“In their persistent quest to breach the Internet’s defenses, the bad guys are honing their weapons and increasing their firepower,” John Markoff reports for The New York Times.
Markoff reports, “With growing sophistication, they are taking advantage of programs that secretly install themselves on thousands or even millions of personal computers, band these computers together into an unwitting army of zombies, and use the collective power of the dragooned network to commit Internet crimes.”
“These systems, called botnets, are being blamed for the huge spike in spam that bedeviled the Internet in recent months, as well as fraud and data theft,” Markoff reports.
Markoff reports, “Although there is a wide range of estimates of the overall infection rate, the scale and the power of the botnet programs have clearly become immense. David Dagon, a Georgia Institute of Technology researcher who is a co-founder of Damballa, a start-up company focusing on controlling botnets, said the consensus among scientists is that botnet programs are present on about 11 percent of the more than 650 million computers attached to the Internet.”
Markoff reports, “‘It represents a threat but it’s one that is hard to explain,’ said David J. Farber, a Carnegie Mellon computer scientist who was an Internet pioneer. ‘It’s an insidious threat, and what worries me is that the scope of the problem is still not clear to most people.’ Referring to Windows computers, he added, ‘The popular machines are so easy to penetrate, and that’s scary.’
Markoff reports, “So far botnets have predominantly infected Windows-based computers, although there have been scattered reports of botnet-related attacks on computers running the Linux and Macintosh operating systems.”
MacDailyNews Take: Stop right there. Markoff reports of “scattered reports of botnet-related attacks on Macs” and leaves it at that, but we would like to know more. Where did these “scattered reports” originate? Were they accurate? If so, were these “attacks” actually successful? Yes, we’re highly skeptical. There have been “scattered reports” of Bigfoot-related “attacks” on people, too. Does that prove the existence of Bigfoot? We wonder, did Markoff include this sentence based on proven fact or as an attempt to soften the blow struck against Microsoft’s Windows by the Carnegie Mellon computer scientist he quoted in his previous sentence? Do you have any proof of any Mac OS X-based botnets in operation today or at any time, Mr. Markoff?
Markoff continues, “Some botnet-installed programs have been identified that exploit features of the Windows operating system, like the ability to recognize recently viewed documents. Botnet authors assume that any personal document that a computer owner has used recently will also be of interest to a data thief, Mr. Dagon said.”
Markoff continues, “Serry Winkler, a sales representative in Denver, said that she had turned off the network-security software provided by her Internet service provider because it slowed performance to a crawl on her PC, which was running Windows 98. A few months ago four sheriff’s deputies pounded on her apartment door to confiscate the PC, which they said was being used to order goods from Sears with a stolen credit card. The computer, it turned out, had been commandeered by an intruder who was using it remotely. ‘I’m a middle-aged single woman living here for six years,’ she said. ‘Do I sound like a terrorist?’ She is now planning to buy a more up-to-date PC, she said.”
Full article here.
[Thanks to MacDailyNews Readers “Whit” and “j.c” for the heads up.]
MacDailyNews Take: She ought to be planning to buy a Mac:
“By default, Mac OS X does not ship with any network services running. None. Not a one. Out of the box Mac OS X is not sharing files, running SSH, sharing its printers, or even exposing the CUPS configuration page to anything but the loopback port — and most consumers are running it in that default configuration. If you portscan a fresh install of Mac OS X, you get bupkis,” Adam Knight wrote for Mac Geekery back in April 2006.
Knight explained, “Contrast this to Windows, or even many Linux distributions, where services are run on the public ports by default. Doing this opens the machines to network-based attacks such as overflows and injections and whatnot. That’s what lets so many Windows machines become network zombies. Because the Mac ships with nothing running, there’s no door to get a foot into, and even with outstanding security issues for the local side, the system is secure enough on the public side that your standard machine is safe.”
Full article here.
Contact info:
To send comments and suggestions (about news coverage only) or to report errors that call for correction: nytnews@nytimes.com
John Markoff: markoff@nytimes.com
[UPDATE: 11:45am EST: Added contact info.]
Fud!!!
