• The Details *
• Clean Up On Aisle 4
• Protection

 

The Details

During this last weekend I got the honor of seeing first hand the affects of a handful of PCs infected with a worm, a Trojan horse virus.

A handful of 20 to 30 computers would connect to one spot waiting for commands from an owner. Of course, the owner was not found nor the password available to do anything with these drones. So myself and a friend or two watched. We watched what these robots did and to our amazement, we saw many details – enough details to actually track a few down and send them an email warning them of their infection. This is not a secluded incident. There are reports of over 1,000,000 “drone” computers on the Internet. Are you one?

Data I've Seen...

I've seen the following: user names, passwords, email addresses, personal addresses, full names, credit card numbers, logins to private websites including a military sites, banks, companies and more... Have I got your attention?

Was sending them an email a 'bad' thing? Historically there has never been any good come from the good guy notifying the ignorant of their bugs, so there is a bit of unease as to what might actually result from the information given. So far, of the five notified, their infections still run rampant. They did not care, nor even bother to look into it. If you were told by a complete stranger that your car had a flat tire would you at least look? What's so different about someone telling you your computer is infected? It's simple. Remember that little punk ass who cried wolf one too many times? Spammers, Media, Bad advertising has worn out the old “you've got a virus!” so bad that the majority of users will say “pfft! Whatever.”

None the less, some details of this so called “infection.” The infection was from a worm called “SpyBot” originally, a worm now over three years old, transported itself via KaZaa, it mutated into a worm that goes through many other Windows security holes. There are over 1000 variants of this worm and tracking them is more of a challenge than killing them. Once infected a users machine will connect to specified locations on the Internet (this is where the variants come in) and start sending key logs to that place and await commands from that place. Unfortunately as I said, we couldn't get commands to execute. If we could, we would've easily notified every infected drone. Ok, fine, no big deal, it goes through holes. Lets patch them.

Once patched, the systems can't be reinfected, right? Well, wrong. If the infection still exists on the system it can do some trickery and maintain it's own infection and still try to spread to new systems. I noticed a few of these drones were in fact using Mozilla Firefox, which is awesome. It means to me they are aware to some extent the dangers. Ironically, I've also seen a few using “AOL Security Edition” and other versions of AOL that claim “Full system security.” AOL is clearly not doing what they claim to be doing.

This is where the importance of being “clean” comes into play. Once you've plugged the holes, you have to clean up the mess.

start | 1 2 3 >>