Posted on 10/21/2008 7:03:04 AM PDT by Bean Counter
Scourge - Programs hiding on the Internet can take over a computer and make it send spam or perform other evil acts
REDMOND, Wash. -- In a windowless room on Microsoft's campus in Redmond, T.J. Campana, a cybercrime investigator, connects an unprotected computer running an early version of Windows XP to the Internet. In less than a minute the computer is "owned."
An automated program lurking on the Internet has remotely taken over the PC and turned it into a "zombie." That computer and other zombie machines are then assembled into systems called "botnets" -- home and business PCs hooked together into a vast chain of cyber-robots that do the bidding of automated programs to send the majority of e-mail spam, to illegally seek financial information and to install malicious software on still more PCs.
Botnets remain an Internet scourge. Active zombie networks created by a growing criminal underground peaked last month at more than a half-million computers, according to shadowserver.org, an organization that tracks botnets. Even though security experts have diminished the botnets to about 300,000 computers, that is still twice the number detected a year ago.
**SCHNIPP**
I put up an article earlier this month on my website about banning certain e-mail addresses here because of the spam assault the website has been under. That assault has not slowed, although we are effectively protecting the site by banning entire blocks of IP addresses. Let me explain...
We had someone sign up here using a strange username and a gmail.com e-mail address. I ran the IP for this User, and here's what I got back... Quote:
IP: 78.157.143.204
OrgName: RIPE Network Coordination Centre
OrgID: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 78.0.0.0 - 78.255.255.255
CIDR: 78.0.0.0/8 NetName: 78-RIPE NetHandle: NET-78-0-0-0-1 Parent: NetType: Allocated to RIPE NCC
The RIPE Network is one of the most notorious EU spamming networks around. Notice the range of possible IP Addresses that RIPE has assigned to this particular spammer:
NetRange: 78.0.0.0 - 78.255.255.255
That means this particular spammer has access to every single IP address within that Range, courtesy of the RIPE Network. He can take those IP addresses and mount one hell of a spam campaign that is difficult to stop without the proper tools. With the newest version of vBulletin, we can (and do) ban the entire RIPE IP NetRange by banning 78.*.*.* . That means any IP address that begins with 78 is simply not allowed access to the site.
In the past, we would ban that spammer, and he would come right back with a new IP and sign up again.
Over this past weekend I had a troll sign up at my site, and when I ran his IP Address, it came back as belonging to a small electrical contractor somewhere in the US. Someone had hacked into their machine, and was using it to peddle knock-off pharmaceuticals on other sites. I knew it was a troll immediately, because real Clarkblog.org users don't use the "USViagraNet .com" as their e-mail address.
In addition we have had to take the extraordinary step of banning specific e-mail providers because they make it far too easy for spammers to get a supposedly "valid" email address. I maintain quite a list of e-mail addresses that are not valid for signups here, because they have been repeatedly used by spammers to gain access to the site.
On Sunday alone I had nine trolls sign up here wanting to peddle who knows what. I ban their IP, their e-mail address, and completely delete them from the system, and I do it fast enough that most of their clever little names never show up on the front page as a new member. That way the next time they show up here, all they get is a notice that they cannot view this site. They can still come to our home page, but they get no further than that.
Anyway, back on topic, this article is a great explanation about how to effectively protect your computer from being hijacked, as well as the ongoing law enforcement efforts to control this bot scourge.
*
Heh.
Have you ever heard of Internet Assigned Numbers Authority (IANA)? They’ve been blocked repeatedly on my PC over the past couple days. I do a “Who is” search on the IP address and come up with nothing usable...
:)
On my PC, sometimes it tells me others are logged on, do I really want to shut down?
Or I get kicked off of gmail or yahoo email because (it could be) someone else has just logged on from another browser.
I have wi-fi, but I’m way out in the boonies on open acreage in all directions and no one could get close enough to break into it without me seeing them.
What do you all think?
That's my PC, second from the right.
GREATLY APPRECIATED.
Are SYSTEM MECHANIC, WEBROOT, etc. sufficient to keep them at bay for the rest of us??
Thanks for the link.
Seems my PC had been used for spreading SPAM.
.....and I thought I was protected. I update all my malware and virus software daily....but apparently that isn't enough.
Democrats and Spammer/Hackers....doggonit..they irritate me.
Anyone else know of another way?
The greatest threat to a system’s security is always the end user.
No amount of anti-malware software can stop a n00b from installing the “media player” necessary to watch a particular video
“No amount of anti-malware software can stop a n00b from installing the “media player” necessary to watch a particular video”
They can’t install it on my server space if I don’t give them permission to do it, and I never do.
I should note that I am running vBadvanced CMPS v3.0 RC2 to host my site, and I keep it up to date with all maintenance releases. I’ve taken the time to learn and understand my Admin Control Panel and I keep a very close eye on who is on the site and what they are doing. I also run AWStats daily and analyze those closely as well.
A lot of the spammers find sites like mine by doing Search on the site software. Often they are looking for known vulnerabilities in specific releases of software, and not just Microsoft products either. This is not just a Microsoft problem.
For e-mail I have used Fire Trust’s Mailwasher, which protects my computer from anything that is sent via e-mail. Malicious messages simply don’t make it onto my machine.
Even with all of the precautions though, sites are under constant assault from people who are up to no good at all. This latest assault started on October 1st, and I woke up that morning to find 48 new “Members” at my site, awaiting Admin approval. The only reason the attacks have slowed down is through aggressive IP banning of offenders.
Anyone else know of another way?
No. Any computer that has been compromised, can't be trusted without a wipe from known good media.
Must reiterate
http://www.malwarebytes.org/
Get it and run it, spread it around and stop the bots.
Also WebRoots works pretty good.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.