LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LK2008: The values of the Linux community

LWN.net Weekly Edition for October 9, 2008

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Compromised systems: $0.10 each

[Posted May 12, 2004 by corbet]

Much attention has been given to the arrest of the Sasser worm author, but, as this Register article notes, the arrest of the author of Phatbot may be more significant. Phatbot, as described by CERT, propagates from one Windows system to the next via a whole set of vulnerabilities. Once established, it connects to an IRC server and awaits orders on what to do next. Systems compromised by Phatbot can be used for spamming, DOS attacks, and more.

The interesting thing, perhaps, is the note that there is a market for access to Phatbot zombie systems; the going price for "non-exclusive" use of a compromised box is estimated to be about 10 cents.

The emergence of a market for compromised systems has the potential to change the dynamics of the security landscape somewhat. Many compromises are carried out by "script kiddies" who are breaking into systems for the fun of it. Others are attacked by crackers with specific goals: access to supercomputers or confidential information, for example. People who "have nothing worth stealing" on their systems have often taken a relaxed approach to security; even if they get broken into, they claim, there is very little that can actually happen.

In a world where zombie systems can be sold, everybody has something worth stealing. As this market develops, expect an increase in attacks as crackers race each other to control vulnerable systems and the money-making potential they represent. Sooner or later, a niche market for compromised Linux systems is almost certain to come into being as well. That will not be a welcome development for system administrators who were not looking for additional motivation for attacks on their systems.

(Log in to post comments)

Compromised systems: $0.10 each

Posted May 13, 2004 3:18 UTC (Thu) by lacostej (subscriber, #2760) [Link]

I have a friend who works on a site politically engaged on the Israely/Palestinien site. They got kicked out by the ISP because they were getting DDOSed. at 0.1$ the machine I can understand how easy it is to create problems...

Thanks for analysis, Jon!

Posted May 13, 2004 8:03 UTC (Thu) by angdraug (subscriber, #7487) [Link]

I completely missed this aspect of Phatbot, thanks for pointing it out! This kind of insight is precisely why I read LWN and increasingly find that I rely on it as a primary, if not sole, news source.

Thanks again for analysis, Jon!

Posted May 15, 2004 1:11 UTC (Sat) by bajw (subscriber, #11712) [Link]

No kidding! I renewed my subscription. Thanks for the great reporting, Jon and thanks for the reminder, angdraug.

Compromised systems: $0.10 each

Posted May 18, 2004 1:17 UTC (Tue) by mceesay (guest, #2806) [Link]

This article is an excellent reminder of why things like Openwall, exeshield, LSM and SELinux are needed in order to raise the bar for would-be crackers.

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds