backtop


Print 102 comment(s) - last by Iketh.. on Oct 18 at 2:50 AM


Unbeknowst to you, your computer could be a double agent, committing cybercrime as part of a internet-connected botnet. Over 2.2 million American PCs are part of some botnet, according to Microsoft.  (Source: Ubisoft)
U.S. leads the world in botnet virus infection rates

According to a new 240-page security report from Microsoft dubbed the Security Intelligence Report, America is among the most infected countries in the world when it comes to botnets.  The report uses information collected in the first half of 2010 via the Microsoft Malicious Software Removal Tool.

Over 2.2 million PCs in the U.S. are infected with a virus that makes them part of one of the internet's massive botnets.  The term "botnet" refers to a group of connected computers that can be used for ill purposes such as spamming, distributed denial of service (DDoS) attacks, and mass credit card fraud.

Brazil came in second place for most infected computers, with 550,000 botnet-infected PCs.  Per computer population, though South Korea had the highest rate (though its total number of infected machines is lower than that of the U.S. or Brazil).  In South Korea 14.6 out of 1,000 PCs are in a botnet, versus 5.2 computers out of 1,000 in the U.S.

Cliff Evans, head of security and identity at Microsoft UK, comments to 
BBC News, "Most people have this idea of a virus and how it used to announce itself.  Few people know about botnets."

Fewer people perhaps know about Microsoft's Malicious Software Removal Tool (MRT).  MRT has been is a free tool Microsoft includes with Windows XP, Windows Vista, and Windows 7.  First released in 2005, the tool is easy to run -- just go to "Start", type "run" in the search bar, and then type "mrt" (case insensitive) in the resulting popup.  The tool will then activate and be ready to scan your computer and remove many common types of malware.

Perhaps if everyone learns how to use the MRT, America can escape earning the dubious distinction of being the world's biggest botnet participant in 2011.  Given the general public's ignorance of security, that seems unlikely, though.

Despite the difficulty in getting the public to practice proper security, Microsoft is taking steps to try to win the war against botnet masters on its own.  The company recently seized control over 276 internet domains that were being used by botnet owners.  And it has beefed up the securityof its most recent operating system, Windows 7, making it harder to infect new PCs.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Nay
By sprockkets on 10/14/2010 1:30:39 PM , Rating: 0
quote:
Mac advocate or not, the bulletin you linked has nothing to do with the Windows Operating System. It's for Internet Explorer. Those are completely separate software entities and you can use one to infer that the other is insecure. It would be like myself (or another poster) linking a known defect with Safari web browser and claiming that Mac OS X is insecure. That is simply not the case, Safari has a problem, not Mac OS X.


Wrong.

IE built into Vista and Win7 has new safeguards preventing code execution out of the browser, aka sandboxing. They've said that any vulnerability, even if it was a zero day exploit, could not control IE to hack the computer.

The OP was referring to new technologies built into the OS to prevent exploits. None of those prevented remote code execution according to Microsoft.

And seeing as how they again, sat on a fix for months before releasing it until it became a PR issue means it's business as usual for Microsoft.


RE: Nay
By omnicronx on 10/14/2010 2:08:15 PM , Rating: 2
IE has not been truly built into windows explorer since IE6.

They are separate entities, although its a bit more complicated than that. I think there is a core package that must be installed whether you are using IE or not.

But its not like it used to be, built directly into Windows Explorer.

P.S Where did you see they withheld anything? MS releases security patches all the time(patch Tuesday for non critical, and a critical patch if required), why would this be a PR nightmare over other IE flaws that have been patched?


RE: Nay
By sprockkets on 10/14/2010 2:16:34 PM , Rating: 2
quote:
IE has not been truly built into windows explorer since IE6.


quote:
But its not like it used to be, built directly into Windows Explorer.


Where did I say it was? I said it has new safeguards ONLY available in Vista/Win7.

quote:
P.S Where did you see they withheld anything? MS releases security patches all the time(patch Tuesday for non critical, and a critical patch if required), why would this be a PR nightmare over other IE flaws that have been patched?


http://www.zdnet.com/blog/security/microsoft-knew-...

From the article:

quote:
The vulnerability used in the attacks (CVE-2010-0249) was privately reported to Microsoft last August by Meron Sellen, a white-hat hacker at BugSec, an Israeli security research company. Microsoft program manager Jerry Bryant said the company confirmed the severity of the flaw in September and planned to ship a fix in a cumulative IE update next month.


"Intel is investing heavily (think gazillions of dollars and bazillions of engineering man hours) in resources to create an Intel host controllers spec in order to speed time to market of the USB 3.0 technology." -- Intel blogger Nick Knupffer














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki