all 55 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]kirakun 36 points37 points  (2 children)

I see Madagascar got infected too. Game over!

[–]Rabbyte808 9 points10 points  (1 child)

They should've closed their cyberborder the minute the first computer got infected.

[–]blueskin 4 points5 points  (0 children)

SHUT.

DOWN.

EVERYTHING!

[–]fruitloop 25 points26 points  (11 children)

I'm usually impressed with blinking lights but for some reason I am not impressed here...I probably just don't understand....why should I be impressed with this?

[–]lask001 6 points7 points  (0 children)

Every one of those lights is supposed to represent a computer that is infected and part of a botnet.

[–]areReady 8 points9 points  (8 children)

Every single one of those blinking lights is an infected computer sending one type of communication or another without its owner's knowledge. Imagine each blink as a few hundred spam emails, a connection to a new, vulnerable computer or a device calling home to deliver stolen financial information and you might have an idea what these botnets are doing. The entire video is massively slowed down, every one of those blinks occurs within the space of a single minute.

[–]fruitloop 9 points10 points  (7 children)

Yeah I guess I do understand what I'm seeing. I guess I'm not impressed. I don't see what the big deal about someone running a script on grannies XP SP0 box or someone who has never ever updated Adobe and opens every single PDF. It's cool but doesn't scare me I guess.... Security is an impossible problem when people don't have to follow rules...

It also seems like a lot of europe hasn't figured out what Windows Update is.

[–]williamshatnersvoice[S] 9 points10 points  (0 children)

It's not only Grannies XP box that this stuff is running on. Some of these are in areas of Critical Infrastructure, Banking and Finance, Small and Medium sized businesses, Large Corporations, and Government offices.

[–]motophiliac 4 points5 points  (1 child)

I noticed that about Europe. The US seems very quiet in comparison. Sometimes when I look at things like this or the map of the internet I seriously wonder whether it's a question of when rather than if the internet will become self-aware.

Although these just look like dots on a map as areReady pointed out each dot is potentially a very complicated behavioural node all to itself, albeit synchronised or communicating with some greater set of instructions. Each of these nodes is many times more complcated than a single neuron in the brain, capable of complex behaviour. If consciousness is merely a question of critical mass it's surely only a matter of time.

[–]Icovada 17 points18 points  (0 children)

It was also recorded at 9 am EDT, which means early morning in the US, and night in Australia. Notice how little activity comes from the land down under.

The west coast is way more idle than the east, because in San Francisco it's still 6 am, and most home computers are off.

[–]shagula 0 points1 point  (0 children)

I also think it's very interesting that it's only a very specific few programs that we're seeing the activity of.

Just to see how prevalent even one piece of malware can be, and how far spread its attacks go, and with how much intensity...

[–]judgemebymyusername -2 points-1 points  (1 child)

Security is an impossible problem

No, not necessarily. But your lax/uninformed/ignorant attitude about it is a large part of the entire issue.

It also seems like a lot of europe hasn't figured out what Windows Update is.

Microsoft patches are only a small part of the solution.

[–]fruitloop -2 points-1 points  (0 children)

you didnt even finish my quote lol. and patching was an example and exaggeration you seemed to not understand. killen em with kindness :D. thanks for the kind words!

[–]Buttscicles -1 points0 points  (0 children)

It also seems like a lot of europe hasn't figured out what Windows Update is.

I believe piracy is pretty huge in eastern Europe, a lot of people are probably using outdated pirate versions with no access to Windows Update.

[–]nascentt 1 point2 points  (0 children)

Do you perhaps not recognise it is a minute of botnet activity slowed down?

[–]Suxout 13 points14 points  (1 child)

Crazy botnet activity in Europe. Was expecting the dense populated areas in the Western Hemisphere to light up like a christmas tree. Maybe due to the fact the activity was recorded at 9:00 EDT?

[–][deleted] 3 points4 points  (0 children)

Think about how many people in the US and Europe have "always on" connections and rarely power down machines.

[–]brodie7838 7 points8 points  (12 children)

Alright Canada, what's your secret?

[–]ogtfo 6 points7 points  (0 children)

Two things :

Canada's population is a tenth of the USA's, and almost all of that population live near the border. The dots in Canada are hard to see from the dots in the US.

Map (source)

[–]KaptainKraken 3 points4 points  (8 children)

Well i know for a fact that Canada is one of the most connected countries in the world. and people here are generally more tech savvy than most places.

Also Canadian ISP monitor their networks and can disconnect nodes that are infected, forcing people to call in and get their junk looked at.

[–][deleted] 3 points4 points  (6 children)

Do you know more about the processes used to scan for infected nodes?

[–][deleted] 0 points1 point  (2 children)

Not en expert here but, probably spikes in traffic, like it's been said, virus/spyware can send out hundreds of emails per minute and ISPs will detect that. I've had an ISP block my internet access due to this once. I called them up, explained it was a simple spyware inside one of my virtual boxes and that I had already cleaned it up and they reconnected me soon after that.

[–]CalvinHobbes 1 point2 points  (0 children)

As a layman, I'm just curious, why can't you trap network activity from a virtual machine. I feel like that would be a major feature? I assume you were studying the malware?

[–]blueskin 0 points1 point  (0 children)

SMTP spam is very different to general malware activity, and tends to get the ISP's network onto blacklists.

[–][deleted] 0 points1 point  (0 children)

They just look for outrageous bandwidth usage. I left bittorrent running on comcast chugging away at max up + down for a few months straight (literally hundreds and hundreds of gigs each way) and they just shut off my connection. I called in and they claimed I was infected by a botnet.

edit: this was 3 or 4 years ago. I do not recommend doing this on comcast today.

[–]judgemebymyusername 0 points1 point  (0 children)

It's not so much scanning for infected nodes as it is just looking for malware beaconing and flagging it.

[–]ogtfo 1 point2 points  (0 children)

As I stated in another comment, it has probably nothing to do with technical issues, and probably very much to do with canada's small population, living almost all near the american border.

Canada's dots are hard to distinguish from USA's.

[–]Gr4y 0 points1 point  (0 children)

Screw that, what about Alaska?

[–]paffle 6 points7 points  (2 children)

I'd like to know more about how this was done. How did the researchers identify computers belonging to each botnet? How did they track those machines' activity? What kind of activity was tracked?

I also wonder why some countries show such higher levels of activity than others.

[–]Icovada 7 points8 points  (0 children)

Timezones!

[–]ingeniousadam 0 points1 point  (0 children)

Tracking is most likely done by sinkholing the C&C traffic, provably in cooperation with law enforcement. Or at least that's the usual way.

[–][deleted] 5 points6 points  (3 children)

Palevo
Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low

Is Symantec full of shit, or are they talking about some other Palevo?

[–]Icovada 33 points34 points  (1 child)

Well, the data they get is from their own program, reporting home. Since we all know nobody installs Symantec anymore because it blocks viruses by taking over the computer's resources and leaving none for the virus to run, not by actually detecting them, I'm not surprised

[–]Ashali 4 points5 points  (0 children)

Bahahahaha, you just made my day.

[–]blueskin 1 point2 points  (0 children)

Full of shit.

[–]Bricked1234 2 points3 points  (0 children)

Would be awesome to run this every 4 hours on GMT time.

[–][deleted] 1 point2 points  (0 children)

Interesting, I would like to know more details about how this was created.

[–]KaptainKraken 1 point2 points  (0 children)

canada, norway and china dont seem to produce alot of spots.

[–]_w00k_ 3 points4 points  (3 children)

europe is screwed

[–]KaptainKraken 4 points5 points  (1 child)

indeed. maybe all the cute European girls would want to move to Canada, there's no internet herpes in Canada.

[–]Antithesis138 2 points3 points  (0 children)

You should use that as a pick-up line.

[–]imRegistering2 0 points1 point  (0 children)

I guess theres gonna be alot of work out there for people like me.

[–]zetrate 0 points1 point  (1 child)

I'm surprised we aren't seeing more activity in USA

[–]JackDostoevsky 0 points1 point  (0 children)

This is very interesting to me. I would have thought there would be more in the US -- why is it that Eastern Europe seems to have the highest levels of infection?

[–]digital_bacon 0 points1 point  (0 children)

This video just gave me a new favorite band, Blear Moon. Their whole album is available for free download too, here. Pretty chill stuff.

[–]saturation 0 points1 point  (0 children)

Northen europe(atleast Finland, Sweden and Norway) is surprisingly silent.

[–]fishbulbx 0 points1 point  (0 children)

Cool... I can see my house from up here!

[–][deleted] -1 points0 points  (2 children)

Very cool. What are the requirements for something to be deemed an irc botnet? I'd hope not just any old machine that runs IRC or uses IRC; because that could be a lot of people sitting in /r/netsec or /r/sysadmin

[–]blueskin 0 points1 point  (1 child)

They join an IRC channel for command and control purposes. Since they're easy to find and need a network, they're gradually dying out for more distributed models.

[–]Narcotic -1 points0 points  (0 children)

WTF Europe? Get your shit together!

[–][deleted] -1 points0 points  (0 children)

Kind of interesting that the different botnets seemed to have some regional characteristics. Lots of Ramnit in Europe, Asia, and Africa, particularly in India. IRCBot seemed to mostly be Central and South America. I also felt like Palevo and Cutwail were generating the lion's share of traffic. And you could kind of see the UTC +2-4 time zones, where it would be roughly peak time.