backtop


Print 102 comment(s) - last by Iketh.. on Oct 18 at 2:50 AM


Unbeknowst to you, your computer could be a double agent, committing cybercrime as part of a internet-connected botnet. Over 2.2 million American PCs are part of some botnet, according to Microsoft.  (Source: Ubisoft)
U.S. leads the world in botnet virus infection rates

According to a new 240-page security report from Microsoft dubbed the Security Intelligence Report, America is among the most infected countries in the world when it comes to botnets.  The report uses information collected in the first half of 2010 via the Microsoft Malicious Software Removal Tool.

Over 2.2 million PCs in the U.S. are infected with a virus that makes them part of one of the internet's massive botnets.  The term "botnet" refers to a group of connected computers that can be used for ill purposes such as spamming, distributed denial of service (DDoS) attacks, and mass credit card fraud.

Brazil came in second place for most infected computers, with 550,000 botnet-infected PCs.  Per computer population, though South Korea had the highest rate (though its total number of infected machines is lower than that of the U.S. or Brazil).  In South Korea 14.6 out of 1,000 PCs are in a botnet, versus 5.2 computers out of 1,000 in the U.S.

Cliff Evans, head of security and identity at Microsoft UK, comments to 
BBC News, "Most people have this idea of a virus and how it used to announce itself.  Few people know about botnets."

Fewer people perhaps know about Microsoft's Malicious Software Removal Tool (MRT).  MRT has been is a free tool Microsoft includes with Windows XP, Windows Vista, and Windows 7.  First released in 2005, the tool is easy to run -- just go to "Start", type "run" in the search bar, and then type "mrt" (case insensitive) in the resulting popup.  The tool will then activate and be ready to scan your computer and remove many common types of malware.

Perhaps if everyone learns how to use the MRT, America can escape earning the dubious distinction of being the world's biggest botnet participant in 2011.  Given the general public's ignorance of security, that seems unlikely, though.

Despite the difficulty in getting the public to practice proper security, Microsoft is taking steps to try to win the war against botnet masters on its own.  The company recently seized control over 276 internet domains that were being used by botnet owners.  And it has beefed up the securityof its most recent operating system, Windows 7, making it harder to infect new PCs.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Nay
By Luticus on 10/14/2010 3:11:58 PM , Rating: 2
yes the exploit affects ie 6-8 on winxp - win7 but that's only if you don't have DEP enabled (i think it was) and that's enabled by defualt on ie8. People with the newest browser would have been somewhat safe. Not trying to defend ms here but i think you're over-reacting a bit here. nobody's perfect and exploits will happen on the worlds most used platform.

besides you don't know why they took so long to patch it, perhpas it was just difficult to patch without breaking something else. they obvioulsy didn't want to announce the bug to the world if it remained unpatched for whatever reason.

I mean, it's not like it was hundreds of thousands of citizens machines that got hit, it was google (who should have known better than to use an outdated browser in the first place). I think people give ms much more crap then they deserve. linux distros are really nice, they are not a viable alternative to windows in the main stream. and besides, linux has had it's fair share of security issues which took a little while to get patched just the same, or does someone not remember the faulty key randomization issue they had a few years ago.


RE: Nay
By sprockkets on 10/14/2010 3:49:28 PM , Rating: 2
They list it critical for all OS versions except for Server 2003.

And I understand they have to test patches, but Sept went by, then Nov, then Dec, then Jan, then oh wait, I guess we should release the patch now.


RE: Nay
By Luticus on 10/14/2010 4:01:15 PM , Rating: 2
testing is one thing, but what i'm referring to is patch development. it's not as easy as "oh there's a problem, lets poop out a patch. patching can be tricky because usually patching one thing can break others. sometimes figureing out a way to fix a major feature without totally breaking things or crippling your software can be not only tricky and difficult but nearly impossable.

i write code from time to time and patching the hole in the wall applications i write can take me weeks and sometimes months to do. here you have microsoft, a company that writes apps with millions upon millions of lines of code devided in to dev teams that all work different parts of the software and it's a major app that HAS to work in all aspects on TONS of different hardware platforms with many different software configurations. I'm amazed they get most of the patches out in the time frames they do to be perfictally honest!

MS might not be perfect but be reasonable, i think they deserve a little more slack than they get.


RE: Nay
By sprockkets on 10/14/2010 4:28:47 PM , Rating: 2
Well, it doesn't take 5 months to do that.

And they said it would be released in Sept.

It was a critical vulnerability which caused real harm. They should have released that ASAP, not, "oh let's wait till patch Tue in February."

Remember, they released the patch a few days after Google went public. It was ready to go.

Heck, I turn off automatic updates because I HATE when they decide, "Oh, this update is critical, I'm going to reboot your computer for you while you are not looking."


"I'm an Internet expert too. It's all right to wire the industrial zone only, but there are many problems if other regions of the North are wired." -- North Korean Supreme Commander Kim Jong-il














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki