Welcome to WebmasterWorld Guest from 54.159.190.106

Forum Moderators: phranque

Message Too Old, No Replies

1 Million Zombies on Web

   
3:09 pm on Mar 18, 2005 (gmt 0)

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



[news.bbc.co.uk...]

More than one million computers on the net have been hijacked to attack websites and pump out spam and viruses.

The huge number was revealed by security researchers who have spent months tracking more than 100 networks of remotely-controlled machines.

3:56 pm on Mar 18, 2005 (gmt 0)

WebmasterWorld Administrator webwork is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Illuminating article but falls short on this point:

Tell me, is there a website I can visit or a utility that I can employ to determine if my PC is a zombie?

Following my own advice, here's a lead:

[honeynet.org...]

4:22 pm on Mar 18, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



add "/papers/bots/" for a fascinating read (long, detailled and with a very small font). Made me run all kinds of checks on my system, which is half windows. Small quote:

Some botnets are used to send spam: you can rent a botnet. The operators give you a SOCKS v4 server list with the IP addresses of the hosts and the ports their proxy runs on.

4:28 pm on Mar 18, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I have often wondered where the proxies I buy come from :)
4:46 pm on Mar 18, 2005 (gmt 0)

WebmasterWorld Administrator webwork is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Anyone have a utility/tools list for checking for bot abuse of one's PC?

Is there a "best of the class" list of sites with reliable checking tools?

Seems to me that getting the word out not only about the problem but also the fix is needed.

8:19 pm on Mar 18, 2005 (gmt 0)

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member



You can try grc.com if you want to max out your paranoia level: the site provides some good tools for testing your firewall and seeing if you have any ports open. Combined with a proper external firewall/router (if you're on broadband) and not just the Windows firewall, a good, up-to-date virus checker and an anti-spyware tool and you're a very long way to ensuring that your PC is safe.

There are simple checks you can do too - is your PC continually working (eg. the hard drive chattering) even when you're not doing anything? Is the modem light constantly flickering as traffic passes through even though you've got no applications running? Does the machine continually run slow?

A lot of these zombies are running unpatched machines with broadband connections and no firewall. They are usually in the hands of home users with little technical knowledge.

I have often wondered where the proxies I buy come from :)

Only half a joke, that ;) When you see lists of "anonymous proxies" floating around, they are often misconfigured home machines rather than real servers.

5:04 am on Mar 19, 2005 (gmt 0)

10+ Year Member



>> the hard drive chattering

That isn't as clear a sign as you might think - Hard disks will chatter when recalibrating due to thermal expansion. Other things like pagefile access or Windows "findfast" updating an index will light up your hard drive.

The rest is pretty sound advice IMHO.

10:57 am on Mar 19, 2005 (gmt 0)

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Windows "findfast"

All such useless background nonsense should be disabled. I've only ever been caught by one virus, but it was hard disk activity that gave it away within seconds of my system becoming infected. Total infection time, a few minutes - I rebooted in another version of Windows and blasted that virus into oblivion.

Kaled.