1 Million Zombies on Web

Forum Moderators: phranque

Message Too Old, No Replies

1 Million Zombies on Web

Brett_Tabke

3:09 pm on Mar 18, 2005 (gmt 0)

[news.bbc.co.uk...]

More than one million computers on the net have been hijacked to attack websites and pump out spam and viruses.
The huge number was revealed by security researchers who have spent months tracking more than 100 networks of remotely-controlled machines.

Webwork

3:56 pm on Mar 18, 2005 (gmt 0)

Illuminating article but falls short on this point:

Tell me, is there a website I can visit or a utility that I can employ to determine if my PC is a zombie?

Following my own advice, here's a lead:

[honeynet.org...]

claus

4:22 pm on Mar 18, 2005 (gmt 0)

add "/papers/bots/" for a fascinating read (long, detailled and with a very small font). Made me run all kinds of checks on my system, which is half windows. Small quote:

Some botnets are used to send spam: you can rent a botnet. The operators give you a SOCKS v4 server list with the IP addresses of the hosts and the ports their proxy runs on.

Crush

4:28 pm on Mar 18, 2005 (gmt 0)

I have often wondered where the proxies I buy come from :)

Webwork

4:46 pm on Mar 18, 2005 (gmt 0)

Anyone have a utility/tools list for checking for bot abuse of one's PC?

Is there a "best of the class" list of sites with reliable checking tools?

Seems to me that getting the word out not only about the problem but also the fix is needed.

encyclo

8:19 pm on Mar 18, 2005 (gmt 0)

You can try grc.com if you want to max out your paranoia level: the site provides some good tools for testing your firewall and seeing if you have any ports open. Combined with a proper external firewall/router (if you're on broadband) and not just the Windows firewall, a good, up-to-date virus checker and an anti-spyware tool and you're a very long way to ensuring that your PC is safe.

There are simple checks you can do too - is your PC continually working (eg. the hard drive chattering) even when you're not doing anything? Is the modem light constantly flickering as traffic passes through even though you've got no applications running? Does the machine continually run slow?

A lot of these zombies are running unpatched machines with broadband connections and no firewall. They are usually in the hands of home users with little technical knowledge.

I have often wondered where the proxies I buy come from :)

Only half a joke, that ;) When you see lists of "anonymous proxies" floating around, they are often misconfigured home machines rather than real servers.

Luddite

5:04 am on Mar 19, 2005 (gmt 0)

>> the hard drive chattering

That isn't as clear a sign as you might think - Hard disks will chatter when recalibrating due to thermal expansion. Other things like pagefile access or Windows "findfast" updating an index will light up your hard drive.

The rest is pretty sound advice IMHO.

kaled

10:57 am on Mar 19, 2005 (gmt 0)

Windows "findfast"

All such useless background nonsense should be disabled. I've only ever been caught by one virus, but it was hard disk activity that gave it away within seconds of my system becoming infected. Total infection time, a few minutes - I rebooted in another version of Windows and blasted that virus into oblivion.

Kaled.