Results 1 to 11 of 11
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    Botnet innovation: Resistance is (nearly) futile




    TOP STORY


    Botnet innovation: Resistance is (nearly) futile


    By Tony Bradley

    Botnets are not a new threat, but they are a serious one. Amassing the resources of possibly millions of compromised PCs, attackers use that combined power for all sorts of nefarious activities.
    Since their inception, botnets have been one of the more difficult threats to neutralize, and new and innovative techniques are making this malware even more difficult to stop.

    The full text of this column is posted at windowssecrets.com/top-story/botnet-innovation-resistance-is-nearly-futile/ (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    Apr 2011
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hello: Perhaps this is a dumb idea, but what the heck. In the past the Windows internet connection icon in the tray was animated. Periodically it would show unexpected activity and I would check to find out what was going on (usually just normal Windows activity).
    The Windows 7 icon just sits there and it is also difficult to check sending and receiving quantities. Would an animated icon help people monitor their internet usage? Would clicking on the icon to easily reveal usage be of some help to people? Perhaps a small program to provide average use over a time period would be useful? Then it would be easier to see when unexpectedly high usage occurs. A program what would flash a warning when usage suddenly deviated from the average could be useful. It wouldn't stop bots but it may allow people to fix problems more quickly. Maybe you can already do this easily and I just haven't found out how!
    Donald

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    CA
    Posts
    8
    Thanks
    0
    Thanked 1 Time in 1 Post
    Your article on botnets was only somewhat helpful. When you write the below:

    "Monitoring outbound traffic and checking open firewall ports can also help. (Some ISPs, such as Comcast, are now blocking port 25, commonly used for email.) Periodically check your firewall logs for traffic that seems anomalous or suspicious."

    what is really needed are details on how to do what you suggest above. Just telling people to do it doesn't help them because these things are not commonly known by your readers.

    Thank you.

  4. #4
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Courtenay, BC
    Posts
    244
    Thanks
    9
    Thanked 16 Times in 15 Posts
    Thanks for the update. Had heard about the peer to peer changes but not the Tor part.
    Nasty.

  5. #5
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Courtenay, BC
    Posts
    244
    Thanks
    9
    Thanked 16 Times in 15 Posts
    The problem with the net icon showing activity is all kinds of stuff on a computer today phones home. Checking for updates, reporting usage, etc etc. You need more sophisticated monitoring to see what doesn't belong.

    This is why 100's of thousands of computers have been infected and the owners have no clue.

  6. #6
    New Lounger
    Join Date
    Apr 2011
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi: DavidFB, I take your point, but I imagine that over a period of time data transmission on any single computer will average out. That is the point I was making. To be useful the monitor would have to average use over, say, a week or two. Then if the data usage deviated by more than 1.5 or 2 times you get a warning. Any single difference if you download a large item - music, photographs, a program - wouldn't trigger a warning. But repeated large data movements would.
    A little device I found today goes part way in monitoring use. http://www.itsamples.com Network Activity Indicator v1.6
    It is rather basic but does allow you to see up and downloads easily. It hasn't taken me long to see what is happening. While I've been typing this, a few minutes, I see that I've sent 2.3Mb and received 32.6Mb. I think this sort of ratio is normal.
    You do wonder why Microsoft discarded the old style monitor! I imagine that an animated icon could do something to alert users to unusual activity.
    Anyway, it was a thought and as I searched around I find that may others have similar complaints and some solutions.
    Donald

  7. #7
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by aedwall View Post
    Your article on botnets was only somewhat helpful. When you write the below:

    "Monitoring outbound traffic and checking open firewall ports can also help. (Some ISPs, such as Comcast, are now blocking port 25, commonly used for email.) Periodically check your firewall logs for traffic that seems anomalous or suspicious."

    what is really needed are details on how to do what you suggest above. Just telling people to do it doesn't help them because these things are not commonly known by your readers.

    Thank you.
    If you use the Windows firewall, you can configure to block outbound traffic and you will be warned and asked if a program wants outbound access and is not authorized. In this respect, 3rd party firewalls are usually much better, since they even allow you to monitor what is communicating at each time and to where.
    Rui
    -------
    R4

  8. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    San Jose, California, USA
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Lightbulb Just use your firewall

    I configure my firewall so that all outbound connections are blocked by default. I must create a specific 'permit' rule for each application or service I want to be able to connect to the internet.

    If everyone configured their firewall this way, then, well, no botnet at all! And the likelihood that stuff will be stolen off your computer will also be greatly reduced at the same time.

    This is the true best solution that is 100% effective. It keeps hackers, botnet authors, Microsoft, Symantec and the NSA from stealing your stuff. End of problem.

  9. #9
    New Lounger
    Join Date
    Dec 2009
    Location
    Taichung Taiwan
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Something that I have not seen addressed in regard to CryptoLocker and its ilk:

    Does it encrypt EVERY physical drive in the computer, or just partitions on the "boot" drive? Is a Network backup drive isolated from CryptoLocker, or only removable drives (when removed)?

    Knowing this makes a big difference in strategy for preventing disaster!

    Chuck

  10. #10
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Seems the current version cannot access network drives, unless they are mounted.
    Rui
    -------
    R4

  11. #11
    New Lounger
    Join Date
    Oct 2011
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    As running a windows 7 system with your normal user being a Standard user, doesn't that protect against botnets since programs cannot be installed?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •