very important all of sl please read!!!!
09-14-2007, 06:48 PM
#1
Senior Member
SL Member
Thread Starter
iTrader: (2)
Join Date: Mar 2007
Location: Milwaukee, WI
Posts: 366
very important all of sl please read!!!!
This may be a long read, but it's something you should all be aware of.-
this is why i have been saying for a long time it is so important to NOT use specific MS products like IE and Outlook/Outlook Express.
In short the newest worm that is out there has created a bot-net (large group of infected Windows computers that are working under the control of the people who made the worm not the owner of the computer) that is more powerful the ALL OF THE SUPER COMPUTERS IN THE WORLD COMBINED. yeah you read that right.
if this bot-net went up against IBM's biggest computer and played chess, it would win. think about that...
What if this bot-net attacked UUNet (major internet backbone. in other words if they go down a large amount of the internet goes down with them you do not have access to the web), or they attacked the stock exchange, or a major bank, or group of banks... yes people this is all the fault of the pathetic security of MS Windows.
bit long, but some of you might wake up if you read it.
Quote:
Storm worm botnet more powerful than top supercomputers
By Sharon Gaudin
7 September 2007 02:08PM
The Storm worm botnet has grown so massive and far-reaching that it easily overpowers the world's top supercomputers.
That's the latest word from security researchers who are tracking the burgeoning network of Microsoft Windows machines that have been compromised by the virulent Storm worm, which has pounded the Internet non-stop for the past three months.
Despite the wide ranging estimates as to the size of the botnet, researchers tend to agree that it's one of the largest zombie grids they've ever seen -- one capable of doing great damage.
"In terms of power, the botnet utterly blows the supercomputers away," said Matt Sergeant, chief anti-spam technologist with MessageLabs, in an interview. "If you add up all 500 of the top supercomputers, it blows them all away with just 2 million of its machines. It's very frightening that criminals have access to that much computing power, but there's not much we can do about it."
Sergeant said researchers at MessageLabs see about 2 million different computers in the botnet sending out spam on any given day, and he adds that he estimates the botnet generally is operating at about 10 percent of capacity.
"We've seen spikes where the owner is experimenting with something and those spikes are usually five to 10 times what we normally see," he said, noting he suspects the botnet could be as large as 50 million computers. "That means they can turn on the taps whenever they want to."
No one could provide detailed and specific comparisons between the strength of the botnet and the top supercomputers, mainly because it is hard to know for sure the size of the botnet or the power of each computer that is part of the botnet.
Adam Swidler, a senior manager with security company Postini, told InformationWeek that while he thinks the botnet is in the 1 million to 2 million range, he still thinks it can easily overpower a major supercomputer.
"If you calculate pure theoretical throughput, then I'm sure the botnet has more capacity than IBM's BlueGene. If you sat them down to play chess, the botnet would win."
Since the botnet won't be entered in any supercomputer competition, what does this mean for the IT or security manager trying to protect a company?
It means the cyber criminals who control the botnet have a tremendous amount of destructive power at their fingertips. Early this summer, the Baltic nation of Estonia was pounded in a cyberwar that saw distributed denial-of-service attack primarily targeting the Estonian government, banking, media, and police sites.
To protect its network, the country had to shut down key computer systems, and targeted sites were inaccessible outside the country for extended periods.
Swidler said he has no doubt if the Storm worm bosses focused a denial-of-service (DoS) attack on a company, Internet service provider, or government agency inside the United States, it could do a great deal of damage.
"I think there's no question they could damage any single company, whether through a DoS attack or a spam barrage," he added. "I'd be less worried about a Yahoo or a Bank of America than the thousands of mid-sized banks that aren't as well protected. But undoubtedly, this could do a great deal of damage."
Swidler said there's always the background thought that an enemy of a country could basically rent the botnet and launch a DoS attack, shutting down government agencies, utilities or financial centers.
"It's a lot of computing power that could be focused to do a lot of damage," he added. "It's grid computing gone bad."
Last month, Ren-Isac, a collaboration of higher-education security researchers, sent out a warning that the Storm worm authors had another trick up their sleeves. The botnet actually is attacking computers that are trying to weed it out. It's set up to launch a distributed denial-of-service attack against any computer that is scanning a network for vulnerabilities or malware.
The warning noted that researchers have seen "numerous" Storm-related DoS attacks recently.
MessageLabs' Sergeant said the botnet also has been launching DoS attacks against anti-spam organizations and even individual researchers who have been investigating it.
"If a researcher is repeatedly trying to pull down the malware to examine it the botnet knows you're a researcher and launches an attack against you," he said.
Lawrence Baldwin, chief forensic officer of MyNetWatchman.com, said he doesn't have a handle on how big the overall botnet has become but he's calculated that 5,000 to 6,000 computers are being used just to host the malicious Web sites that the Storm worm spam e-mails are linking users to. And he added that while the now-well-known e-cards and fake news spam is being used to build up the already massive botnet, the authors are using pump-and-dump scams to make money.
"That's pretty scary," he said. "Cumulatively, Storm is sending billions of messages a day. It could be double digits in the billions, easily."
Swidler said that since mid-July, Postini researchers have recorded 1.2 billion e-mails that have been spit out by the botnet. A record was set on Aug. 22 when 57 million virus-infected messages -- 99 percent of them from the Storm worm -- were tracked crossing the Internet.
According to researchers at SecureWorks, the botnet sent out 6,927 e-mails in June to the company's 1,800 customers. In July, that number ballooned to 20,193,134. Since Aug. 8, they've counted 10,218,196.
http://www.itnews.com.au/News/60752...puters.aspx
wake up people, and secure your networks and secure your computer.
some GREAT ways to reduce the risk of being infected by this cr4p.
1. never run as administrator. create a user account and use that.
2. never use IE or Outlook/Outlook Express unless the computer is not yours and you do not have a choice. If you have to use Outlook due to work and you MUST check e-mails from the house, then do not run Outlook under administrative rights on your computer and lock that account down as tight as you can.
3. get a good AV program like http://free.grisoft.com/freeweb.ph...mR1ROJXWjA" rel="external nofollow" title="www.google.com/url?q=AVG" title="http://free.grisoft.com/freeweb.php/doc/2/&sa=X&oi=smap&resnum=1&ct=result&cd=2&usg=AFQjCNEI1K_8KVnSAIzrr_3RmR1ROJXWjA">AVG" rel="external nofollow">http://free.grisoft.com/freeweb.ph...OJXWjA">AVG or AntiVir both are great and free, or buy the windows vs of F-Prot one of the best AV programs out there. AVG and AntiVir are both free, but F-prot is ONLY free if you run Linux.
4. install and keep updated the following applications:
Adaware Plus FREE this is the free vs, they do have vs you can pay for that do more.
Spybot S&D an other great free product.
SpywareBlaster this will not clean your system of malware, but it will create a blacklist of known URLs that it will prevent your browser and computer from having access to.
those 3 tools are fantastic. MS also offers a tool that since they changed it from bitdefender i have not liked using, but i have heard good things about so that would be yet an other tool to install to help protect you from being infected.
5. stop using IE and start using FireFox or Opera strange that i did not see their newest build 9.5 on the list, but meh it is an other great alternative to IE.
6. stop using Outlook/Outlook Express and start using Thunderbird a free and powerful e-mail client that is much more secure by default then Outlook/Outlook Express or Eudora.
i am not going to say change your OS to Linux or OSx, but both of those will do the same thing as above without waisting all of your system resources on 3rd party protection applications.
so in short, you wounder why i am frustrated with Windows, well now you are starting to see why.
so rate what ever you want, there it is, protect your computers because it is NOT only you who is affected it is the entire world.
this is why i have been saying for a long time it is so important to NOT use specific MS products like IE and Outlook/Outlook Express.
In short the newest worm that is out there has created a bot-net (large group of infected Windows computers that are working under the control of the people who made the worm not the owner of the computer) that is more powerful the ALL OF THE SUPER COMPUTERS IN THE WORLD COMBINED. yeah you read that right.
if this bot-net went up against IBM's biggest computer and played chess, it would win. think about that...
What if this bot-net attacked UUNet (major internet backbone. in other words if they go down a large amount of the internet goes down with them you do not have access to the web), or they attacked the stock exchange, or a major bank, or group of banks... yes people this is all the fault of the pathetic security of MS Windows.
bit long, but some of you might wake up if you read it.
Quote:
Storm worm botnet more powerful than top supercomputers
By Sharon Gaudin
7 September 2007 02:08PM
The Storm worm botnet has grown so massive and far-reaching that it easily overpowers the world's top supercomputers.
That's the latest word from security researchers who are tracking the burgeoning network of Microsoft Windows machines that have been compromised by the virulent Storm worm, which has pounded the Internet non-stop for the past three months.
Despite the wide ranging estimates as to the size of the botnet, researchers tend to agree that it's one of the largest zombie grids they've ever seen -- one capable of doing great damage.
"In terms of power, the botnet utterly blows the supercomputers away," said Matt Sergeant, chief anti-spam technologist with MessageLabs, in an interview. "If you add up all 500 of the top supercomputers, it blows them all away with just 2 million of its machines. It's very frightening that criminals have access to that much computing power, but there's not much we can do about it."
Sergeant said researchers at MessageLabs see about 2 million different computers in the botnet sending out spam on any given day, and he adds that he estimates the botnet generally is operating at about 10 percent of capacity.
"We've seen spikes where the owner is experimenting with something and those spikes are usually five to 10 times what we normally see," he said, noting he suspects the botnet could be as large as 50 million computers. "That means they can turn on the taps whenever they want to."
No one could provide detailed and specific comparisons between the strength of the botnet and the top supercomputers, mainly because it is hard to know for sure the size of the botnet or the power of each computer that is part of the botnet.
Adam Swidler, a senior manager with security company Postini, told InformationWeek that while he thinks the botnet is in the 1 million to 2 million range, he still thinks it can easily overpower a major supercomputer.
"If you calculate pure theoretical throughput, then I'm sure the botnet has more capacity than IBM's BlueGene. If you sat them down to play chess, the botnet would win."
Since the botnet won't be entered in any supercomputer competition, what does this mean for the IT or security manager trying to protect a company?
It means the cyber criminals who control the botnet have a tremendous amount of destructive power at their fingertips. Early this summer, the Baltic nation of Estonia was pounded in a cyberwar that saw distributed denial-of-service attack primarily targeting the Estonian government, banking, media, and police sites.
To protect its network, the country had to shut down key computer systems, and targeted sites were inaccessible outside the country for extended periods.
Swidler said he has no doubt if the Storm worm bosses focused a denial-of-service (DoS) attack on a company, Internet service provider, or government agency inside the United States, it could do a great deal of damage.
"I think there's no question they could damage any single company, whether through a DoS attack or a spam barrage," he added. "I'd be less worried about a Yahoo or a Bank of America than the thousands of mid-sized banks that aren't as well protected. But undoubtedly, this could do a great deal of damage."
Swidler said there's always the background thought that an enemy of a country could basically rent the botnet and launch a DoS attack, shutting down government agencies, utilities or financial centers.
"It's a lot of computing power that could be focused to do a lot of damage," he added. "It's grid computing gone bad."
Last month, Ren-Isac, a collaboration of higher-education security researchers, sent out a warning that the Storm worm authors had another trick up their sleeves. The botnet actually is attacking computers that are trying to weed it out. It's set up to launch a distributed denial-of-service attack against any computer that is scanning a network for vulnerabilities or malware.
The warning noted that researchers have seen "numerous" Storm-related DoS attacks recently.
MessageLabs' Sergeant said the botnet also has been launching DoS attacks against anti-spam organizations and even individual researchers who have been investigating it.
"If a researcher is repeatedly trying to pull down the malware to examine it the botnet knows you're a researcher and launches an attack against you," he said.
Lawrence Baldwin, chief forensic officer of MyNetWatchman.com, said he doesn't have a handle on how big the overall botnet has become but he's calculated that 5,000 to 6,000 computers are being used just to host the malicious Web sites that the Storm worm spam e-mails are linking users to. And he added that while the now-well-known e-cards and fake news spam is being used to build up the already massive botnet, the authors are using pump-and-dump scams to make money.
"That's pretty scary," he said. "Cumulatively, Storm is sending billions of messages a day. It could be double digits in the billions, easily."
Swidler said that since mid-July, Postini researchers have recorded 1.2 billion e-mails that have been spit out by the botnet. A record was set on Aug. 22 when 57 million virus-infected messages -- 99 percent of them from the Storm worm -- were tracked crossing the Internet.
According to researchers at SecureWorks, the botnet sent out 6,927 e-mails in June to the company's 1,800 customers. In July, that number ballooned to 20,193,134. Since Aug. 8, they've counted 10,218,196.
http://www.itnews.com.au/News/60752...puters.aspx
wake up people, and secure your networks and secure your computer.
some GREAT ways to reduce the risk of being infected by this cr4p.
1. never run as administrator. create a user account and use that.
2. never use IE or Outlook/Outlook Express unless the computer is not yours and you do not have a choice. If you have to use Outlook due to work and you MUST check e-mails from the house, then do not run Outlook under administrative rights on your computer and lock that account down as tight as you can.
3. get a good AV program like http://free.grisoft.com/freeweb.ph...mR1ROJXWjA" rel="external nofollow" title="www.google.com/url?q=AVG" title="http://free.grisoft.com/freeweb.php/doc/2/&sa=X&oi=smap&resnum=1&ct=result&cd=2&usg=AFQjCNEI1K_8KVnSAIzrr_3RmR1ROJXWjA">AVG" rel="external nofollow">http://free.grisoft.com/freeweb.ph...OJXWjA">AVG or AntiVir both are great and free, or buy the windows vs of F-Prot one of the best AV programs out there. AVG and AntiVir are both free, but F-prot is ONLY free if you run Linux.
4. install and keep updated the following applications:
Adaware Plus FREE this is the free vs, they do have vs you can pay for that do more.
Spybot S&D an other great free product.
SpywareBlaster this will not clean your system of malware, but it will create a blacklist of known URLs that it will prevent your browser and computer from having access to.
those 3 tools are fantastic. MS also offers a tool that since they changed it from bitdefender i have not liked using, but i have heard good things about so that would be yet an other tool to install to help protect you from being infected.
5. stop using IE and start using FireFox or Opera strange that i did not see their newest build 9.5 on the list, but meh it is an other great alternative to IE.
6. stop using Outlook/Outlook Express and start using Thunderbird a free and powerful e-mail client that is much more secure by default then Outlook/Outlook Express or Eudora.
i am not going to say change your OS to Linux or OSx, but both of those will do the same thing as above without waisting all of your system resources on 3rd party protection applications.
so in short, you wounder why i am frustrated with Windows, well now you are starting to see why.
so rate what ever you want, there it is, protect your computers because it is NOT only you who is affected it is the entire world.
09-15-2007, 04:40 AM
#2
Senior Member
SL Member
Join Date: May 2006
Location: 'Burbs Farmington Hills - go to school in Boulder, CO
Posts: 1,353
so... long story short....
a program is in millions of window computers... and functions as one? so it goes in through IE or outlook and does WHAT?
make it shorter! its 1 am thats why im asking
a program is in millions of window computers... and functions as one? so it goes in through IE or outlook and does WHAT?
make it shorter! its 1 am thats why im asking
09-15-2007, 06:23 PM
#3
Senior Member
SL Member
Thread Starter
iTrader: (2)
Join Date: Mar 2007
Location: Milwaukee, WI
Posts: 366
basically this the bots and zombie program is something that everyone especially big companies that use ie and outlook and others sites constantlly should be more carefull of using because there so easilly hacked. i recieved this message from my i t buddy and like the message says it has already made a police station and bank shut down to protect themselfs. and also stated above if it runs a full scale attack it could shut down the whole of the internet in the us. just think its already at 10 million inffected computers in 3 months, and only running at ten percent.
just trying to make everyone aware that microsoft programs suck and that microsoft is trying to say its no problem cuz they are big bussiness everyone believes them.
so stear clear of using ie outlook and the other programs stated but its your choice !
try doing research on this bots and zombie program and see what happens if your infected your computer will shut down if the virus sees that you are trying to find it!
i cant believe something of this magnatude is happening and still growing.
just trying to make everyone aware that microsoft programs suck and that microsoft is trying to say its no problem cuz they are big bussiness everyone believes them.
so stear clear of using ie outlook and the other programs stated but its your choice !
try doing research on this bots and zombie program and see what happens if your infected your computer will shut down if the virus sees that you are trying to find it!
i cant believe something of this magnatude is happening and still growing.
Thread
Thread Starter
Forum
Replies
Last Post
k1114
Scion tC 1G Forced Induction
0
03-06-2015 03:43 PM
ScionLife Editor
Scion iM Discussion Lounge
0
11-20-2014 05:20 PM