Comments on: Musings: Would it be possible to notify zombies? http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/ Just another WordPress weblog Mon, 06 Oct 2008 18:54:36 +0000 http://wordpress.org/?v=2.0.7 by: Spy der Mann http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-15518 Thu, 08 Jun 2006 19:19:37 +0000 http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-15518 I see many problems with this. 1. If you notify the owner and don't give an address, you need to notify using a HUGE popup! And he'll probably close it. 2. If you notify the owner pointing to a webpage, you will probably get sued. 3. If you notify the owner via e-mail (or by making a virus which will email him or his contacts), you will probably get sued. And / or the spammers can joejob you and you'll end up getting sued anyway. 4. If you hack into the computer, you will probably get sued. 5. If you use proxy chains to hack into the computer, you will probably get sued anyway. 6. If you write a worm to do that, you'll probably get sued too. 7. If you don't use a worm, you won't do much anyway so what's the point? Computer iliteracy is a social problem, and it must be solved socially. This is why I propose to launch a worldwide "botnet awareness campaign" with the help of the EFF, the FTC, the Internet Task Force, to make a day the "International antivirus day" and all users will be given instructions on how to cleanse their computers from viruses. I'd like Microsoft to provide free updates to SP2 (even to "pirated" computers, which happen to be the most vulnerable to botnets) for the sake of the internet health. (Unless of course a new Bill was proposed to the congress that specifies it's legal to intrude into computers with the EXPLICIT intention of cleaning them from infections - but with the congress we see today, I doubt it) I see many problems with this.

1. If you notify the owner and don’t give an address, you need to notify using a HUGE popup! And he’ll probably close it.
2. If you notify the owner pointing to a webpage, you will probably get sued.
3. If you notify the owner via e-mail (or by making a virus which will email him or his contacts), you will probably get sued. And / or the spammers can joejob you and you’ll end up getting sued anyway.
4. If you hack into the computer, you will probably get sued.
5. If you use proxy chains to hack into the computer, you will probably get sued anyway.
6. If you write a worm to do that, you’ll probably get sued too.
7. If you don’t use a worm, you won’t do much anyway so what’s the point?

Computer iliteracy is a social problem, and it must be solved socially.

This is why I propose to launch a worldwide “botnet awareness campaign” with the help of the EFF, the FTC, the Internet Task Force, to make a day the “International antivirus day” and all users will be given instructions on how to cleanse their computers from viruses. I’d like Microsoft to provide free updates to SP2 (even to “pirated” computers, which happen to be the most vulnerable to botnets) for the sake of the internet health.

(Unless of course a new Bill was proposed to the congress that specifies it’s legal to intrude into computers with the EXPLICIT intention of cleaning them from infections - but with the congress we see today, I doubt it)

]]> by: The Preacher http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-14258 Thu, 01 Jun 2006 17:18:05 +0000 http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-14258 I doubt that popping up a helpful message would be very useful. I've seen users who are willing to click through any warning they see as long as the computer itself still seems functional. I think this is made worse by the companies who use banner adverts that resemble Windows system alerts and warn the customer about fictional issues to get them to visit a web site. It's a shame that the best technical solutions are probably the most illegal ones ;-) I doubt that popping up a helpful message would be very useful. I’ve seen users who are willing to click through any warning they see as long as the computer itself still seems functional. I think this is made worse by the companies who use banner adverts that resemble Windows system alerts and warn the customer about fictional issues to get them to visit a web site.

It’s a shame that the best technical solutions are probably the most illegal ones ;-)

]]> by: Lemat http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-12784 Mon, 29 May 2006 14:42:24 +0000 http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-12784 well I have been thinking of making "desinfection" work as any other internet protocol, like for eg. HTTP: 1) there is a zombie out there 2) it connects to the "serwer" to a) send spam, b) probe ports c) etc. 3) server detects that this "client" is a zombie (just like User-Agent detection) 4) server sends "data" to the client 5) the zobie receives the data and does whatever is needed (cleans itself) if you have a big banner on the server forehead "connecting here causes your zombie to get disinfected" there wil be no problem with the FBI guys. well I have been thinking of making “desinfection” work as any other internet protocol, like for eg. HTTP:
1) there is a zombie out there
2) it connects to the “serwer” to a) send spam, b) probe ports c) etc.
3) server detects that this “client” is a zombie (just like User-Agent detection)
4) server sends “data” to the client
5) the zobie receives the data and does whatever is needed (cleans itself)

if you have a big banner on the server forehead “connecting here causes your zombie to get disinfected” there wil be no problem with the FBI guys.

]]> by: Karlston http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-12609 Sun, 28 May 2006 00:08:25 +0000 http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-12609 You make a significant point... that if the zombies are vulnerable to infection, then they are also vulnerable to disinfection. I agree with the other posters that ISP's should take a greater responsibility to identify and remove/disinfect zombie PC's on their network. Sadly, many couldn't care less, as long as the zombie owners pay their monthly fee, the ISP is happy. You make a significant point… that if the zombies are vulnerable to infection, then they are also vulnerable to disinfection.

I agree with the other posters that ISP’s should take a greater responsibility to identify and remove/disinfect zombie PC’s on their network. Sadly, many couldn’t care less, as long as the zombie owners pay their monthly fee, the ISP is happy.

]]> by: Joe http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-12519 Sat, 27 May 2006 17:24:56 +0000 http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-12519 In that case, the FBI does sound better, but they may have to be careful. They are supposed to deal only with things in the US. I suspect most botnets hubs are outside the country. But the end result is the same if all ISPs or even just the big ones would do it. And more likely to have anything done about it. If you get a popup from someone claiming to be the FBI, wouldn't you ignore it as a scam? They would have to get ISP records of each botnet computer and write/phone the owners to tell them of their infection. Which involves privacy issues if done without a subpoena. Usually just informing victims will do no good, though a letter from the FBI might. That is why the ISP cutting off their access is the only solution. In that case, the FBI does sound better, but they may have to be careful. They are supposed to deal only with things in the US. I suspect most botnets hubs are outside the country.

But the end result is the same if all ISPs or even just the big ones would do it. And more likely to have anything done about it. If you get a popup from someone claiming to be the FBI, wouldn’t you ignore it as a scam? They would have to get ISP records of each botnet computer and write/phone the owners to tell them of their infection. Which involves privacy issues if done without a subpoena. Usually just informing victims will do no good, though a letter from the FBI might. That is why the ISP cutting off their access is the only solution.

]]> by: Administrator http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-12517 Sat, 27 May 2006 17:16:36 +0000 http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-12517 To Joe: Yeah, but that is a completely different mechanism. That's detecting zombies on your net, and setting up a redirection. It's fundamentally different from doing it from the hub of the botnet. To Joe:
Yeah, but that is a completely different mechanism. That’s detecting zombies on your net, and setting up a redirection. It’s fundamentally different from doing it from the hub of the botnet.

]]> by: Joe http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-12516 Sat, 27 May 2006 17:11:47 +0000 http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-12516 Even better would be the ISP, like I said in another comment recently, government agencies have more important things to deal with (such as finding missing kittens) than warning individual computers on a bot net. Some major ISPs were disabling internet access to those customers that were found to be on botnets. They could easily redirect any network access to a page explaining that their computers are infected and offer free support and tools to clean it. Even better would be the ISP, like I said in another comment recently, government agencies have more important things to deal with (such as finding missing kittens) than warning individual computers on a bot net. Some major ISPs were disabling internet access to those customers that were found to be on botnets. They could easily redirect any network access to a page explaining that their computers are infected and offer free support and tools to clean it.

]]> by: Administrator http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-12511 Sat, 27 May 2006 16:47:49 +0000 http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-12511 Soo... The perfect outfit to do this would be the FBI, then... Soo… The perfect outfit to do this would be the FBI, then…

]]> by: Joe http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-12508 Sat, 27 May 2006 16:40:47 +0000 http://spamhuntress.com/2006/05/27/musings-would-it-be-possible-to-notify-zombies/#comment-12508 Long ago I read something on this topic. It was someone doing just what you suggest. The problem was, he was sometimes getting accused of hacking the computers himself even though he was using an already open hole and was trying to prevent further abuse of their system. Long ago I read something on this topic. It was someone doing just what you suggest. The problem was, he was sometimes getting accused of hacking the computers himself even though he was using an already open hole and was trying to prevent further abuse of their system.

]]>