Help stop the botnets that cause DDOS (like the one that killed the forum)

superscaper

I think it's worth everyone getting superantispyware and scanning with it. I use it myself in addition to other antispyware programs.

mountainchrisriver

Forgive my ignorance but is there anything us Mac users need to do, or is this mainly a windows issue??

superscaper

mountainchrisriver wrote: »

Forgive my ignorance but is there anything us Mac users need to do, or is this mainly a windows issue??

There are as far as I know only theoretical/lab created viruses for macs or certainly only 1 or 2 in the wild so I certainly wouldn't worry having a mac. The most devastating botnets take advantage of viruses propogated through windows specifically at the moment. I'm not sure how useful anti virus software would be for a mac at present.

superscaper

There are other threads on this but for the sake of the non techies visiting, here's a repeat of a post I made listing what I personally have, to give you an idea of the security you should be thinking about and the minimum I require to feel comfortable and secure:

Currently installed that I use (some only kind of security related), (f)=freeware (p)=paid/subscription

Firewall: Comodo (f) (don't use Windows built in firewall it doesn't monitor outbound data in XP and Vista's outbound detection is switched off by default)
Antivirus: NOD32 (p) (paid for but worth it for on of the best AVs, alternative paid for AV would be Kaspersky and Steganos)
Antispyware: AVG Antispyware (f), Spybot S&D (f), Superantispyware (f) (I've disabled the active scanning on these so they aren't loaded at boot up, I merely manually scan every so often with all of them, you could also schedule them to run automatically at certain times)
Auto-Backup (online): Mozy Unlimited (p) (only relevant in relation to backing up important data)
Encryption: Truecrypt (f) (not really relevant to most people for security, just for the paranoid of us that want to make sure that any sensitive info on pc can't be read by intruders to your pc, including Mr Government).
Misc. maintenance: CCleaner (f), Hijackthis (f) (useful when having problems other stuff doesn't solve)

This all is a waste of time if you don't also adhere to some common sense PC usage. E.g. don't open unknown email attachments especially anything ending .exe, don't download any software because it appears in a popup you don't recognise telling you to do so etc etc. If you're not sure there are always people hanging about on the techie board that can advise and help. At worst you'll have wasted only a few minutes time making sure something was safe.

Browntoa

bump to the top again

Angua2

I had a suspiciously coincidental attack of a trojan on 26 October, despite running AVG and Kaspersky, as well as other protection..... seemed to coincide with use of Windows Explorer (which self-loaded on government website for email feedback).

Have since done root & registry checks.... getting my pc happier, but there was malware present on 26 oct, too...

What's the opinion on TrojanHunter?

I got so annoyed when I saw Martin's explanation citing a DDos attack, I copied the page and emailed it to Jeremy Vine!

BritBrat

Do we know the IP of the one who caused the problem?

Maybe he could get a return present from the members here.

Totally free of course.

MercilessKiller

lol Britbrat...

Once again a DDoS is where MILLIONS of people send packets to a web server.. by people I mean clients which could be involved unknowingly in a botnet.

So there would be millions of IP addresses. You fancy going through it?

HappyIdiotTalk

BritBrat wrote: »

Do we know the IP of the one who caused the problem?

Maybe he could get a return present from the members here.

Totally free of course.

Unlikely. This sort of thing is all done through the backdoor and automated.

Another good tool for MSE and Internet users in general is 'Active Ports'. This is a simple tool that shows a list of ports (ports are what your computer uses to talk to other computers on a network - in this case the internet).

If you fire it up and it goes ballistic showing loads of green or red active ports firing rapidly its a sure sign your computer might be doing something behind your back, ie taking part in a DDOS attack.

Bare in mind though if you do use this that a normally operating clean system will always show some activity even if your not doing anything yourself. I'll try and elaborate with some further information.

superscaper

MercilessKiller wrote: »

lol Britbrat...

Once again a DDoS is where MILLIONS of people send packets to a web server.. by people I mean clients which could be involved unknowingly in a botnet.

So there would be millions of IP addresses. You fancy going through it?

Not to mention ISPs are very reluctant to give details of who was using the IPs at the time without a court ordered warrant. And then you'd have to do that with every single ISP involved. Even then as MK points out all you'd get to in every case is a home user's PC which by virtue of it being a zombie the PC owner is likely to be quite non-techie. So then computer crime labs would have to forensically disect the PC(s) which I'm sure the PC owners would be reluctant to simply give up their PC (I know I couldn't afford to be without mine), so that's more rounds of warrants. Then there's no guarantee there'll be anything useful. In the example of the Storm Botnet, it detected attempts to probe it and automatically sent DDOS attacks on the expert security firms themselves, knocking their internet connections off for days. At best you'll get new IPs that may have originated from the controllers. So more warrants and more investigation and there's no guarantee that if they're found they'll even be under UK juristiction.