Slashdot Mirror
TimeWarner DNS Hijacking
Exstatica writes "It looks like TimeWarner is taking vigilante action on the botnet problem. They've hijacked DNS for a few IRC servers, the latest being irc.mzima.net and irc.nac.net — both part of EFNet. (irc.vel.net was hijacked earlier but has been restored.) Using ns1.sd.cox.net, the lookup returns an IP for what looks to be a script that forces the user into a channel and issues a set of commands to clean the drones. There have been different reports of other IRC networks being hijacked and other DNS servers involved. Is this the right way to handle the botnet problem? Is hijacking DNS legal?" Botnets are starting to move off of IRC for command and control, anyway.
Update: 07/24 00:01 GMT by KD : Updated and added more links; thanks to Drew Matthews at vel.net. 07/24 11:52 GMT by KD : Daniel Haskell wrote in to say that ircd.nac.net is seeing cox.net connections again, and that they are in discussion with the EFF over the matter.
Update: 07/24 00:01 GMT by KD : Updated and added more links; thanks to Drew Matthews at vel.net. 07/24 11:52 GMT by KD : Daniel Haskell wrote in to say that ircd.nac.net is seeing cox.net connections again, and that they are in discussion with the EFF over the matter.
Leet-man dedazo insultingly blames the users again:
The botnet's root cause is not "Windoze", it's the people who are ignorant or lazy enough to let their computers be taken over by trojans and worms. Since it's stupidly simple to avoid that, the problem lies squarely between keyboard and chair.
Both ignorance and apathy would be cured by kicking off infected computers. I'd be looking forward to "responsible user" dedazo being kicked off but I think the PR firm he works for uses a botnet to post all it's pro M$ blather, so he could stay one step ahead of the terminations.
Interestingly enough, he scornfully proposes the right solution:
[lots of namecalling for normal computer users] You know what? You're more than welcome to them.
That wold be cool. Steve Jobs does not have a problem with average users on Apple. Sun does not have a problem with Solaris in hospitals. No one but M$ has a problem and liberating their users would be a great thing for everyone. It can't be done by force but it will happen when people have knowledge and choices.
Friends don't help friends install M$ junk.
Michael Dell estimates that 25% of the computers he sells ends up controlled by a bot net. Botnets used to abuse IRC while launching spam and DNS. The problem is Windows, but you would like to blame and punish IRC servers and users. Why?
Your plan does not even make sense. Botherders have already moved to their own distributed command and control systems that have nothing to do with IRC.
The only people disrupted by this are IRC users, who mostly use gnu/linux and other systems that don't have botnet problems. People with infected computers are not IRC users.
Friends don't help friends install M$ junk.
The problem is the assholes who take over people's computers to send spam and flood web sites. The solution is a well funded police force to hunt them down.
Start in Redmond. No really. Start rooting around the PR firms they pay and see what you find.
Then you can move on to Madison Avenue where big name companies like American Express, Home Depot, American Airlines and others have been busted paying these assholes to take over people's computers. Think those companies got more than a slap on the wrist? No, they had "plausible deniability" and all of them claimed absolute shock that these things were done in their name - shock I tell you, while they continue to support laws that make the internet look like broadcast TV and force the same thing.
Honeynets are a nice way to start tracking these things down but it's not going to work when the herds are all moved over to redundant and decentralized command and control structures. Police effort will dig up thousands of home users who know nothing about what's happened to their computers, unless you can make a TIA network as big as the plannet. The crooks will then add their own networks to the official one and you are back at square one.
No, the only way to get rid of the problem is to make it expensive though platform diversity. Making the user aware of the problem and making it cost the user time and trouble is the first step. At some point the network will be so degraded that users will start dropping off anyway.
Friends don't help friends install M$ junk.
Could a system of application DRM prevent bots on Windows?
By requiring a development license to create an application, which could be trivially obtainable from Microsoft validating user identity, no unknown application would be allowed to run on a machine that isn't the developers or alternate machinces once the application is 'published'. Using a system of centrally maintained and verifiable application IDs, destructive or errant software could then be denied the right to execute via a Microsoft security patch or a publically maintained database of elected 'bad' applications.
I'd be surprised if something similar isn't already in the pipeline.