The Register is reporting on the takedown of a botnet once responsible for 1/3 of the world's spam. The deed was done by researchers from the security firm FireEye, who detailed the action in a series of blog posts. PC World's coverage estimates that lately the botnet has accounted for 4% of spam. From the Register: "After carefully analyzing the machinations of the massive botnet, alternately known as Mega-D and Ozdok, the FireEye employees last week launched a coordinated blitz on dozens of its command and control channels. ... Almost immediately, the spam stopped, according to M86 Security blog. ... The body blow is good news to ISPs that are forced to choke on the torrent of spam sent out by the pesky botnet. But because many email servers already deployed blacklists that filtered emails sent from IP addresses known to be used by Ozdok, end users may not notice much of a change. ... With [the] head chopped off of Ozdok, more than 264,000 IP addresses were found reporting to sinkholes under FireEye's control..."
Only two command server were found to be located outside the USA. So does it mean that shutting these servers down would result in a complete botnet shut down? Keeping in view Ozdok's multi layered fallback mechanism the answer here is 'no'.
and
After seeing all these fallback mechanisms, it doesn't look very easy to kill Ozdok in one go but hurting this beast might not be that difficult.
I agree, of course. However, I was pointing out that the claim the title makes is false. A spam botnet has been taken down when it is permanently disabled. (And the spammers themselves at the least publicly taunted by John Cleese, but that is my personal opinion).
Another botnet is on the verge of picking up a good number of those systems. Within a very short while we'll see the spam levels right back where they were before. Anti-botnet activities are good when done in the name of anti-botnet activity, but they are weak efforts in the name of stopping spam. The way to stop spam is to fight it as the economic problem that it is; if people continue to go after the symptoms of spam like this they will continue to find themselves quickly thwarted.
Next thing you know we'll take the same approach to murder, theft, gangs, drugs, etc and soon we'll end up with a utopia... then how will the billionaires get $100 bills to light their $500 cigars???
Spam isn't so much an economics problem as a "some people are just dicks" problem. A lot of the problem with spam is the current system we use for email. It was never intended for such widespread use and has little-to-none in the way of authentication or security measures. You can encrypt emails for security sure, but it doesn't help get around the problem of spam..
Spam isn't so much an economics problem as a "some people are just dicks" problem
That statement is accurate only for those who believe that spam is sent out to piss you off. Perhaps the spam you receive is somehow different from the spam that is sent to me? The spam that is sent to my addresses is sent to sell various products or services. And why is the spam sent to sell products? Because someone is paying the spammer to send it.
Spam is a product that people are willing to pay for.
Hence spam is a economic problem, because there is economic incentive to send it. Billions or trillions of spam messages can be sent at nearly no cost to the spammer; very little business needs to come from those spam messages to make them incredibly profitable.
A lot of the problem with spam is the current system we use for email. It was never intended for such widespread use and has little-to-none in the way of authentication or security measures.
I have yet to see a proposed replacement for the existing email system that actually suggests anything that would make a bit of meaningful difference for spam issues.
You can encrypt emails for security sure, but it doesn't help get around the problem of spam..
I agree with you on that. Encryption isn't worth squat in regards to spam.
The way to stop spam is to fight it as the economic problem that it is; if people continue to go after the symptoms of spam like this they will continue to find themselves quickly thwarted.
Sure. Let's educate every farking idiot on the face of the earth. Just like we did with consumers the world over in every single city across the fruited plain. It's worked well for hundreds of years! "Buyer beware" and Heaven help you if you should get defrauded...
What's that you say? We didn't do that? Instead, we instituted "consumer protection" laws that require vendors to adhere to minimal standards of conduct and safety? Laws that prevent manufacturers from making unsafe cars and selling poisoned food? You mean, I can go into pretty much any restaurant and be confident that I probably won't get some terrible disease from poorly cooked food and un-refrigerated meats?
Yes, on the 'net, it's the wild, wild west, all over again. But now problems "over there" have become problems "over here", and suddenly, things like the sorry legal state of Nigeria and Somalia are in our face. Will we fix it overnight? No, but we will fix it. Sure, we'll never get rid of it completely - the Mafia still exists, and gangs still thrive in areas of the mostly controlled First World. (We can get greatly mitigate the gangs by legalizing their primary revenue stream, the drugs, but while related, that's another post)
The thing is that by legally controlling the terms of commerce, we promote healthy commerce. Outlawing commerce altogether has roughly the same effect of not regulating it at all - fraud and crime sets in, legitimate business moves out. To control spam, we need to control commerce, world wide. And that's a big, big problem that will take at least a generation or two to handle.
Seriously. Can someone please give me a reasonable explanation that rogue CnC servers and registrars are allowed to continue operations?
Because its actually the government who creates and controls these 'botnets'. They're used to spy on us since they have a computer on each end of each router meaning they can reliably trace data streams in foreign countries to their true original source.
Ok, so that wasn't necessarily accurate. But, I've heard on the low-down that the fellows who were working on Titan Ra
Why is some obscure security firm doing the job that governments should have done 10 years ago?
Exactly we hear about "researchers" even broadcasters doing this. But never about regular law enforcement... Governments don't appear interested it dealing with this. Probably because it isn't the (alleged) profits of the entertainments industry being affected.
We really need an analysis done and report made to the public security community. This is a unique chance to discover what are the real vulnerabilities to the mass of computing power on which criminals prey.
A federal or state level court needs to authorize the researchers to do such an analysis. Even a single state would be enough, if the zombie IPs can be reliably mapped to that state. I would envision the analysis to include:
- Make a full study of many individual zombie PCs: What antivirus, firewall, OS, applications, etc. are installed, including version numbers and a fingerprint (to identify whether they are super-vulnerable copies from warez sites, infected OEMs, etc.). - Monitor usage of a small number of PCs to identify what user habits lead to zombification, based on the theory that these PCs will become zombies of another botnet soon probably. What should be monitored, and for how long? - Contact (with law enforcement assistance) a small number of individual users to interview them. Publish anonymized interviews for representative cases so the public can better learn what constitutes dangerous habits. - Report anonymized individual representative cases, trends and statistics.
Discuss whether the defanged botnet should be used to destroy other botnets. Too much discussion would alert the other net owners. People could opt in based on a message sent to infected PCs, if the authorities support it, but unless those bots are hardened they might open the owners to retaliatory attacks.
At least, let's find out if antivirus really doesn't work, what habits led to botnet creation, and how can we alert zombie owners so they adopt more secure practices.
>more than 264,000 IP addresses were found reporting to sinkholes under FireEye's control It's not enough, those 264k IP adresses, should be sent out to a sort of ISP provider sanctuary where they need to contact the people who have the infected pcs, and tell them to clean their machines, just leaving the machines with a ongoing malware pinging back home, might still be able to get owned.
They need to take down those infected that they know is infected, and force those users to update or get fixed. They are a threat to the internet, and need to be delt with...maybe cutting them off the internet for awhile would make them call in their ISP and then they could be warned they had been owned, and need to clean their pcs. Any further attempts on their machines parts to contact that same "hole" would force them again to be locked out...until such time they fixed their machines, no?
Right...because the botnet was measured to be producing precisely 1/3 of the world's spam. I suspect that the original estimate was sufficiently inaccurate that more than one significant figure would not really be justified, let alone an exact value.
I'd like that too. Although, my IPCOP firewall with CopFilter installed has been killing 99.92% of the spam coming into our network. Really pleased with it.
On a more related note, would this be classed as vigilante justice? Justified?
I think its a cool idea for universities with security classes to study this kind of thing and 'bring it down - safely' as a project. I know I'd enjoy it.
It'd be a great project, though you do want to be careful, some of these viri are designed to do harm if disabled improperly, and some of these computers could be in situations where their failure could cause the loss of lives.
Again, not saying don't do it...saying do it carefully.
Identifying exactly what is infected and where would be a colossal task. Especially when you consider that you have to identify 'mission critical' hardware.
some of these viri are designed to do harm if disabled improperly, and some of these computers could be in situations where their failure could cause the loss of lives.
If you have a computer that could fail in such a way that lives could be lost, and the computer is in a situation where it has enough connectivity to the internet to form part of a botnet, then all bets are off anyway.
IMHO, the best way to resolve the botnet is to overwrite the bootsector (but not the partition table) and do a hard reboot. Easy to recover from and minimises the further damage that could be done. Also resolves the "lives could be list" problem.
You obviously don't work for an ISP, we have to drop SMTP-connections on everything which looks to much like a bot just because of the large number of connection that we get, so we're able to have the legit connections and because scanning all the content would just be to much to handle.
You would be amazed at the volumes of e-mail ISP's get. More then 98% of it is crap you don't want to receive.
Yeah, the Australian ISP that we go through (Telstra) actually forces everyone to use their SMTP servers to send email. According to a friend that works there, they do scan all these emails for spam content (can't confirm). I absolutely loath it. Although that doesn't stop anyone outside the country sending spam in.
How much of it actually passes an integrity/authorization check like dkim or spf?
Maybe if those were made more widespread we could do a good bit better job tracing and jailing these bastards......or blacklisting accomplice ISPs that don't give a rat's arse about the spam they are sending.
Well... first you have to find their command and control channels. Then you have to figure out how they work. Many times the command and control is both distributed and encrypted so it is very hard to "chop the head off"
Eh, depends what you're looking at. Other Botnets have been taken down, usually by physically arresting the hacker who started it. I'm sure that they've tried to stop other Spam Botnets before. They didn't actually STOP Ozdok, they just dented it a bit.
It's difficult to track how these things start because essentially you've got about a million breadcrumbs to go through.
Lets say you've got 3 computers, A, B, and C. A infects B, B infects C. There is no direct correlation between A and C, so you have to work your way all the way up the chain. Now imagine you've got a million infected PC's. Who infected who? How do you work your way backwards? There's lots of ways to do this, most simple of which is to look at the contacts and determine which of the contacts is infected. Then determine the time and date of which the infection occured (Date Modified/Date Created on the file). Whoever was first was who infected the others.
The problem with killing it is that it has a "multi layered fallback mechanism" - which is a fancy way of saying it replicates itself. It can do this by either having a secondary program or script copy itself back onto the infected PC when it detects the original infection is gone, or it can do this by RE-infecting any of the computers it was sent to infect in the first place.
I hope thats enough to make you stagger and wonder exactly how much damage they could have possibly done to this botnet.
Wiping their computers would slow things down, but it certainly wouldn't change anything. They'd be at it again as soon as they were back up and running with an OS.
Not to mention a lot of people would be seriously PISSED and you'd be in deep legal shit for messing with other people's computers.. I'm sure these guys could still face possible trouble even for just admitting they've brought down the head of the botnets, but IMO they're pretty justified to do that. Wiping people's machines, while tempting, is just a no-no. If we want vigilante justice to become more acceptable in these situations, then it's best to be 'nice' about it.
I'm sure these guys could still face possible trouble even for just admitting they've brought down the head of the botnets
And what exactly have they done that's illegal? They registered some domain names. They reported domain names used by spammers to their registrars, with documentation, and those registrars cut off the domains. They reported IP addresses used by spammers to their hosts, and those hosts cut off the IP addresses. They have received botnet requests at their sinkhole, but they are merely logging IP addresses, not returning commands to the botnet. They'll use the IP addresses to one-by-one have the ISPs noti
If we want vigilante justice to become more acceptable in these situations, then it's best to be 'nice' about it.
Ever read Frank Herbert's The White Plague? It's about a scientist on a trip to Ireland who loses his family in an IRA bombing. He goes nuts and engineers a virus to kill every woman on the planet, figuring "if it has to happen to me, then I'm going to share my misery with the world."
Where am I going with this?
We have some pretty epic hackers on the planet. Guys who can disassemble code
No no no! You've missed my point. *I* won't be the one to do any of this. I am not Mr. I-am-going-to-fix-it. Holy crap no! I have a career and a family. I'm way too old for lulz. I'm just saying human nature being what it is, someone eventually will.
