Slashdot Mirror

← Back to Stories (view on slashdot.org)

Massive Botnet Returns From the Dead To Spam On

Posted by timothy on from the late-entry-for-hallowe'en dept.

CWmike writes "Gregg Keizer reports that the big spam-spewing Srizbi botnet, shut down two weeks ago when McColo was shuttered, has been resurrected and is again under the control of criminals, security researchers said today. As of late Tuesday, infected PCs were able to successfully reconnect with new command-and-control servers, which are now based in Estonia, said Fengmin Gong, chief security content officer at FireEye. The comeback confirms what researchers noted last week, that Srizbi had a fallback strategy. So, in the end, that strategy paid off for the criminals who control the botnet."

6 of 205 comments (clear)

  1. Further Proof by MaxwellEdison · · Score: 5, Insightful

    Further proof that crime doesn't pay. Unless you have a reliable business plan, of course.

    --
    -=Bang Bang=-
    1. Re:Further Proof by julian67 · · Score: 5, Insightful

      Actually there isn't money to be made this way because all those unhappy customers demanding refunds will be expensive. The idea that you can clean an infected Windows PC by installing product A or B or C is mistaken. The whole idea that security is a boxed product or is available by clicking an .exe/.msi installer is bogus. Assuming that the malware on these infected computers is even known to the AV companies (and that's no longer a reasonable assumption in most cases) then the only way to actually remove it effectively is by running the AV tools from read only media, i.e. a live CD. Well designed malware will simply disallow the installation/use/updating of common AV software. The malware authors are streets ahead of the "security" vendors. The AV products installed on a clean machine can't even prevent many of these problems let alone cure them. Most Windows users would be better advised to save their pennies and re-install from original media, always be patched and up to date (applications as well as OS), run as unprivileged user with strong passwords on all accounts and browse only with Firefox + privoxy + noscript + adblock. That isn't perfect but it's zero financial cost and way more effective than anything Symantec, McAfee etc can offer. Unfortunately running Windows with an unprivileged account is as convenient as toothache.

  2. They stopped them once. by Finallyjoined!!! · · Score: 5, Insightful

    Now do it again. Rinse, repeat, until there's nowhere left for them to host the "command and control" servers.

    The sooner the better. My good:spam ratio is almost 5:95 at the moment :-(

    --
    If I had an Ass, I'd call it Fanny Bottom, then I could slap my Ass; Fanny Bottom, on the Arse.
  3. What intriques me... by powerslave12r · · Score: 5, Insightful

    ..most is how efficiently the bad guys always work. Its just astounding.

    --
    Real men read Slashdot articles at -1, bottom up.
    1. Re:What intriques me... by Marc+Desrochers · · Score: 5, Insightful

      No red tape, no bureaucratic processes, no politics, no concern about being polite and correct about everything. Also, no customer support. It's a wonder what you can accomplish by not giving a shit who you inconvenience. Just get the job done well enough that it works.

  4. We don't need no stinking backups... by Anonymous+Monkey · · Score: 5, Insightful

    I have worked in more than a few offices that have no backup plans for when things go wrong; power outs, network outages, supply chain disruptions, and the like would stop work cold. I find it amusing that a band of criminals are running a more flexible and 'professional' operation than many ligament businesses.

    --
    We are the Borg...