Network News

X My Profile
View More Activity

Just Your Basic Windows User

During the course of reporting and writing my Post magazine story on botnets and spyware, I attempted to contact dozens of victims of the young botmaster identified in the story as 0x80, but only a handful responded. Among those was Nick Feito, a 27-year-old construction worker from Williamsport, Pa.

Feito, who uses America Online's high-speed Internet service, said he relies on AOL's built-in security -- which includes free firewall and anti-virus software from McAfee Inc. -- to insulate him from the seamier side of the Net.

What Feito couldn't possibly have known is that 0x80 had modified his bot program enough so that the majority of anti-virus programs on the market today would not detect it even if they were equipped with the latest updates.

"Except ClamWin and BitDefender -- they're the only ones that detect my bot," 0x80 boasts over a cup of coffee and a grilled ham-and-cheese at a deserted diner. (ClamWin is a free anti-virus tool for Microsoft Windows, while BitDefender is an anti-virus product made by a company based in Romania.)

But Feito isn't terribly concerned about keeping his computer current with anti-virus updates or Windows security patches. In fact, he can't remember ever installing one.

"I don't really update my Windows," Feito said. "I think I'm just a basic user, you know?"

Feito's attitude toward maintaining his computer is all too common among Windows users. Unfortunately for them, failing to apply patches regularly is the computer-world equivalent of refusing to get inoculation shots against the most deadly human diseases.

Without the protection afforded by security patches and anti-virus updates, Microsoft machines soon become breeding grounds for computer viruses, worms and bots -- destructive programs that eat away at the machine's productivity and stability. For thousands of users like Feito, the presence of spyware and adware on their PCs may be just the most visible symptoms of much larger security problems resident on their machines.

Still, Feito said he was intrigued as to why McAfee did not detect the virus he now knows is installed on his computer. When he learned of 0x80's claims, he promised to download ClamWin and run a complete virus scan.

Two hours later, an e-mail from Feito arrived in a reporter's inbox bearing the diagnosis: ClamWin detected 0x80's bot as "Mytob.T-2," part of an aggressive new breed of "spyware worms" that disables anti-virus and firewall software and then attempts to spread by probing random Internet addresses for security flaws and by e-mailing copies of itself to every Web address found on the victim's computer.

Feito said the whole experience was annoying, but he's still not all that concerned about installing patches. "I do my virus scans now once a week, but nothing really stops me from using my computer."

By Brian Krebs  |  February 17, 2006; 5:40 PM ET
 
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Exploits Released for Newly Patched Windows Flaws
Next: A Interview with 180Solutions' CEO

Comments

Yeh, well, it'd be nice if all windows patches were risk free,
but I had key functions on a laptop made in 2003 ruined
by Windows Service Pack II.
It killed that machine's CD-Rom and CD-music functions,
and the problem resisted many hours of high-level
consultation. That machine remains compromised,
not by a virus, but by service pack 2, which cannot be removed
short of ersing the whole hard drive.
When it installed itself, it erased back-up files in order
to make room for itself.

I am thus VERY suspicious if Windows updates if my machine
has new virus protection and is working properly otherwise.

PLB

Posted by: PLB | February 17, 2006 7:52 PM | Report abuse

I'm an Apple and PC user, and I'm wondering if botnets work on both types of computers the same. I'm much more vigilant about keeping virus protection up to date and using antispyware programs (spybot) on the PC, but to be honest I'm not really too worried about my Apple. Am I deluded?

Posted by: fatbob | February 17, 2006 9:12 PM | Report abuse

You gotta be a lot better hacker than 0x80 to infect a Linux machine.It's just too easy to infect a Windows PC and that is why there are so many botnets.

Posted by: Anonymous | February 17, 2006 9:25 PM | Report abuse

Would be nice to know what OS this guy was using. I mean if he's on 9x, I could understand not updating, but if he's got 2000 or XP, he can't be bothered to flip on automatic updates?

Posted by: Matt | February 17, 2006 11:35 PM | Report abuse

Trying to educate each and every AOL user, patching and hardening their PC's one at a time, is a lost cause.

We need to go after the big fish: The spyware affiliates and businesses that hire hackers to install their garbage. The people who ultimately benefit from these botnets must be made to pay.

Posted by: Ken L | February 18, 2006 2:50 AM | Report abuse

great article... distubing and educational at the same time

Posted by: r | February 18, 2006 9:46 AM | Report abuse

err, make that disturbing

Posted by: r | February 18, 2006 9:46 AM | Report abuse

"Yeh, well, it'd be nice if all windows patches were risk free,...I am thus VERY suspicious if Windows updates if my machine
has new virus protection and is working properly otherwise."

Agreed. In addition, when Microsoft screws up, home computer users don't have the luxury of an in-house computer tech department to fix things. Many of us also have dial-up connections, making the downloading of major updates impractical.

Posted by: John Johnson | February 18, 2006 11:26 AM | Report abuse

Would it be incorrect to speculate that "0x80" was purposefully outed by Brian Krebs -- a reporter that specializes in reporting on information and computer security?

The article contains a fairly detailed physical description of 0x80 as well as the relative location of his home and other miscellaneous information. And then there's the meta data from the pictures included with the story, one of particular interest being the caption tag labeled, "LOCATION: Roland, OK."

All this together would seem to make it rather easy to locate 0x80, assuming the meta data in the photos is correct. Especially when you consider that the latest census information indicates that Roland, OK only has a population of around 3000 people.

PS - Even though some photos have been removed from the story, they're still available on the Washington Post site by using their search tool for "roland, ok" and selecting the photos/video tab in the results.

Posted by: attentive reader | February 18, 2006 12:48 PM | Report abuse

contratulations, you can read slashdot. how smart you are.

i seriously doubt brian had anything to do with that, assuming that is in fact where this kid lives. i'd guess that the inclusion of that information was totally an oversight/accident.

btw, the information does not appear to be on the post's servers anymore.

Posted by: anonymouse | February 18, 2006 12:59 PM | Report abuse

I suppose you know that 0x80 is the x86 assembler instruction for issuing a system call.

Posted by: JR | February 18, 2006 2:59 PM | Report abuse

I sure hope 0x80 is securing his bot-net from other people, folks like him locking down systems to protect what's theirs is the only likely safety from other much worse abuses of distributed computing resources, when people need gigaflops of computing power for something that is illegal and they want to keep anonymous, bot-nets are the ultimate answer. So it would sure be nice to send all those folks who think network security is "someone else's problem" a note thanking them for their participation in biological-weapon research for those who need to do such things anonymously. When Miami gets wiped off the map they'll all be able to blame AOL/McAffee, neat.

Posted by: Solutions | February 18, 2006 5:11 PM | Report abuse

If it is in fact where the kid lives, I completely disagree with this whole conspiracy theory.

I can't see BK reporting on an ongoing saga and intentionally outing his contacts. This would make absolutely no sense. He's not going to blow a good beat.

Everything I've ever heard about BK has been straight and indicated his ethics are of top-notch caliber.

Posted by: 0xdeadbeef | February 18, 2006 9:02 PM | Report abuse

many of the software mentioned, are so annoying to the miseducated end-user that a majority of them ignore the results or don't really care if they have an IRC bot on their system.

Posted by: pretty stupid | February 18, 2006 9:38 PM | Report abuse

If you know Windows is as open and vulnerable, why do you buy into it? Find your head and pull it out, think outside mainstream corporate crap, just because your firends jump off abridge mentality.

Mac OSX, BSD, Linux, ALL much better options, but NOOO you red state voting morons love your M$ products don't you? Wake up and realize you do have a choice!!!

