Monday, February 20, 2006

Invasion of the Computer Snatchers

Here is a very fun paper on bots, botnets, their owners and victims. Three quotes from Invasion of the Computer Snatchers follow:

About one botnet owner: "The young hacker doesn't have much sympathy for his victims. 'All those people in my botnet, right, if I don't use them, they're just gonna eventually get caught up in someone else's net, so it might as well be mine,' 0x80 says. 'I mean, most of these people I infect are so stupid they really ain't got no business being on [the Internet] in the first place.'"

About the victim: "He eventually opted to buy a new PC rather than spend the time and money to repair the infected one. 'It just made more sense for me to get a new $300 Dell that came with a free monitor that was better than the one I had,' he says."

About one botnet fighter: "When Norris called the company with the bad news, its poorly trained network administrator had no idea how to respond. "I call this guy up and say, 'Hey, you've got 10,000 infected computers on your network that are attacking me,' and this guy is basically, like, 'Well, what do you want me to do about it?' ""

UPDATE as of 02/21/2006: thru image metadata leakage, some folks actually identified the small town and a possible place where the "botmaster" lives. Check out this discussion for more details. The lesson? Watch the metadata when posting documents online! It not only applies to DOCs and PDFs, but also pretty much all common image formats!

Dr Anton Chuvakin