And when that someone does, then it'll become a thing. Others will follow. Cowboy justice for anyone who can't secure their systems. It won't happen in a single stroke. One botnet will get hit. Others will get the idea and hit other botnets. It'll become the next new internet game. Used to be cracking DVD protections was enough sport to keep these guys busy. Now it's on to bigger game, so back up your data files everyone.
What I'm saying is that right now, there is a teenaged kid somewhere. Probably in the Netherlands or some other hacker friendly country where if you do something like this you get a couple of years of community service. It's snowing, he's bored, and all the women are wearing parkas so there is nothing to do. And he keeps having to reconfigure his mail server. Whitelists, blacklists, pattern matching...it's pissing him off.
Then he's gonna have an idea.
A couple of weeks later some botnet is going to be completely in the hands of someone who has bigger ideas than spam. He's gonna nuke them. The whole thing.
Honestly I really am surprised it hasn't happened yet. Botnets are a beautiful hack target.
From reading all the FireEye blog posts on the operation, I can't find any point where they broke the law or even behaved in a way that violated anybody's rights.
What they did was to coordinate things so that ISPs and domain registrars followed existing procedures to shut down sites and revoke domain names. They also found some domain names that were programmed to be used as fallbacks but had not yet been registered, then registered those.
It looks like at no time did they actually hack anybody or penetrate computers, either innocent bystanders or guilty people, nor did they use the botnet themselves, so there's no legal or ethical problem here -- assuming their reports are complete and correct, obviously.
Wrong title, not 'taken down' (Score:5, Interesting)
and
Reply to This
Re: (Score:2)
Until now attempts to actually trace and shut down have not been fruitful. I think the face that something was done is very positive.
Re:Wrong title, not 'taken down' (Score:5, Funny)
Reply to This
Parent
And meanwhile... (Score:4, Insightful)
Reply to This
Stop talking sense man! (Score:2)
Next thing you know we'll take the same approach to murder, theft, gangs, drugs, etc and soon we'll end up with a utopia... then how will the billionaires get $100 bills to light their $500 cigars???
Re: (Score:2)
Come on, it's not that hard to get one hundred pesos [wikipedia.org].
Re:And meanwhile... (Score:5, Interesting)
Spam isn't so much an economics problem as a "some people are just dicks" problem. A lot of the problem with spam is the current system we use for email. It was never intended for such widespread use and has little-to-none in the way of authentication or security measures. You can encrypt emails for security sure, but it doesn't help get around the problem of spam..
Reply to This
Parent
Re:And meanwhile... (Score:5, Insightful)
Spam isn't so much an economics problem as a "some people are just dicks" problem
That statement is accurate only for those who believe that spam is sent out to piss you off. Perhaps the spam you receive is somehow different from the spam that is sent to me? The spam that is sent to my addresses is sent to sell various products or services. And why is the spam sent to sell products? Because someone is paying the spammer to send it.
Spam is a product that people are willing to pay for.
Hence spam is a economic problem, because there is economic incentive to send it. Billions or trillions of spam messages can be sent at nearly no cost to the spammer; very little business needs to come from those spam messages to make them incredibly profitable.
A lot of the problem with spam is the current system we use for email. It was never intended for such widespread use and has little-to-none in the way of authentication or security measures.
I have yet to see a proposed replacement for the existing email system that actually suggests anything that would make a bit of meaningful difference for spam issues.
You can encrypt emails for security sure, but it doesn't help get around the problem of spam..
I agree with you on that. Encryption isn't worth squat in regards to spam.
Reply to This
Parent
Re:And meanwhile... (Score:5, Insightful)
The way to stop spam is to fight it as the economic problem that it is; if people continue to go after the symptoms of spam like this they will continue to find themselves quickly thwarted.
Sure. Let's educate every farking idiot on the face of the earth. Just like we did with consumers the world over in every single city across the fruited plain. It's worked well for hundreds of years! "Buyer beware" and Heaven help you if you should get defrauded...
What's that you say? We didn't do that? Instead, we instituted "consumer protection" laws that require vendors to adhere to minimal standards of conduct and safety? Laws that prevent manufacturers from making unsafe cars and selling poisoned food? You mean, I can go into pretty much any restaurant and be confident that I probably won't get some terrible disease from poorly cooked food and un-refrigerated meats?
Yes, on the 'net, it's the wild, wild west, all over again. But now problems "over there" have become problems "over here", and suddenly, things like the sorry legal state of Nigeria and Somalia are in our face. Will we fix it overnight? No, but we will fix it. Sure, we'll never get rid of it completely - the Mafia still exists, and gangs still thrive in areas of the mostly controlled First World. (We can get greatly mitigate the gangs by legalizing their primary revenue stream, the drugs, but while related, that's another post)
The thing is that by legally controlling the terms of commerce, we promote healthy commerce. Outlawing commerce altogether has roughly the same effect of not regulating it at all - fraud and crime sets in, legitimate business moves out. To control spam, we need to control commerce, world wide. And that's a big, big problem that will take at least a generation or two to handle.
Reply to This
Parent
A little known fact about security firm "FireEye" (Score:3, Funny)
At company picnics, employees are encouraged to take part in "Whack-a-mole" competitions during summertime, and ice sculpting during the winter.
Reply to This
WTF? (Score:5, Insightful)
Seriously. Can someone please give me a reasonable explanation that rogue CnC servers and registrars are allowed to continue operations?
Reply to This
Re: (Score:3, Funny)
Because its actually the government who creates and controls these 'botnets'. They're used to spy on us since they have a computer on each end of each router meaning they can reliably trace data streams in foreign countries to their true original source.
Ok, so that wasn't necessarily accurate. But, I've heard on the low-down that the fellows who were working on Titan Ra
Re: (Score:3, Insightful)
Exactly we hear about "researchers" even broadcasters doing this. But never about regular law enforcement...
Governments don't appear interested it dealing with this. Probably because it isn't the (alleged) profits of the entertainments industry being affected.
In the words of Riddick... (Score:3, Interesting)
"You keep what you kill."
Now... what to do with this enormous botnet?
Reply to This
That's great, but... (Score:4, Interesting)
Reply to This
What to do with the zombies (Score:3, Insightful)
We really need an analysis done and report made to the public security community. This is a unique chance to discover what are the real vulnerabilities to the mass of computing power on which criminals prey.
A federal or state level court needs to authorize the researchers to do such an analysis. Even a single state would be enough, if the zombie IPs can be reliably mapped to that state. I would envision the analysis to include:
- Make a full study of many individual zombie PCs: What antivirus, firewall, OS, applications, etc. are installed, including version numbers and a fingerprint (to identify whether they are super-vulnerable copies from warez sites, infected OEMs, etc.).
- Monitor usage of a small number of PCs to identify what user habits lead to zombification, based on the theory that these PCs will become zombies of another botnet soon probably. What should be monitored, and for how long?
- Contact (with law enforcement assistance) a small number of individual users to interview them. Publish anonymized interviews for representative cases so the public can better learn what constitutes dangerous habits.
- Report anonymized individual representative cases, trends and statistics.
Discuss whether the defanged botnet should be used to destroy other botnets. Too much discussion would alert the other net owners. People could opt in based on a message sent to infected PCs, if the authorities support it, but unless those bots are hardened they might open the owners to retaliatory attacks.
At least, let's find out if antivirus really doesn't work, what habits led to botnet creation, and how can we alert zombie owners so they adopt more secure practices.
Reply to This
Do more,.....do more! (Score:3, Interesting)
>more than 264,000 IP addresses were found reporting to sinkholes under FireEye's control
It's not enough, those 264k IP adresses, should be sent out to a sort of ISP provider sanctuary where
they need to contact the people who have the infected pcs, and tell them to clean their machines, just
leaving the machines with a ongoing malware pinging back home, might still be able to get owned.
They need to take down those infected that they know is infected, and force those users to update or get fixed.
They are a threat to the internet, and need to be delt with...maybe cutting them off the internet for awhile would make them call in
their ISP and then they could be warned they had been owned, and need to clean their pcs.
Any further attempts on their machines parts to contact that same "hole" would force them again to be locked out...until such time
they fixed their machines, no?
Reply to This
Re: (Score:2)
So it took them how long between the time it was generating 30% and now when it is generating 4%?
That's a little too late guys.
Re: (Score:2)
Well 1/3 is hard to express as a percentage.
Re: (Score:2)
Approximately 33.3% is SO difficult to write after all!
Re: (Score:3, Insightful)
Re: (Score:2, Interesting)
On a more related note, would this be classed as vigilante justice? Justified?
I think its a cool idea for universities with security classes to study this kind of thing and 'bring it down - safely' as a project. I know I'd enjoy it.
Re:good work (Score:4, Insightful)
It'd be a great project, though you do want to be careful, some of these viri are designed to do harm if disabled improperly, and some of these computers could be in situations where their failure could cause the loss of lives.
Again, not saying don't do it...saying do it carefully.
Reply to This
Parent
Re: (Score:2)
Identifying exactly what is infected and where would be a colossal task. Especially when you consider that you have to identify 'mission critical' hardware.
Re: (Score:2)
some of these viri are designed to do harm if disabled improperly, and some of these computers could be in situations where their failure could cause the loss of lives.
If you have a computer that could fail in such a way that lives could be lost, and the computer is in a situation where it has enough connectivity to the internet to form part of a botnet, then all bets are off anyway.
IMHO, the best way to resolve the botnet is to overwrite the bootsector (but not the partition table) and do a hard reboot. Easy to recover from and minimises the further damage that could be done. Also resolves the "lives could be list" problem.
Re: (Score:3, Insightful)
Re:good work (Score:5, Interesting)
You would be amazed at the volumes of e-mail ISP's get. More then 98% of it is crap you don't want to receive.
Reply to This
Parent
Re: (Score:2)
Re: (Score:3, Insightful)
How much of it actually passes an integrity/authorization check like dkim or spf?
Maybe if those were made more widespread we could do a good bit better job tracing and jailing these bastards... ...or blacklisting accomplice ISPs that don't give a rat's arse about the spam they are sending.
Forgery allows spammers to operate anonymously.
Re:Good! (Score:5, Funny)
Now I don't have to worry about throttled torrent downloads.
Uh right, problem solved there. In other news, once you get an oil change in your car you no longer have to rotate the tires.
Reply to This
Parent
Re: (Score:2)
Re: (Score:2)
Uh right, problem solved there. In other news, once you get an oil change in your car you no longer have to rotate the tires.
Obviously you've never worked with Windows users.
Re: (Score:2)
Re: (Score:2, Insightful)
Well... first you have to find their command and control channels. Then you have to figure out how they work. Many times the command and control is both distributed and encrypted so it is very hard to "chop the head off"
Re: (Score:2)
Re: (Score:2)
Why does it have to be done legitimately and legally?
When the law is habitually incapable of solving a problem, it should be solved extralegally.
Re:Any more? (Score:5, Interesting)
Eh, depends what you're looking at. Other Botnets have been taken down, usually by physically arresting the hacker who started it. I'm sure that they've tried to stop other Spam Botnets before. They didn't actually STOP Ozdok, they just dented it a bit.
It's difficult to track how these things start because essentially you've got about a million breadcrumbs to go through.
Lets say you've got 3 computers, A, B, and C. A infects B, B infects C. There is no direct correlation between A and C, so you have to work your way all the way up the chain. Now imagine you've got a million infected PC's. Who infected who? How do you work your way backwards? There's lots of ways to do this, most simple of which is to look at the contacts and determine which of the contacts is infected. Then determine the time and date of which the infection occured (Date Modified/Date Created on the file). Whoever was first was who infected the others.
The problem with killing it is that it has a "multi layered fallback mechanism" - which is a fancy way of saying it replicates itself. It can do this by either having a secondary program or script copy itself back onto the infected PC when it detects the original infection is gone, or it can do this by RE-infecting any of the computers it was sent to infect in the first place.
