Razing Rustock

[Tunnelcat]

Speaking of spying on the net, here's the detailed scoop on how the government and Microsoft brought down the Rustock Botnet. Sure doesn't give me the warm and fuzzies that it won't be back. Like trying to squash flies, more will get into the house, especially if Rustock was state sponsored. Seems like more money went into this thing than your average lone hacker would've been capable of setting up.

http://www.businessweek.com/magazine/co ... 712001.htm

[snoopy]

Interesting.

Here's my take on cyber crime & botnets:

Both would take a major hit if individuals did two things:
1. Don't patronize the spammers, and delete their email without opening
2. Secure your own machines to the best of your ability, keeping up to date with anti spyware, anti malware, etc.

[Krom]

0. Don't install Adobe software.

The most common vector I've noticed lately is embedded adobe pdf exploits served up on compromised web pages. It is popular because it is cross-browser impacting IE, firefox, chrome, opera, safari, etc (anything adobe writes a pdf plugin for) and it has a huge installed user base.

Botnets specifically are different from other kinds of malware in how they behave on an infected system. Unlike things like the fraudulent "Antivirus 20xx" programs (which are for credit card theft) that pop up windows and spam your desktop endlessly, purpose built botnets run in the background and use methods to deliberately avoid attracting attention from the user.

I suspect this cat and mouse game will continue for a long time, it is one of the costs of the freedom we enjoy on the internet.

[Duper]

Krom,

Do you have substitutes to recommend for flash and the like? Much of what is used now uses adobe of some kind.

[Krom]

Flash is proprietary so unfortunately there is no substitute (at least pending widespread HTML5 adoption). But you can minimize the risk by using adblockplus and noscript in firefox to block/disable most flash content before it loads unless you expressly want to enable it on a specific site.

You can avoid the adobe pdf reader though, use an alternative reader such as foxit and don't install the browser plugins for it. Costs a little bit more effort but definitely sabotages the embedded pdf vector.

[TigerRaptor]

I've been using a program called, Enhanced Mitigation Experience Toolkit for problems like that. Sounds like a mouthful. I configured FireFox, Foxit reader, Outlook and a bunch of others. Doesn't hurt to be a little safer.

How it works if any one is interested.

http://www.h-online.com/security/featur ... 02501.html

http://www.microsoft.com/downloads/en/d ... 5192c491cb

[Isaac]

What about installing adobe products on linux for chrome and firefox? I have the option for flash block, but I never use it. And also, I don't use the pdf reader from adobe (it's slow and fat). I use something else.

[Sirius]

They may have different vulnerabilities, but I bet they still have vulnerabilities.

[Avder]

I ★■◆●ing hate flash. Why cant they just implement an easily streamable version of .avi files to put on youtube?

[Sirius]

Pretty much because nobody can agree on the codec to use thanks to BS politics.

[Avder]

Seems to me if YouTube implemented it, everyone would have to support it.

[Spidey]

Flash was really intended to display vector graphics, and have a web friendly file size…why it’s used for rastor movies, is beyond me.