new SSH botnet

“These points of evidence, while not damning, lead us to believe a possible link exists to an actor operating in China or an actor masquerading as Chinese,” Akamai researchers wrote.
Click to expand...

Better idea. Quit doing business with China.
 
  • Like
Reactions: mer
sko It just seems that too many bad things like this come out of China. Yes, elsewhere, too, but too much from a supposedly developed country that wants to play with the rest of the world. And here we are buying goods from them and letting them manufacture our stuff and let them insert malware into routers and everything else.

The way you teach such places a lesson is you don't play with them anymore.

And this is a fantastic opportunity for others to up their game and make a name for themselves. Mexico! Brazil! Where are you? Or are you too busy with the drug trade? Ohio just got billions from Intel to start up a fab plant!

Sorry but all this is on the edge of political and I don't mean it to be. It's a business point of view, not political.
 
The same "logic" applies to several other countries and their (e.g. 3-letter) agencies.
Also following your logic: The OS that is BY FAR the single biggest factor in the existence and spread of malware comes from a US-based company...
And: A lot of botnets and spam waves also origin from clouds operated by US-based companies as well as e.g. Europe-based ones like OVH. Heck, I've even seen ongoing credential stuffing attacks from UK or Sweden based prefixes. Our mailservers once had a small wave of attempted logins from a few IPs in switzerland. I could go on like this for quite a while - the point is: Those are bots - they don't care about trivias like geography. They just find badly configured/maintained machines and infect them. The end.
Just look at population numbers and it's clear why a lot of botnets seem to concentrate on a few countries where "accidentally" a major percentage of the world population lives.

I don't mean to defend anyone here - I just can't stand it when the stupidity and/or malice of a few individuals are generalized and reduced to a stereotypical prejudice about nationality/ethnicity/colour/belief etc... I don't know, maybe that's because I'm just old enough to have witnessed the last few years of the old internet-culture (mainly in IRC and usenet) that went by the standards of "I don't care where you live, how you look or what you believe - I just care about what you do, how you use your skills and how you treat other beings", but I still go by that standard.


And sorry to everyone else for dragging this thread so far off topic
 
drhowarddrfine said:
sko It just seems that too many bad things like this come out of China. Yes, elsewhere, too, but too much from a supposedly developed country that wants to play with the rest of the world. And here we are buying goods from them and letting them manufacture our stuff and let them insert malware into routers and everything else.

The way you teach such places a lesson is you don't play with them anymore.
Click to expand...
Based on your profile you are hailing from the USA.

According to the nifty stats provided by Spamhaus you are in for a nasty surprise:

1644586146026.png


Congratulations, America is the worst spam enabling country on the globe by a long shot!

In terms of botnet countries 3rd place - there's definitely room for growth:
1644586196107.png


But - hooray - the worst botnet ISP on the globe already is American, it's Amazon!
1644586241092.png


Aside that: are you aware about TAO by NSA? It might be that Chinese hardware is not to be trusted, but the same does apply to American as well. Buying American network equipment instead of Chinese is basically just replacing Chinese spyware stuff with NSA spyware stuff. In fact it's hard to proof the trustworthiness of any of todays' hardware at all due to its complexity and complicated supply chains.

And the reason why China is producing so much stuff for us is that our companies wanted to make more profit, so they moved many jobs there. This is nothing we can blame China for, but only ourselves. And in the end this is just how capitalism works.

And as a matter of fact Canada is trying to attract new tech companies, which think Silicon Valley is too expensive, right now - successfully. Cities like Vancouver, Edmonton, Toronto, Montreal and Ottawa have got their fair share of such companies.
 
drhowarddrfine said:
Yes but I'm talking about malicious bots that take down or control or steal information from servers as the article above is about
Click to expand...
This specific malware could also be used to proxy spam. It's also modular, meaning they can add/remove functionality.
 
SirDice said:
This specific malware could also be used to proxy spam. It's also modular, meaning they can add/remove functionality.
Click to expand...
Sounds a lot like some of the state-funded malware like the "staatstrojaner" they still desperately want here in germany...

So we are pretty much still at "yes, we are also bad, but they are bad in a slightly different way" - regardless of who is pointing at whom.
 
sko said:
… I just can't stand it when the stupidity and/or malice of a few individuals are generalized and reduced to a stereotypical prejudice about nationality/ethnicity/colour/belief etc…
Click to expand...

Thank you.

sko said:
… maybe that's because I'm just old enough to have witnessed the last few years of the old internet-culture (mainly in IRC and usenet) that went by the standards of "I don't care where you live, how you look or what you believe - I just care about what you do, how you use your skills and how you treat other beings", but I still go by that standard. …
Click to expand...

sko probably also because you're not stupid.
 
sko said:
Also following your logic: The OS that is BY FAR the single biggest factor in the existence and spread of malware comes from a US-based company...
Click to expand...
I just noticed this. You are confusing where the base product is made with where malware comes from. You can't blame the US for drunk driving accidents in France just cause they drive a Ford. In the same way, you are blaming the US for malware because some other country uses Windows to serve malware.
 
eternal_noob Again, we're not talking about the same thing. You are talking government initiated spying. Malware used for nefarious take downs by individuals as hackers is not the same thing.

EDIT: A quick Google search seems to show that China does far more such things, and causes far more disruption, than any other country but I'll have no more to say about this.
 
I don't conflate the NSA with the USA. As a US citizen, I'm opposed to what they do. But, who is the USA? Is it them? Or is it us?

Likewise, I don't conflate the Chinese government with the Chinese people. Who is China? Is it the government, or is it the people?

We may all be ultimately responsible for what others do in "our" name, but none of us can fully control it.
 
drhowarddrfine said:
we're not talking about the same thing. You are talking government initiated spying. Malware used for nefarious take downs by individuals as hackers is not the same thing.
Click to expand...
Of course it is. It's both unwanted penetration. For me it doesn't make a difference who invades my space. An invader is an invader.
 
eternal_noob said:
Snowden taught us that the NSA is the worst hacker around the globe. It's just hypocritical to blame China.
Click to expand...
Incorrect. Snowden taught us that the NSA at the time did a lot of unethical and illegal things. That was about 7 or 8 years ago. Much has changed since, perhaps for the better, or perhaps for the worse. We can be pretty sure that the NSA doesn't do the same things any more. What we don't know is whether the actions of the NSA are now better or worse.

But even when Snowden showed us a lot of stuff, we didn't know what other country's agencies do, and how it compares. We know that several other countries have very active cyber-espionage and sabotage programs (Russia, China, Israel, North Korea), and that in some countries (mostly the same list) that uses a cooperation between government agencies, private companies, and/or criminal elements.

Simply saying "the NSA is the worst" is completely wrong. The NSA is the one that had some of its internals exposed, no more and no less.

eternal_noob said:
Of course it is. It's both unwanted penetration. For me it doesn't make a difference who invades my space. An invader is an invader.
Click to expand...
But it makes a huge difference about how to react and how to protect yourself whether the invader is a government spying agency (which just gathers information), a legitimate business, a set of criminals trying to steal your stuff, or a government agency (typically a military) trying to disrupt your operations, perhaps using technology from or working with a company, or a set of criminals that operate with implicit government blessing.
 
sko said:
and again, everybody: don't ? use ? password ? based ? logins ? for ? ssh ?
Click to expand...
You're saying I should disable root login as well? :p

Also, I think these attacks are coming mainly from China because China still uses Windows XP in large numbers.
And if you don't have every security patch installed that ever came out for WinXP, all you need to do is connect your XP host to the internet.
15 minutes later you will have a bot running on your system.

[edit]We've actually hooked up a WinXP host WITHOUT any service packs to the internet. We've had over a thousand 'malware' files on that system after 15 minutes. That was in 2008.[/edit]
 
eternal_noob said:
This made me laugh, thanks.
Click to expand...
Every company that I've ever worked for, that had some linux boxes, had root login as well as password login enabled.
It's funny from our perspective. It's horrifying if you work there.

Also: I highly recommend running an ssh honeypot on port22.
It is educating as well as entertaining to watch.
 
ralphbsz said:
whether the invader is a government spying agency (which just gathers information), a legitimate business, a set of criminals trying to steal your stuff, or a government agency (typically a military)
Click to expand...
The NSA was caught in industrial espionage a long time ago. And the implied OR in your list, reality suggests to have this seen as an AND. Only the order of them might change. And yes, they ALL do this.
 
F.B.I. Secretly Bought Israeli Spyware and Explored Hacking U.S. Phones
jan. 28, 2022

Israel used the NSO Group’s software as a tool of diplomacy. The F.B.I. wanted it for domestic surveillance.

it is widely regarded as the world’s most potent spyware, capable of reliably cracking the encrypted communications of iPhone and Android smartphones.

The software, Pegasus, made by an Israeli company, NSO Group, has been able to track terrorists and drug cartels. It has also been used against human rights activists, journalists and dissidents.

The U.S. had also moved to acquire Pegasus, The Times found. The F.B.I., in a deal never previously reported, bought the spyware in 2019, despite multiple reports that it had been used against activists and political opponents in other countries. It also spent two years discussing whether to deploy a newer product, called Phantom, inside the United States.

The discussions at the Justice Department and the F.B.I. continued until last summer, when the F.B.I. ultimately decided not to use NSO weapons.

But Pegasus equipment is still in a New Jersey building used by the F.B.I. And the company also gave the agency a demonstration of Phantom, which could hack American phone numbers.

www.nytimes.com

F.B.I. Secretly Bought Israeli Spyware and Explored Hacking U.S. Phones

Israel used the NSO Group’s software as a tool of diplomacy. The F.B.I. wanted it for domestic surveillance. Then everything soured. Here are highlights of a New York Times Magazine investigation.
www.nytimes.com www.nytimes.com
Click to expand...

SSH...pffft. Never used it.
 
You must log in or register to reply here.
Back
Top