I hope thats enough to make you stagger and wonder exactly how much damage they could have possibly done to this botnet.
Reply to This
Parent
Re: (Score:2)
Re: (Score:3, Interesting)
Not to mention a lot of people would be seriously PISSED and you'd be in deep legal shit for messing with other people's computers.. I'm sure these guys could still face possible trouble even for just admitting they've brought down the head of the botnets, but IMO they're pretty justified to do that. Wiping people's machines, while tempting, is just a no-no. If we want vigilante justice to become more acceptable in these situations, then it's best to be 'nice' about it.
Re: (Score:2)
I'm sure these guys could still face possible trouble even for just admitting they've brought down the head of the botnets
And what exactly have they done that's illegal? They registered some domain names. They reported domain names used by spammers to their registrars, with documentation, and those registrars cut off the domains. They reported IP addresses used by spammers to their hosts, and those hosts cut off the IP addresses. They have received botnet requests at their sinkhole, but they are merely logging IP addresses, not returning commands to the botnet. They'll use the IP addresses to one-by-one have the ISPs noti
Makes you wonder, doesn't it? (Score:3, Interesting)
If we want vigilante justice to become more acceptable in these situations, then it's best to be 'nice' about it.
Ever read Frank Herbert's The White Plague? It's about a scientist on a trip to Ireland who loses his family in an IRA bombing. He goes nuts and engineers a virus to kill every woman on the planet, figuring "if it has to happen to me, then I'm going to share my misery with the world."
Where am I going with this?
We have some pretty epic hackers on the planet. Guys who can disassemble code
Re:Makes you wonder, doesn't it? (Score:4, Interesting)
No no no! You've missed my point. *I* won't be the one to do any of this. I am not Mr. I-am-going-to-fix-it. Holy crap no! I have a career and a family. I'm way too old for lulz. I'm just saying human nature being what it is, someone eventually will.
And when that someone does, then it'll become a thing. Others will follow. Cowboy justice for anyone who can't secure their systems. It won't happen in a single stroke. One botnet will get hit. Others will get the idea and hit other botnets. It'll become the next new internet game. Used to be cracking DVD protections was enough sport to keep these guys busy. Now it's on to bigger game, so back up your data files everyone.
What I'm saying is that right now, there is a teenaged kid somewhere. Probably in the Netherlands or some other hacker friendly country where if you do something like this you get a couple of years of community service. It's snowing, he's bored, and all the women are wearing parkas so there is nothing to do. And he keeps having to reconfigure his mail server. Whitelists, blacklists, pattern matching...it's pissing him off.
Then he's gonna have an idea.
A couple of weeks later some botnet is going to be completely in the hands of someone who has bigger ideas than spam. He's gonna nuke them. The whole thing.
Honestly I really am surprised it hasn't happened yet. Botnets are a beautiful hack target.
Reply to This
Parent
Re: (Score:3, Funny)
Since the bots all deserve to be botted, I might set up a beowulf cluster with them and distributed render Big Buck Bunny for the fun of it. =)
Re: (Score:2)
Re:What OS? (Score:4, Interesting)
http://www.symantec.com/security_response/writeup.jsp?docid=2008-021215-0628-99 [symantec.com]
100%, minus controllers, that might run on any OS
Reply to This
Parent
Re: (Score:2)
Re: (Score:3, Funny)
Re: (Score:3, Informative)
once responsible for an estimated third of the world's spam
lately the botnet has accounted for 4% of spam
Re:Legality? (Score:4, Insightful)
From reading all the FireEye blog posts on the operation, I can't find any point where they broke the law or even behaved in a way that violated anybody's rights.
What they did was to coordinate things so that ISPs and domain registrars followed existing procedures to shut down sites and revoke domain names. They also found some domain names that were programmed to be used as fallbacks but had not yet been registered, then registered those.
It looks like at no time did they actually hack anybody or penetrate computers, either innocent bystanders or guilty people, nor did they use the botnet themselves, so there's no legal or ethical problem here -- assuming their reports are complete and correct, obviously.
Reply to This
Parent
Re: (Score:3, Informative)