Thats Mr Fud to you, or just call me Elmer
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
Is ignorance (99.9% of journalists these days) really FUD? FUD is done on purpose for your own benefit, Markoff is just another lazy journalist. I can’t imagine why newspaper reading continues to drop, TV news watching continues to drop with the word journalist hardly applying to anyone anymore. Yet, “they” claim it’s because the public is ignorant (LOL!) That’s what is more sad than claiming this as FUD. You can’t write FUD, if you have no clue about what your writing.
Corruption of all things Mac is just around the corner. By this time next year, it will threaten the very existence of tiny market share Apple. Brace yourselves.
Sounds like the global warming people: “some scientists say… “scientists report…”
They seldom give names and specifics.
Also, I’m amazed how some people smear Macs by dragging Apple into the PC sewer without facts. These are the same people who would claim a Nobel Prize winner “might have cheated on college exams…” this stems from ENVY folks, just plain dirty envy
Is this the same John Markoff about which scattered reports of him loitering by public toilets frequented by perverted old men seeking anonymous sexual gratification circulate?
I thought so. Gotta be careful about them “scattered reports.”
MW: “Kind,” I’m not to those who play loose with the news.
This is how it’s done in jounalism. This is simply a technique used by the biased mind. Just a little FUD smeared on the underside of the readers cerebellum.
It’s done in politics all the time but in regard to the Mac it’s called Mac-Envy. Oh, yeah…red hot envy. It’s a severe rash that exists in the kishkes and particularly far and away up the ass of many tech writers like Rob Enderle.
There are times when the veil is flung aside and the venom really spews like the recent Enderle options article. so sad. such a sad, sad man.
Well, it’s true in a sense. Macs have been attacked by botnets. So have computers by Sun, HP, and every other machine attached to the internet, because botnets attack EVERYTHING while looking for new hosts to infect. Obviously there is a glaring omission here, no Mac has ever been SUCCESSFULLY attacked by a botnet. Sure maybe a botnet could flood a Mac’s IP with a DDoS attack. But this isn’t what the article implies.
Journalists are taught that nothing is Black & White. Windows can’t be all bad and Apple can’t be all good…. which is actually true. However, the mistake they make is taking that attitude of equivalence into specific areas of performance. These writers have been taught in college that if they are going praise someone that have to find others to praise in the same sentence. Conversely, they can’t damn someone or something without implying that the offender is not alone in being offensive. I frankly dispise this type of wishy-washy writing; one that cannot single out someone for praise or scorn without blunting the message by bringing others into the arguement. Yes, I know that nothing happens in a vacuum, and stories need context. But those that really know this story about botnets know that IF linux and macs are involved, it is an insignificant fraction of a single percent. The writer should have had the courage to let the indictment against Windows stand alone. His article would have been of more value . Really! What are we, as readers, left with? Uh… computers are used as botnets. Gee, what’s the solution? Uh, I guess I’d better buy a newer model like that lady in the article is going to do. Why even write if you are so afraid of offending that ultimately whitewash over the problem and don’t spotlight the culprit?
“…there have been scattered reports of botnet-related attacks on computers running the Linux and Macintosh operating systems.”
If you parse the sentence carefully, he is saying there have been *attacks* on Linux and Mac OSX machines, not infections. If he wanted to keep up the NYT reputation for careful reporting (deserved or not) he would have continued, “however there have been no reports of these attacks having been successful”
“So far botnets have predominantly infected Windows-based computers, although there have been scattered reports of botnet-related attacks on computers running the Linux and Macintosh operating systems.”
Obviously, this statement needs clarification – something beyond the ken of many journalists. Botnets may indeed “attack” non-Windows systems, trying to take them over, but fail. Non-windows systems can also be flooded by spam generated by compromised systems, or be subject to denial-of-service attacks. But it’s another thing to be compromised itself.
Apropos, I once connected my Mac OS X through my DSL to Gibson Research (grc.com) to check for open ports. NOTHING was open. According to GRC, my Mac is effectively “invisible” to an outsider.
Yes, that poor middle-aged woman, after losing her PC to compromise, should have purchased a Mac. (Ignorance is NOT bliss.) I did work for a colleague’s Toshiba laptop recently because it was “crawling”. I detected about 12 pieces of malware running on it, though “protected” by anti-virus and anti-spyware software. The woman’s new “up-to-date” PC will eventually fall as well.
MDN:
Outstanding commentary.
Have you forwarded this to the NY Times?
Do you have contact information?
This isn’t the first time that Markoff has pulled this stunt, so I think it is time to pull out the heavy artillery.
Maybe we can get NY Times’ David Pogue to comment/try and straighten out Markoff/put a comment/question on his blog.
Work to do here…
Don’t be too concerned about FUD, about statements like “Macs have been attacked also”. The truth eventually comes out. But as in most situations many people will never know the truth anyway because they are either ot interested or just don’t want to know something that disagrees with their preconceived ideas.
Just enjoy using your Mac and it’s not being infested with viruses and all other forms of malware. Apple is growing and Macs are not going to dissapear so don’t worry about trying to increase Macs market share and don’t worry about other people not knowing the truth about Mac security.
Joe Blow – while you’re quite right in saying that the truth will eventually come out, it never gets reported in the way that the original FUD was reported and is generally ignored by those who made the most noise in the first place.
The BBC has now three times published reports of the first Apple virus. By definition at least two of those stories must be incorrect and in fact, all three were, but that doesn’t mean that they won’t print the same sort of headline again when the next FUD comes along.
Actually, Mac’s ARE being attacked by botnet’s.
How?
By the increasing number of spam emails sent to us by insecure Windows machines.
I hope David Pogue goes and knocks on his door tomorrow…
“What’s this I hear about you saying there are Mac botnets running? I want to write this up because you know, you have got one big item of news here. No-one including me has found anything like this before on Macs, so better let me have the details so it can be written up in detail..”
“What? There aren’t any? You have no evidence? Why did you write that then?!”
“What? Because you felt sorry for Microsoft Windows getting all the bad press??!?!?! You wanted to be fair?!?!?!”
“Oh, that’s the Editor on the line is it. He wants to see you in his office now hmmm. Want me to come along too?!”
Truth, objectivity, investigative powers. All badly lacking.
Unfortunately, someone like Pogue probably won’t do that because, if he does, Markoff will trash him around the water cooler and all the other reporters will avoid Pogue like the plague. Why? Because they all know they’ve been sloppy at times and don’t want this approach to become standard operating procedure. So, knowing nothing about Pogue, I bet he’ll mind his own business. Then all the reporters will continue to gripe about how uninformed most average folks are and how readership is dropping.
“Scattered reports.” Why was that line even necessary in the report, except as FUD?
It may be possible to create such malware that affects Mac OS X, but until it is demonstrated (out in the real world), I’m not going to worry about it. Besides, Windows is such as easy target, why would the creators of malware even bother with a tough nut like Mac OS X. Based on “scattered reports,” Windows Vista does not seem to be any better against such attacks, so we’re good for a few more years.
Mark off Markoff
Here is what Mr. Markoff replied to my email
http://blog.washingtonpost.com/securityfix/2006/03/when_macs_attack.html
by…..Brian Krebs
Mr. Markoff uses a blogsite for his story information….is this a good news source????
“Dont believe it? go download Kaiten and compile it for yourself.”
And enter your admin password to install it and run it. SHEEEESH!
Going back to Mr. Krebs original story, the problem is that David Taylor says he doesn’t discriminate based on OS but then he contradicts himself by reporting to Mr. Krebs about a botnet that is distinguished by the OS (Linux and Mac OS X), instead of just saying it is a php flaw that can run on any OS.
So David is being disingenuous.
The comments are closed over there, otherwise, I would’ve responded on Mr. Krebs blog.
Hi my Name is Markov and I’m a Wanker. I intentionally wrote this sentence in order to mislead people with my crafty use of the words INFECTED, ALTHOUGH, and ATTACKS.
“So far botnets have predominantly infected Windows-based computers, although there have been scattered reports of botnet-related attacks on computers running the Linux and Macintosh operating systems.”
I admit I had help though. I got it from my Editor and Brother, Jerkov.
-Markov
Which way could you create your perfect story related to this good topic I wonder? The dissertation writing service would hire writers as you to do the essay thesis finishing. So you could have a good chance to join the group of professionals.
Some essays writing services do fantastic custom essay paper referring to this good post and the fantastic issue simply about contact us, some students will surely get without money!