On Thu, Apr 26, 2012 at 10:03:44PM -0400, Jeff Kell wrote:
And what about the millions of users unknowingly infected with "something else" ??
s/millions/hundreds of millions/ We passed the 100M zombie/bot mark years ago and nothing has happened in the interim that should/would cause the trend to reverse. (Based on what I've seen, the curve continues to monotonically increase.) Worse, even the most sophisticated measurement techniques we have are guaranteed to miss some unknown/unknowable fraction of the total population, since botmasters are known to keep reserves. And worse yet, we're now seeing infestations of portable devices/phones, systems running MacOS, etc., so while it's been, to this point, a Windows problem to about five to seven 9's, it's not anymore, and it's not going to be.
Does anyone have a plan?
No. Well, that's a bit unfair: lots of people have ideas, proposals, and such, but until/unless there's a massive, coordinated, focused effort -- which will cost a LOT of money -- those ideas and proposals can have (at best) temporary, localized effects. I would like to think that the software vendors whose products are involved would step up, but if that was going to happen, it probably would have happened by now. The most likely outcomes are: (1) that the status quo will continue: massive amounts of attention, effort, and money will be focused on mitigating the consequences (e.g., anti-spam, anti-phish, anti-DDoS, anti-malware, anti-anti-anti defenses) and almost none will be focused on addressing the root causes. (2) Those running networks which are infested on a systemic and chronic basis will continue to do so and will not be held accountable (by anyone) for their incompetence. (3) More sophisticated bot-creating software will be developed and thoroughly tested against anti-malware products before being deployed. (4) Botnet command and control mechanisms will become more resilient in the face of attacks. (5) Every now and then, some vendor and/or some government agency will have a press conference and engage in self-congratulatory chest-beating about how they've taken down a 5-million member botnet, while botmasters are busy recruiting all 5 million still-compromised systems into new botnets. (6) Once in a while, some poor unsuspecting person sitting in front of one of these systems will be stuck holding the bag when clueless prosecutors, assisted by thoroughly ignorant judges and stunningly inept "experts", decide to score some election-year points by destroying an innocent person's life: see "Julie Amero" for a canonical example. (7) Data harvested from all these systems will continue to be collated and sold to spammers, phishers, identity thieves, blackmailers, and anyone else with a passing interest in the usable contents of large numbers of systems. (8) Legislators and politicians who cannot even use computers will propose and likely pass bill after bill after bill which not only makes the situation worse, but uses it as an excuse to destroy the few remaining protections that citizens have against wholesale government snooping into their private lives. As a bonus, they'll ensure that much of this information is passed along to any private contractors who've made sufficient campaign contributions, and they in turn will be hacked by the first bored 17-year-old with an attitude that takes note of their existence. Oh. Almost forgot. At each step, the favorite phrases of people who've failed to learn from history, failed to heed warnings, failed to educate themselves, failed to listen to experts and now wish to distance themselves as far as they possibly can from the direct consequences of their own choices and actions will be used: "nobody could have predicted" and "we take this matter seriously" ---rsk