All stories eventually come true - Douglas Hayward
|
|
|
Good guys kill a huge botnet
INSECURITY EXPERT Atif Mushtaq has reported that he worked out a way of killing the Mega-D botnet.
Mushtaq, who works for FireEye, had been playing defence, keeping the Mega-D botnet from turning over clients computers for two years. According to PC World, he hit on a three step plan to attack and take down the botnet that had forced 250,000 PCs to do its bidding.
The technique involved attacking the Mega-D's command infrastructure. Mega-D's designers used a scattered array of command and control servers, and every bot was assigned a list of additional destinations to try if it couldn't reach its primary command server.
First Mushtaq contacted the ISPs that hosted Mega-D control servers and convinced most of them to take those offline.
Then he contacted domain-name registrars holding domain names that Mega-D used for its control servers. The registrars made sure that Mega-D's existing domain names pointed to nowhere so bots could not reach Mega-D affiliated servers that overseas ISPs had declined to take down.
Finally the registrars claimed all the spare domain names that Mega-D's programmers had listed in the bots' computer code.
With all that in place, Mega-D dropped out of the spam email league tables almost overnight. It is a victory but of course there is nothing to stop Mega-D from being revived by the cyber-crooks who built it.
Still it is a poke in the eye for the criminals. µ
Share this:
Share
I'm not sure if that domain registrars thing is good news, I mean if those botnet guys paid for a hostname then they should have control over them, and its DNS, and if they want to take that away there should be proper procedures and lawful accountability, because if you allow them to do that willy nilly then before you know it all hell breaks loose and half the sites will be taken down, because every site is bound to offend someone.
This is just another Micro$oft bulshit. They need these bot nets to check on ppl downloading Windows and Office... lol they cant check all torrents tho..
Hahaha back in your face M$!!!!
Hearing this warms my heart. I've often wondered how these tossers, who write and distribute this crap, nearly always seem to get away with it. I guess the answers have to be:
1) Not enough people like this Atif Mushtaq around who will bother to find out where these bots are controlled from and take action (although I have to say, why aren't our governments doing this? He managed it!)
2) As Inq points out, "...so bots could not reach Mega-D affiliated servers that overseas ISPs had declined to take down." Now there's a problem; the usual bunch of 'grabbers' not giving a shit about the criminal activity of these creeps and taking the hosting fee regardless of the damage their service is reaping on the rest of us.
Well done that man! It must be a really good feeling to have shafted these parasites.
Love and peace,
Dave xxx