lol. Which security hole? The one realized between 1:10 and 1:15pm six months ago or one of the ones every 5 mins since or before then? FLASH: Just say no.
http://www.bbc.com/news/technology-33542490 "Twenty-eight people have been arrested." "The FBI added that dozens of other people linked to the site had been charged or had their property searched as part of the inquiry." "He added that the forum's visitors included members of Lizard Squad - a group of hackers which has carried out high-profile attacks on Sony, Microsoft and others."
Not to give those kiddies more publicity than they deserve by talking about them (which is really what they want), but the primary loser who was attacking Smed has allegedly fled Finland Mommy and daddy must be so proud.
Can netbots really infect someone through Flash? Wouldn't Verizon detect it if my computer was being used in a DDOS?
In a word: Yes. In two words: Hell yes. Flash had three 0day exploits found in one week. Two of those were in exploit kits being used in the wild. The infection vector is usually flash advertisements. They use a stolen CC to buy a few hundred thousand impressions through an ad network, and upload a malicious ad to be run. That ad will attempt to execute its malicious code to download and install the actual program that turns a PC into a bot. Probably with some other programs that attempt to extract from money from the host like cryptolockers, key loggers, fake spyware/virus detections, etc. As for verizion detecting you being a bot, maaaaybe. But mostly, nope. They do have checks for bot-like behavior, but that's about a 5th line defense and not a good way to identify infections.
When I looked for programs that might detect them, they were trial versions for professionals. Seems to me if bot detection were included in say, a free version of Malwarebytes, we could take away the food supply for DDOSers.
Anti-virus programs would be the ones to remove/prevent infections. There's definitely some crossover between things removed by AVs and anti-malware programs, but these tend to be a deeper infection than what malwarebytes covers. There's no simple answers to killing botnets, it's a complex cat and mouse game, with the botnet side always having an advantage.
DDOS attack come from punk kids who have too much time on their hands. Which they really need those hands chopped off.
It only takes one to activate all the infected computers. Biological population control theory, fertilize the male who can impregnate 100000 females. We can't do that because there will always be script kiddies. So we have to take away their food source.
AV can protect you from known issues. Theoretically it can prevent unknown issues, but it's track record is bad at that (and it spends most of your computers power trying to do so, with a million false positives). By the time an AV product can prevent an infection, usually a software patch is available that will prevent it as well. It's generally easy to avoid infection. Don't use suspect software. Flash is pretty bad. It's like the RealPlayer of the 21st century.
True story. I got a survey from Microsoft the other day and it used Flash. In the comments section, I wrote, "Flash? Really Microsoft???"
If you're not sure, follow all of these. If you understand more, you know what bits can be left aside.
Ok, I lied. Change passwords frequently is just dumb if you're following the other advice of having strong and unique passwords. Changing passwords is protection against your weak, reused passwords being pwned and used against you. All it does is encourage people to use easier to remember passwords because they think changing PWs every week is somehow more secure than using unique PWs on every site. Completely pwned = completely pwned. For anything less, a password manager lets you use complex and unique PWs for each site in a way that is easy and convenient.
It lets you use extremely strong passwords everywhere, and you only have to remember one very strong password to unlock your password list. So as long as you can remember one very good password to unlock your list, you can use random gibberish everywhere else that nobody could possibly guess and you don't have to remember.
