Language Selection

English French German Italian Portuguese Spanish

An Army of Soulless 1's and 0's

Filed under
Security

For thousands of Internet users, the offer seemed all too alluring: revealing pictures of Jennifer Lopez, available at a mere click of the mouse. But the pictures never appeared. The offer was a ruse, and the click downloaded software code that turned the user's computer into a launching pad for Internet warfare.

On the instructions of a remote master, the software could deploy an army of commandeered computers - known as zombies - that simultaneously bombarded a target Web site with so many requests for pages that it would be impossible for others to gain access to the site.

And all for the sake of selling a few more sports jerseys.

The facts of the case, as given by law enforcement officials, may seem trivial: a small-time Internet merchant enlisting a fellow teenager, in exchange for some sneakers and a watch, to disable the sites of two rivals in the athletic jersey trade. But the method was far from rare.

Experts say hundreds of thousands of computers each week are being added to the ranks of zombies, infected with software that makes them susceptible to remote deployment for a variety of illicit purposes, from overwhelming a Web site with traffic - a so-called denial-of-service attack - to cracking complicated security codes. In most instances, the user of a zombie computer is never aware that it has been commandeered.

The networks of zombie computers are used for a variety of purposes, from attacking Web sites of companies and government agencies to generating huge batches of spam e-mail. In some cases, experts say, the spam messages are used by fraud artists, known as phishers, to try to trick computer users into giving confidential information, like bank-account passwords and Social Security numbers.

Officials at the F.B.I. and the Justice Department say their inquiries on the zombie networks are exposing serious vulnerabilities in the Internet that could be exploited more widely by saboteurs to bring down Web sites or online messaging systems. One case under investigation, officials say, may involve as many as 300,000 zombie computers.

More than 170,000 computers every day are being added to the ranks of zombies, according to Dmitri Alperovitch, a research engineer at CipherTrust, a company based in Georgia that sells products to make e-mail and messaging safer.

"What this points out is that even though critical infrastructure is fairly well secured, the real vulnerability of the Internet are those home users that are individually vulnerable and don't have the knowledge to protect themselves," Mr. Alperovitch said. "They pose a threat to all the rest of us."

Full Article.

More in Tux Machines

Optimize your Linux rig for top-notch writing

I'm a big fan of Scott Nesbitt's writing, which has a technological bent, but is usually more about working effectively, rather than how tools can make you effective, which is a key distinction. Scott's setup reflects his focus on production rather than tweaking. He has his work tools and everything else is pretty much white noise—which is why LXDE/Lubuntu probably makes a lot of sense for his workflow. It's simple and it stays out of his way. Scott also gets bonus points for moving his family to Linux. That's a tough move, but given that his wife stole his ZaReason laptop, the conversion seems to have taken. Read more

IBM meets demand for Linux with training resources

IBM HAS REAFFIRMED its commitment to Linux with the announcement of an extension to Power Systems Linux. Following on from the company's $1bn financial commitment to the Linux operating system last year, IBM will add Power Systems Linux to the Power Systems services already available for AIX and IBM iSeries servers at 54 IBM Innovation Centres and Client Centres. This will enable Linux systems to better use IBM's Power8 parallel processing and advanced virtualisation. Read more

How Red Hat can catch the developer train

Outside the operating system, according to AngelList data compiled by Leo Polovets, these developers go with MySQL, MongoDB, or PostgreSQL for their database; Chef or Puppet for configuration; and ElasticSearch or Solr for search. None of this technology is developed by Red Hat. Yet all of this technology is what the next generation of developers is using to build modern applications. Given that developers are the new kingmakers, Red Hat needs to get out in front of the developer freight train if it wants to remain relevant for the next 20 years, much less the next two. Read more

Shortlist of open source software used at NASA lab

The offer was too good to be true. Three whole weeks at the NASA Glenn Research Center and an invitation to come back. I could scarcely believe it when I read the email. I immediately forwarded it to my parents with an addition of around 200 exclamation points. They were all for it, so I responded to my contact, Herb Schilling, with a resounding “YES!” Read more