- Related Stories
-
Zombie PCs being sent to steal IDs
March 14, 2005 -
Report: Crooks behind more Net attacks
November 16, 2004 -
Plague carriers: Most users unaware of PC infections
October 25, 2004 -
'Zombie' PCs caused Web outage, Akamai says
June 16, 2004 -
Alarm growing over bot software
April 30, 2004
The study, carried out by the German Honeynet Project, found that more than 80 percent of Web traffic from the networks of compromised computers used four ports designated for resource-sharing by various versions of Windows. The research also indicated that the vulnerabilities behind some of the exploits used to take over a PC can be found by searching for information on Microsoft's security bulletins.
"Clearly most of the activity on the ports...is caused by systems with Windows XP (often running Service Pack 1), followed by systems with Windows 2000. Far behind, systems running Windows 2003 or Windows 95/98 follow," Honeynet Project researchers wrote in the report.
Microsoft responded by reiterating its commitment to secure engineering platforms in the face of botnet attacks, which it said were often carried out for illegal ends.
"Creating malicious IT and data threats is a criminal offense that affects everybody. This type of criminal activity is usually driven by financial motive, and criminals often target the Microsoft platform and its applications because of its large installed base," the company said in an e-mailed statement. "This is however a serious cross-industry issue, where no organization is immune from the threat."
The most exploited Windows ports found in the research were: port 445/TCP (used for file sharing); port 139/TCP (used to connect to file shares); port 137/UDP (used to find information on other computers); and 135/TCP (used to execute code remotely).
Botnets are commonly used for denial-of-service attacks, where a target computer is overloaded with data and fails. They are also used for spamming, spreading malicious software, manipulating online polls and mass identity theft.
From the beginning of November 2004 until the end of January 2005, researchers saw 226 denial-of-service attacks against 99 unique targets. They looked at 100 botnets in the four-month period and saw 226,585 unique IP addresses involved with at least one of the botnets monitored.
Dan Ilett of ZDNet UK reported from London.
See more CNET content tagged:
denial of service, researcher, Microsoft Corp., Microsoft Windows, security
<">
<The most exploited Windows ports found in the research were: port 445/TCP (used for file sharing); port 139/TCP (used to connect to file shares); port 137/UDP (used to find information on other computers); and 135/TCP (used to execute code remotely).>
Not to nitpick, but ports are not tied to a platform, although some ports are used by certain OSes. Ports are an unsigned short integer, anlogous to a process ID, nothing more. There is nothing inherently unsecure about a number. Sloopy and/or rushed programming in windows is what makes it insecure.
Microsoft products are used to exploit and attack because it is the easist, by miles.
<">
<The most exploited Windows ports found in the research were: port 445/TCP (used for file sharing); port 139/TCP (used to connect to file shares); port 137/UDP (used to find information on other computers); and 135/TCP (used to execute code remotely).>
Not to nitpick, but ports are not tied to a platform, although some ports are used by certain OSes. Ports are an unsigned short integer, anlogous to a process ID, nothing more. There is nothing inherently unsecure about a number. Sloopy and/or rushed programming in windows is what makes it insecure.
Microsoft products are used to exploit and attack because it is the easist, by miles.
That's like saying thieves that want big scores rob museums and not the halls of elementary schools. What a real shocker.
That's like saying thieves that want big scores rob museums and not the halls of elementary schools. What a real shocker.
although it isn't legal to use these bot nets as they are used
does NOT make it right to have an indefensible file system core!
The face that Microsoft bulletins are used to reveal ways to
exploit windows computers is such a nod to the concept; it's the
best way to understand and locate registry keys to circumvent
Microsoft's useless attempts at security! Firewall and virus and
all other software that impede the exploits can be easily
defeated by their registry keys! It will never end as long as there
is the worthless registry!
It's what is allowed by the code and what the code defaults to allowing that are behind much of the problem. Blaming the problem on the "registry" is no more intelligent than blaming it on the "disk drive".
- Registry!
- by March 16, 2005 8:19 PM PST
- I agree with the previous replies. The bottom line is that
- Like this Reply to this comment
-
-
- Not a Registry problem
- by aabcdefghij987654321 March 17, 2005 1:00 PM PST
- The Registry is simply a place where configuration options are stored. It's a clever system that would be beneficial to Unix systems where the configuration information is scattered to the four winds.
- Like this View all 3 replies
Processing -
(14 Comments)although it isn't legal to use these bot nets as they are used
does NOT make it right to have an indefensible file system core!
The face that Microsoft bulletins are used to reveal ways to
exploit windows computers is such a nod to the concept; it's the
best way to understand and locate registry keys to circumvent
Microsoft's useless attempts at security! Firewall and virus and
all other software that impede the exploits can be easily
defeated by their registry keys! It will never end as long as there
is the worthless registry!
It's what is allowed by the code and what the code defaults to allowing that are behind much of the problem. Blaming the problem on the "registry" is no more intelligent than blaming it on the "disk drive".