TELECOM Digest OnLine - Sorted: Re: Spammers Jump on Latest MS Hole

Re: Spammers Jump on Latest MS Hole

Thu, 14 Sep 2006 15:43:49 -0400 wrote:

> DLR wrote:

>>> What is a "bot" program, as opposed to other kinds of computer
>>> programs?

>> It is a slang term for a program that runs in the background and take
>> "orders" from somewhere else on the Internet. Short for robot. If you
>> have one, someone else controls your computer. Typically they let you
>> think you still have control and just use it to do their dirty work
>> without (they hope) you knowing what's going on. Like someone taking
>> your car each night from 1 am to 4 am to delivery drugs.

> Thanks for your explanation. It mades things clearer. I hope you
> won't mind a few more questions.

> What is the "background" on your computer? (In S/360-DOS days, we had
> a background and foreground partitions.) Why can't we, as the owner
> of the PC, control what is and what is not run in the "background"?

In the days you refer to everything but the console control program
was background. If you root around in some of the deeper recesses of
your Start / All Programs menu on Windows you'll find a program that
will show you (if you ask) everything going on at one time. There are
literallly at least a dozen or so at a minimum just to make things
work, allow you to print, surf, etc ... What the "really good" bots do
is insert themselves into one of the "standard" background processes
so it's not obvious that they are there. And there are other ways of

> I suspect the answer to my question is that PCs today are highly
> automated which allows for much of this junk to happen in the first
> place. In its simplest state, a computer would require someone to
> physically load and then execute each and every program desired.
> Modern machines are automatic. That is, if you're browsing a website
> that sends you a .PDF file, your browser program automatically brings
> up the Adobe program to read it. I presume there's lot of other stuff
> we lay people don't even know about going on, and the hackers take
> advantage of that underworld.

A LOT of other stuff. If you're reading email, the email program
doesn't really print. It asks another process to do that. If you send
email, it hands off the message to an email sending process which
hands it off to a TCP/IP process which hands it off in bits to a
driver which ...

> I heard that M/S's new "Vista" will be _less_ automatic as a safety
> measure. I sure hope so.

Yes and no. The core problem with various versions of Windows is that
they made a decision 20 years ago to make it easy for a program to
access data from across the network and display it on your computer
using code from another computer. This is a security flaw that they've
been plugging ever since. But to turn it off would break vast amounts of
things that consumers use day to day. They're stuck in a hole they dug
and now aren't even allowed to fill.

>>> What allows and causes a foreign unauthorized program to start
>>> execution on a computer where it doesn't belong?

>> Three main ways.

>> 1. You are on the Internet without a router or with one but not behind
>> a NAT setup which means you are exposed to the outside world.

> Could you explain what "NAT" is and does?

In REAL SIMPLE terms it creates a private network on your side of the
router. And if you turn off DMZ (don't ask, just do it) then unsolicited
traffic from outside your private network are toss aside.

>> There are large number of computers probing EVERY address possible
>> on the Internet to see if you respond.

> Why is this allowed to even happen? This is one of my big complaints
> about the Intenet as it's presently set up: It's designed to be so
> "open" that anyone can do anything. The computer dreamers and
> idealists want it this way. This was fine in a narrow world of the
> very early days, but not fine in an anonymous world of today. (Other
> explanations would be appreciated).

While I'm typing this I'm also working on two office networks across
town. I need to get in via unsolicited traffic. When you surf to a web
site, you're sending them unsolicited traffic. You're asking them to
send you back a web page. They didn't call you first to ask if it was
ok. What I call a probe is when another computer sends you an
unsolicited request, say a request for a web page. Depending on the
response from your computer if may decide you have a system running
with a software bug that can be exploited and it will then try to
exploit that code. Stopping all of this would be like asking the phone
company to beep out all curse words. It's like looking for needles in
needle stacks. What has been done and is being done more and more is
to stop allowing residential systems to offer up what are
traditionally called server services and block those. But that leads
to other problems. Think of the phone company not allowing residential
lines to conduct commerce. Well what about yard sales or selling your

>> In a perfect world your computer would ignore these probes. But due
>> to bugs in the various operating systems it is possible to find a
>> bug that allows data sent in the probe to overwrite part of the OS
>> and when that section of the OS is used the injected code takes
>> over.

> I don't understand why bugs would allow this to happen. To "answer
> the door" means (1) the computer program has to know when the doorbell
> is rung and (2) then execute a routine to answer the doorbell, and (3)
> respond to the doorbell request. In other words, there is software
> intentionally written and included to respond to outside probes.
> Since probes are dangerous, why do we allow this? Why don't we
> disable the entire "door bell" process?

> Again, I suspect the answer is this process makes for easy
> automation, but maybe you or others could explain it better.

I go to your house. I ring your door bell. I wait a few minutes. If
someone answers I ask for Mr. KLLDJSF and apologize for bothering you.
If I get no answer and dogs don't start barking I try the door knob. If
it's unlocked I wander around to the service utilities and unplug your
phone line. Maybe your power. I then walk in the front door and pick up
a few things then leave. If I want I replace your computer router with
one of mine which has some interesting things hidden in it. Or maybe put
a wireless tap on your phone line so I can listen or sell overseas calls
on your line at 3 am.

The key point of all of this is that each and every house I "hack" takes
time and money. To break into 1 computer and install a bot takes time
and money. To try for 1,000,000 takes only a trivial bit more time and

>> sets things up to run at startup,

> I know computers have a start up routine, I have changed mine for DOS
> purposes. But why should the start up routines be allowed to be
> modified automatically? Is it that hard to require the human to
> modify the routine himself (or authorize said modification)?

It's very hard to design a perfect system. Especially one that does what
you want and not what you don't want. DWIM buttons are very very very
hard to implement.

And a lot of this comes from the early days of computing. In theory you
can design a ring of protections. But early PCs didn't do this as it
kills performance and memory requirements and so gets left out of early
designs. And PCs which require a full time operator like a S360 don't
sell very well.

>> And does all of this in a way such that you don't notice it
>> happening.

> Maybe we need operating systems that make it impossible for the human
> not to notice things are happening? Or would that create a flurry of
> warning messages? (I must admit I turned off my browser's warnings
> about confidential start and confidential stop of data. This comes up
> when I log on or enter an order on-line.)

Bingo. People don't want to be bothered. TNSTAAFL They had to scale
back on the warning in Vista due to complaints.

>> 2. You visit a web site or read an email that does basically the same
>> as #1 but is based on bugs in your Internet browsing software. The web
>> site (or AD on the web site) or email contains HTML code that exploits
>> a bug and allows code to be inserted into your system.

> That really bugs me. As far as I know, Internet browsing software
> should be READ ONLY with restrictions. It should be extremely limited
> in what it allows an external site to do on my machine. I dislike the
> idea of any site's -- even a 'trusted one' -- running their programs on my
> machine. How do I know their programs are not buggy even from a
> "trusted" site?

Turn off all the extended things like Javascript and see how far you
get. You can't do online ordering, banking, and none of those fancy
dance bear displays will work. Dull loses to dancing bears in the
marketplace every time.

Sound like you want a Lunix box. :)

>> 3. Social engineering is where a pop up or email says click here and
>> you WIN, GET, etc ... a million, prize, etc... and what you are
>> clicking is a program (often disguised as a graphic) which install a
>> BOT on your computer.

> Why do browser writers create this kind of capability?

So you can click on a link and get taken to a web site. You can turn
this off but most folks like the results.

>> If you surf you may be exposed. The only way to stop this is to
>> disable java, activex, javascript, etc ... Which in todays web, makes
>> for a very restricted experience.

> This is very frustrating. When I got my new machine at work I disabled
> all that stuff. Then I found I couldn't browse anywhere since everyone
> required it. Why, I don't know, it seemed sites were plenty able to
> present information in an attractive way before those fancy features.
> Further, my employer has me use sites that require fancy stuff. At
> least my browser warned me clearly when I turned that on of the risks.

> The rest I'll continue in another reply.

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: DLR: "Software and a Perfect Society"
Go to Previous message: Associated Press News Wire: "Yahoo Mail Gets Makeover"
May be in reply to: Paul F. Roberts: "Spammers Jump on Latest MS Hole"
TELECOM Digest: Home Page