Posted by: Not a PC User.... | February 19, 2006 3:19 AM | Report abuse

I avoid the PC - just unix systems.
Besides being more powerful and having
tons of open sourse software (openoffice.org
xfig, vim, gimp ...) they are virus and hack
free because of their design. Basically
a hacker can't get to the system. So why
are people willing to buy a cheap system
and then waste the rest of their lives fighting it? Buy a decent system and get
on with your life! Mac or Linux or even
a Sun (though their windowing system is gnome
and it is terrible). So Mac or Linux.

Posted by: another unix user | February 19, 2006 8:15 PM | Report abuse

The 0x80 nomenclature indicates that this number is hexadecimal (Base
16, which computers use) instead of decimal (Base 10).

It's spoken form is "hex eighty". I don't know if the subject of your
article is actually "X-eighty", but it would be dificult to discern in
normal speech.

Posted by: J.C. Hyde | February 20, 2006 10:12 AM | Report abuse

Some of us don't have the luxury of being able to use anythign other than Windows, because some of us have disabilities that do not allow us to use computers without software that's only available on Windows. Also, many people don't even know what Linux is--how can they with all the major computer brands selling nothing but Windows XP? And--as we're now starting to see proof of--Apple isn't any better in regards to this kind of thing, either.

I know that 0x80 said that only Bit Defender and ClamWin coudl detect his bot, but I"m wondering if NOD32 might be able to, as well, since most people have never ever heard of the program. I really can't stand Bit Defender's system resource-grabby nature.

Posted by: Drew Mochak | February 22, 2006 1:54 AM | Report abuse

This kid is your run-of-the-mill 'skiddy', and windoze users are your run-of-the-mill 'lusers.'

Both, in concert, steal the bandwidth of the people who know what they're doing on the Internet; and cconstitute an international public nusiance.

Interestiingly enough, the smugly-ignorant, Mac-luser crowd is joining the ranks of the windoze-lusers;; and should be similarly reviled by intelligent people, for whom the Internet has been a personal playground and social networking venue for more than 30 years.

Ignorance takes something wonderful and turns it into an open cesspool at high-noon in August. Go back to watching The Simpsns & Married With Children, and leave us alone.

Posted by: Phobos | February 23, 2006 2:23 PM | Report abuse

I sure hope the FBI is knocking on this criminal's door right now.

I sure hope, if the FBI is not knocking on his door, that he's running so scared that he's shut down his operation.

Posted by: Catch the Criminal | February 24, 2006 12:29 PM | Report abuse

seems phobos thinks he is smarter than everyone because he uses linux or unix or whatever, but he is still cruising the internet for free just like everyone else. he doesn't own it just because he uses it.

Posted by: johnnoi | February 26, 2006 9:14 PM | Report abuse

to say that computer users are dumb and deserve to have their machines infected is like saying that people deserve to die or get sick because they haven't gone to medical school and learned medicine.

Posted by: friend | February 28, 2006 5:28 PM | Report abuse

{Agreed. In addition, when Microsoft screws up, home computer users don't have the luxury of an in-house computer tech department to fix things. Many of us also have dial-up connections, making the downloading of major updates impractical. }

And they've screwed up big-time again with the patch released on April 12 (MS06-015. Users who have installed HP scanner or camera software will not be able to open or save files in Word or Windows among other things. They insist that you must install this patch immediately. The fix for their screw-up is posted as a technical document (which of course most home users will never find) and involves a complicated (from a home user point of view) registry edit.

Does MS really expect my grandmother to be able to do this? It is going to cost a bundle for users to take their computers in to be fixed after applying this patch. Hopefully, some of them will be fed up enough to switch to MACs where they won't have to deal with this crap.

The MS response to the problem that their patch causes is cavalier and irresponsible!

Posted by: Anonymous | April 16, 2006 10:25 AM | Report abuse

I think this blog is quite interesting.

Posted by: Ivailo | August 23, 2006 1:33 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company