I absolutely agree. I was astonished to find out if you have information on your computer that could be incriminating evidence against a hacker (individual) to a whole group of social network engineerss that the law can provide little help. It appears that the owner of the infected computer ,in all eydoes not own the information that is put there by third party criminals.. It seems to me that law enforcement is way to complacent to criminal activity on your PC. That may be where your first problem starts. Simply because as a part of their chain of command it goes to the local yahoo's who have less knowledge than yourself. People who utilize their computers for much of their daily operations understand and know when computers are not "acting" right. I think that in addition to this research the first real way to understand this is as simple as start listening to the public. Giving them the benefit of the doubt and using them to gain the experience and knowledge to how this thing works. You can sit in a predetermined environment and monitor all the computers you want but until some of these people deal with it on a first hand basis (by being a part of it).....research will continue to stay behind. The time window in which a good guy has to infiltrate this (much like the zero day attacks....) is limited to the first discovery made within the active bot. About the only thing that gets a serious take are those who believe that child pornography is being passed through their computers. That is sad. Although, I do think that is one of the things the bot net is used for.... it's far from the only thing.
I am a home PC user. My PC is used for personal use mostly. I also use another computer in my home for a business in which I do research for companies for underwriting and background checks for commercial professional liability insurance. It affects me in both aspects of my life. Another problem is the lack of education. There is no clear way to learn anything about this bot net and how it operates. How can you fix something that you know more about than the people who actually call themselves experts. It is very FRUSTRATING to me. Maybe it is because they do not know enough to educate the public. I think the only way they are going to gain a competitive advantage is to observe activity by monitoring complaints. I am sure like myself that there are people who would gladly allow a third party expert or gov't agency the free will to tap in and monitor activity. Today is the first time I have even read that it operates two tiered. Also, I read that for the most part it lies dormant until it's predetermined and programmed time comes. People who are on their computer enough know exactly when it starts and stops. It actually is pretty predictable as far as the time, the type of activity, and the type of communication transportation it uses. I have to give it to them.... they have managed to stay under the radar by operating in sections that does not trigger a network wreck. What I find funny is this research they embarked upon on the "fighting back" idea is clearly outdated. I am not saying my computer is affected by the "storm" bot. On the other hand, it is infected with something (undetectable mind you) that is fairly large. Let me tell one thing about these little bot's....they have a personality. Ah, bet that is not something you have heard before......they will allow the user to interact somewhat in a normal environment while its happening....but when it gets tired of you messing around with its orders it will distribute a denial of service attack on home users as well. When it does that your pretty much rendered helpless. You can't get on a network inside your house. Not even a hot spot network that is present during the attack. Took me over a year to figure out what was happening. The only way you can disrupt it on an individual basis is to pull the cord from the back of the computer. If you go through normal shut down procedures or standard restart (which it expects) it can control what happens next by pre-written commands in the bios. The only thing it can't compete with is the sudden shut down by a user during an attack. The best data I have found on my computer is when I power back up right after a "power failure". I suspect the orders are sent by way of script. Script that sits in the font of your computer. Orders are executed and changed through this active script that will then hide itself in OS files that cannot be deleted or easily found. Another thing that makes it hard to find is that it looks like any other harmless font on your computer. The naked eye would never be able to establish a clear idea of what is bad or normal.
I apologize for the length of this reply as I just need some useful information that I can use to feel in control of my situation. What I would like to know is there any thing the home user can buy, run, or do to see if the suspected activity is in fact related to a bot net?There is no commercial software that will detect what I have on my computer. AND I HAVE TRIED IT ALL.
Another thing I would like to leave for those who have wondered or looked for articles on signs and symptoms. The best I can tell from what I have is this.
It does not operate all day long from any one computer. Most computers are programmed with a time frame that they share with another group of computers. They work together for a certain time to carry out their "their part". Sometimes it is as if it runs off a clock while at others it is triggered by emails which look like spam. Usually a significant change in email delivery sound. It sounds louder and comes in really hard. Users can detect a really infected computer as it almost becomes unstable and out of control(during the attack only but will run normal other times). Font will become blurry on the computer. It will also appear to move or jump. Some of these hackers are nothing more than script kiddies and need a third party GUI interface ( AOL messenger yahoo and msn) to make it work...the less novice hackers do not need that. Aside from a significant slow down in computer speed, one might likely experience messages from web servers that you have "timed out", "forbidden" or you are not connected to the internet. (but only during the time the attack is working). In theory your really not. Most infected PC's have one thing in common the owners administrative rights are revoked or limited on a lot of things you can operate. It is much like you are using a company intranet instead of a public Internet.
What I am hoping to do with this post is to make the "average" user aware of things that are not normal. If something does not seem normal ...pay attention to it. Because this thing only operates for minutes a day on each home user and it should be noted. Most often the time is the same and the patterns are predictable. That is.... once you realize something is wrong. I have lost more hard drives trying to compete with what ever I have.... so I would not advise taking matters in your own hands.. Raising public awareness is THE ONLY way possibly to defeat this. These people are smart enough to remain below the radar ...don't you think they are smart enough not to end up on the nightly news? They have remained at the levels of hard to catch because they are selective to who they choose to deal with. Most users never come in contact with anyone other than executed commands. But, the naive like myself have made it easier for them to stay undetected. They are also using kids in gaming rooms and other areas. They prey on kids much like the pedophile does (and suspect in some situations it crosses over to that ) but for different reasons. Children in their lack of computer experience and willingness to trust make them a highly sought vehicle of choice to carry out their crap. However, its still explotation and should be penalized as such.
If this post only reaches one person who feels like I have...then it will have been worth the time it took for me to type it. Maybe if enough people read this and take notice of things that don't seem "normal" or "right" you might find that it has a pattern and worthy of observation. Maybe then finally enough information will come forward that can help to eradicate these criminals. These people have no conscious....therefore, no guilt...and sadly, no remorse. Even the ones who get caught imply the only remorse they have is that they got caught.
REMEMBER THIS...... first part of the next paragraph.....it's a valuable key to the situation.
There are few and very few select individuals that are in direct contact with these criminals...the actual controllers (most have no idea and some may refuse to acknowledge) I am not sure what constitutes the interest in certain lines within the operation..but its very limited, obviously. I suspect that just like the controllers the users are defined by levels as well. They are tiered to their position within the so called "network" It runs much like how a corporation does. It is a corporation in that the design mimics the outline of how a corporation sets up their infrastructure. Only difference is the ambiguity of the server locations and transfer of data that is bounced around.
-jrw
