycos botnet gets hijacked?
The conversations between the clients and the servers don't appear
to be keyed. If a million clients got owned, it would be the
equivalent of an electronic Bubonic Plague with no antidote.
-M<
to expand on this point, since it seems the screensaver pulls a list which
is basically the "top newly spammed URL's" from spamcop (and possibly
other places), what if the owners of the domains being 'attacked' were to
point their DNS at a new ip? or set of ips? They can now control the
'bots' instead of lycos doing the controlling.
I'm also concerned that lycos is claiming: "to only use 95% of the
bandwidth the site has".
How is that determined by lycos? Do they call each upstream and get
verifiable info about the bandwidth toward the site(s) in question? Do
they measure each client's output capability (and input capability) to
ensure that 100 machines really equals 1.2mbps on a t1 ?
There are so many holes in their 'plan', never mind the 'vigilante' parts
of it which are horridly distasteful... Lycos has engineered a botnet just
like any 14 year old kiddie does nightly, they just did it more publicly
and under the guise of 'being helpful'. It's utterly irresponsible of them
to promote this activity.
-Chris
You mean, like the existing botnets we already know exist but are
already under the control of spammers?
What's the difference? Why is everyone so upset about Lycos and nobody
seems to be doing much of anything about the /existing botnets/, which
conservative estimates[1] already put at anywhere from 1-3K per botnet
to upwards of 1-5M hosts total[2]?
Steve
[1] http://newpaper.asia1.com.sg/top/story/0,4136,67698-1,00.html
"There may be millions of such PCs around and they can be rented for
as little as US$100 ($176)-per-hour."
http://www.messagelabs.com/emailthreats/intelligence/reports/monthlies/October04/default.asp
"Some estimates have suggested a botnet in excess of tens of
thousands of computers." [per virus outbreak]
http://www.usatoday.com/tech/news/computersecurity/2004-07-07-zombie-pimps_x.htm
"Small groups of young people creating a resource out of a
10-30,000-strong computer network are renting them out to anybody
who has the money," a source in Scotland Yard's computer crime unit
told Reuters.
http://www.sans.org/newsletters/newsbites/newsbites.php?vol=6&issue=43#315
"CipherTrust recently published research claiming that all phishing
attacks on the Internet are conducted with the use of one of five
zombie networks, or botnets. Each botnet comprises roughly 1,000
PCs. In addition, the research shows that 70% of zombie PCs are also
used to send spam."
http://news.zdnet.co.uk/internet/security/0,39020375,39167561,00.htm
"Linford said that every week more than 100,000 PCs are recruited
into botnets without the owner's knowledge.
"A botnet is a collection of -- usually -- Windows-based PCs that
have been stealthily taken over by malware. Users have no idea that
their computer has been corrupted."
[2] the CBL, for example, currently lists 1.1M, and (here, anyway) only
blocks around 15-25% of our incoming spam. I've seen round robin
attacks of upwards of fifty bots at a time (same timeframe, sender,
and target, from multiple hosts in multiple countries/ISPs/networks)
whereas suspected zombies account for 35-45% of all inbound spam
delivery attempts here.
perhaps the difference is 'reponsible people' don't go out and recruit
botnets... Lycos, as a corporate entity with it's business model dependent
upon the health and wellbeing of the Internet would try to be
'responsible', or so I would have thought.
arguing that there are murderers and rapists out there and that 'nothing
is being done' is hardly reason to become one yourself.
-Chris
>
> > Possibly. What will happen if the Lycos botnet gets hijacked?
> >
> > The conversations between the clients and the servers don't appear
> > to be keyed. If a million clients got owned, it would be the
> > equivalent of an electronic Bubonic Plague with no antidote.
>
> You mean, like the existing botnets we already know exist but are
> already under the control of spammers?
>
> What's the difference? Why is everyone so upset about Lycos and nobody
> seems to be doing much of anything about the /existing botnets/, which
> conservative estimates[1] already put at anywhere from 1-3K per botnet
> to upwards of 1-5M hosts total[2]?perhaps the difference is 'reponsible people' don't go out and recruit
botnets... Lycos, as a corporate entity with it's business model dependent
upon the health and wellbeing of the Internet would try to be
'responsible', or so I would have thought.
I agree. I also think it's up to the companies providing the Internet
connectivity to the non-Lycos-"owned" botnets to prevent such activity
from affecting others.
arguing that there are murderers and rapists out there and that 'nothing
is being done' is hardly reason to become one yourself.
I couldn't agree more that vigilantism isn't the answer. My earlier
remarks were directed to the shock and awe evident in the possibility
that - via Lycos - there might be, heaven forbid, /large numbers of
computers under the control of spammers, that could be used in spamming
and abuse/.
All I was pointing out was that, surprise, surprise, there already are.
So why anyone thinks Lycos' botnet being hacked is /any different/ from
/the current situation/ is utterly beyond my ken. Why would any spammer
bother to hack Lycos' botnet? They /already have their own/.
Some people regard what's being done with this system as being on
exactly the same level as any other cracker's work. Look up vigilante
some time and consider carefully whether or not this is applicable.
Well, if I don't have one now, I could build my own botnet, which
takes time and exposes significant risk over a lot of sites as I try
to acquire them, or I could look at one site which, if I can
compromise it, gives me instant access to a huge botnet. There are
lots of places in the world where people/companies store dangerous
waste. Some of these dumps are huge, most are small, all are
dangerous. Now I read that someone who certainly ought to know better
has decided to make yet another of the huge waste dumps, but that's
apparently OK, because they exist anyway.