Slashdot Mirror
Researchers Infiltrate and 'Pollute' Storm Botnet
ancientribe writes "Dark Reading reports that a group of European researchers has found a way to disrupt the massive Storm botnet by infiltrating it and injecting "polluted" content into it to disrupt communication among the bots and their controlling hosts. Other researchers have historically shied way from this controversial method because they don't "want to mess with other peoples' PCs by injecting commands," said one botnet expert quoted in the article.
TFA states that they are changing the hash values that the bots use to talk to one another. They aren't issuing commands, they're interrupting the communication of the bots.
If you RTFA, they are not sending any commands to the end computer. They are just disrupting communications between the nodes.
Effectively, fracturing the net into multiple pieces; not taking control o the computers and doing something.
This is not a counter-attack to the infection or anything like that. They're just jamming the comm system that the bots use. They're not actively doing anything to the bot or computer.
To the ones worried about the ethics, at least in this case: What the researchers did, in a sense, is change the 'name' and/or 'password' the bot uses to call the bot master and authenticate itself. In short, they removed the ability of the 'bot to get more commands.
V for Vendetta: People should not be afraid of their governments. Governments should be afraid of their people.
Actually, the paper presented at the conference
http://www.usenix.org/event/leet08/tech/full_papers/holz/holz_html/mentions that the fracturing attack does not work. The Storm botnet currently only 2 things.
1. It sends spam e-mails if it receives a file in a spam template format with another file containing a list of addresses.
2. It commits a denial-of-service attack against a host if it receives a different templated file.
What the researchers are proposing is to become a sender and to send out floods of blank files faster than the actual operators can send out their real files. As a result, the hosts are too busy downloading the 2200 phony files to get around to the 1 real one.
The time it takes for all the network nodes to get around to the real file eliminates the power of the botnet, reducing its effectiveness to that of a few machines even if it contains tens of thousands.
Peter predicted that you would "deliberately forget" creation 2000 years ago...
You can be sued for anything. Being sued for something doesn't mean that act is: illegal, immoral, unethical, or mean.
That said, many many jurisdictions in the United States have a so-called "Good Samaritan" law. This is a law that protects you from criminal charges and--depending on the state--lawsuits. For instance, the law in Texas is quite broad and protects anyone who acts in good faith from any civil damages. On the other hand, California's law is much more strict, and protects only licensed EMTs, Doctors, Nurses, etc. at the actual scene of an emergency.
Know the law in your state! http://www.cprinstructor.com/legal.htm
Just another "DOJ fascist authoritarian totalitarian bootlicker" -- Zeio