Slashdot Mirror

← Back to Stories (view on slashdot.org)

Massive Botnet Returns From the Dead To Spam On

Posted by timothy on from the late-entry-for-hallowe'en dept.

CWmike writes "Gregg Keizer reports that the big spam-spewing Srizbi botnet, shut down two weeks ago when McColo was shuttered, has been resurrected and is again under the control of criminals, security researchers said today. As of late Tuesday, infected PCs were able to successfully reconnect with new command-and-control servers, which are now based in Estonia, said Fengmin Gong, chief security content officer at FireEye. The comeback confirms what researchers noted last week, that Srizbi had a fallback strategy. So, in the end, that strategy paid off for the criminals who control the botnet."

7 of 205 comments (clear)

  1. Going back in time ... by Anonymous Coward · · Score: 5, Interesting

    "the big spam-spewing Srizbi botnet, shut down two weeks ago when McColo was shuttered, has been resurrected and is again under the control of criminals"

    I'd love to go back in the '50s, find one of those future drawing artists, show him that head news, and ask him to draw what he think that means in the year 2008.

    Hilarity ensue.

  2. Re:They stopped them once. by armanox · · Score: 3, Interesting

    Actually mine told me not to reduce, as it helps to see where they came from.

    --
    I'm starting to think GNU is the problem with "GNU/Linux" these days.
  3. Re:They stopped them once. by smittyoneeach · · Score: 3, Interesting

    Will switching to IPv6 make the bot nets more transparent to those trying to defend the intertubes?
    If that were true, then that might be a good argument to upgrade...

    --
    Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
  4. Re:We don't need no stinking backups... by mikael_j · · Score: 3, Interesting

    Swedish TeliaSonera and it wasn't done directly, they purchased the link through a third party and made sure it was activated just as the weekend started (probably hoping that no one would shut it down before the weekend was over).

    /Mikael

    --
    Greylisting is to SMTP as NAT is to IPv4
  5. (H|Cr)ack attack by Thaelon · · Score: 3, Interesting

    What I wonder is, why don't some of those white/grey/black hat hackers out there don't try to hijack the botnets, spammers, or the control servers of the spammers and shut that shit down. I'm sure it would be challenging and billions would approve.

    The way I see it, spam is a distributed problem that ignores virtually any boundary you can think of, so the solution must be equally pervasive and distributed. Such as an equally (dis)organized group of spammer-attackers. Sure some innocents will probably get nailed, but ain't war hell?

    --

    Question everything

  6. Re:Blue Frog? by u38cg · · Score: 3, Interesting
    The trouble was any kind of central point became a massive juicy target for them, and it would be just the same for an open source project. Bluefrog IIRC ended up just drowning in a tide of DDOSing. Kinda ironic, really :)

    As far as I can see the only real solution to spam is intelligent filtering, which Google leads the way on: it's got to the point where if a spam mail gets through, I open it it up and have a good look at it to see how the heck it got through.

    --
    [FUCK BETA]
  7. Re:Further Proof by julian67 · · Score: 3, Interesting

    There's a lot more to it than launching applications. Even then it's unsatisfactory in many ways. It's extremely inconvenient to have to run an application as admin and have all the output non-executable and non-writable for other users...one more crappy task to fix all the permissions after every run. Anyway there are many applications which simply don't work with run as. The previous poster who linked to Super SU was nearer the mark. Windows user model works fine for users with no local admin rights working under a domain controller, i.e. in the office with IT dept running everything. For home/individual users it really stinks. The existence of botnets of tens or hundreds of thousands of compromised Windows PCs should negate the need to even mention or discuss this but it seems that simple, sane authorisation models have been thoroughly subverted for so long that the absolute worst model is considered normal and acceptable. What's really incredible to me is that if you look at unix user/super user model or the Ubuntu/OS X style sudo model they are both easy and *convenient* for the end user as well as the administrator and have no real drawback; I can't quite work out why MS dedicated the last 10 years to screwing it up so badly. It is a horrible experience for their users to suffer unwanted malicious software on their systems and it could all have been easily avoided. It shouldn't be normal to run a system so badly configured and implemented that it requires 3rd party add ons simply to appear secure. It shouldn't be anything other than extraordinarily unusual to have one's personal and financial details exposed to criminals etc. Run as is not the answer because there are too many situations where it simply doesn't work or is so inconvenient that it becomes impractical. Personally speaking, Windows is only for games while everything else gets done on a sensible OS. Windows by default has no immunity and no powers of recovery. It has AIDS.