Slashdot Mirror


Researchers Infiltrate and 'Pollute' Storm Botnet

ancientribe writes "Dark Reading reports that a group of European researchers has found a way to disrupt the massive Storm botnet by infiltrating it and injecting "polluted" content into it to disrupt communication among the bots and their controlling hosts. Other researchers have historically shied way from this controversial method because they don't "want to mess with other peoples' PCs by injecting commands," said one botnet expert quoted in the article.

5 of 261 comments (clear)

  1. Fair Play by FurtiveGlancer · · Score: 4, Interesting

    I submit that it's inherently fair and perfectly ethical to disrupt those who invade and steal from others. Even if the theft is one of compute cycles. Usually, we call those who disrupt invaders and thieves "heroes."

    --
    Invenio via vel creo
  2. Who is liable in the event of retaliation? by Tanman · · Score: 3, Interesting

    Ok, so here's a fun question: Lets say the botnet creators get pissed off and send out a code change that makes one of the standard commands change to be something like, oh, "wipe hard drive." The botnet creators then use different commands, but the researchers come along and issue the old command, thus wiping the users' hard drives.

    Are the researchers liable since they technically issued the offending command while logged in as a remote user without the owner's permission?

  3. Re:It's not Really... by el_flynn · · Score: 4, Interesting

    Unless there's a problem with the command you send out and it completely wipes the end users hard drive and all their personal data or does something else destructive to the infected user. True, but who's to say the resident malware isn't already doing that? Although I'm sure the bot manufacturer will take quite strong measures to stop this from happening, as it would really result in a non-productive bot. So the anti-bot programmer would just have to take similar steps I suppose.

    It would be far better to monitor the botnet, find the computers involved and then help them clean their computer and prevent another infection. TFA says the researchers "saw between 5,000 and 40,000 machines online at a time."
    Who, other than a NATO-type international task force, would have the resources to reach out to those 40k users and help them clean their machines? All you IT admins and helpdesk staff are already cringing at the thought of handling tens or hundreds of users -- can you even begin to imagine trying to explain to thousands of clueless users what's happened to their PC, and what steps to take to clean it?
    --
    The Wknd Sessions - Malaysian and South East Asia independent music
  4. Re:It's not Really... by graphicsguy · · Score: 3, Interesting

    Who, other than a NATO-type international task force, would have the resources to reach out to those 40k users and help them clean their machines? If it's easy to detect the traffic to/from a botnet computer, they should be cut off by their ISP. The ISP can then offer them both instructions and to sell them PC cleaning as a service before allowing them to re-activate their connection.
  5. Re:It's not Really... by khallow · · Score: 3, Interesting

    You're comparing a concentrated loss to a distributed loss.

    One ugly thing malicious software can do is a "retaliation" strategy (a cooler name is welcome). If you try to destroy or render it ineffective, then it attempts to do the same to the computer that it's on. If I can't have your computer, then you can't have it either. Maybe tit for tat. So if the user stops trying to fix things, then the bot stops retaliating. This would be interesting on a collective level since the bot network might start destroying data, if it detects poisoning attempts.