Slashdot Mirror

← Back to Stories (view on slashdot.org)

Massive Botnet Returns From the Dead To Spam On

Posted by timothy on from the late-entry-for-hallowe'en dept.

CWmike writes "Gregg Keizer reports that the big spam-spewing Srizbi botnet, shut down two weeks ago when McColo was shuttered, has been resurrected and is again under the control of criminals, security researchers said today. As of late Tuesday, infected PCs were able to successfully reconnect with new command-and-control servers, which are now based in Estonia, said Fengmin Gong, chief security content officer at FireEye. The comeback confirms what researchers noted last week, that Srizbi had a fallback strategy. So, in the end, that strategy paid off for the criminals who control the botnet."

62 of 205 comments (clear)

  1. Zombies!!!!! by syousef · · Score: 5, Funny

    Argh! Zombies!!!!! They're bound to be after brains! Well they'll find none here! Take that you evil zombies.

    --
    These posts express my own personal views, not those of my employer
  2. Further Proof by MaxwellEdison · · Score: 5, Insightful

    Further proof that crime doesn't pay. Unless you have a reliable business plan, of course.

    --
    -=Bang Bang=-
    1. Re:Further Proof by damn_registrars · · Score: 4, Insightful

      the alg it uses to get domain names

      Why would botnet harvesting be done by domain name anyways? Wouldn't it be easier to collect systems by just running through accessible IP addresses?

      And if the botnets are doing double duty by both propagating spam and attempting to hack into systems via ssh, I can tell you from my IP logs at home that most systems in the botnets aren't behind any particular domains.

      On top of that, how many languages would you want to sell antivirus software in?

      --
      Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    2. Re:Further Proof by Lobster+Quadrille · · Score: 5, Funny

      It's nice to see that somebody's IT department has the funding and expertise to implement a backup plan.

      It gives me hope.

      --
      "The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
    3. Re:Further Proof by julian67 · · Score: 5, Insightful

      Actually there isn't money to be made this way because all those unhappy customers demanding refunds will be expensive. The idea that you can clean an infected Windows PC by installing product A or B or C is mistaken. The whole idea that security is a boxed product or is available by clicking an .exe/.msi installer is bogus. Assuming that the malware on these infected computers is even known to the AV companies (and that's no longer a reasonable assumption in most cases) then the only way to actually remove it effectively is by running the AV tools from read only media, i.e. a live CD. Well designed malware will simply disallow the installation/use/updating of common AV software. The malware authors are streets ahead of the "security" vendors. The AV products installed on a clean machine can't even prevent many of these problems let alone cure them. Most Windows users would be better advised to save their pennies and re-install from original media, always be patched and up to date (applications as well as OS), run as unprivileged user with strong passwords on all accounts and browse only with Firefox + privoxy + noscript + adblock. That isn't perfect but it's zero financial cost and way more effective than anything Symantec, McAfee etc can offer. Unfortunately running Windows with an unprivileged account is as convenient as toothache.

    4. Re:Further Proof by jargon82 · · Score: 5, Informative

      I've been running my windows XP laptop as non-admin for over 2 years. It's not as bad as you say. Two things keep me going. Superior SU, found here: http://www.stefan-kuhr.de/supsu/main.php3 and make me admin, found here: http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx. Between the two, running non-admin is quite comfortable with a bit of practice.

    5. Re:Further Proof by blhack · · Score: 5, Informative

      A little windows trickery:

      Right click on internet explorer and click "Run As" run it as admin.
      type C:\ into the address bar. Navigate to whatever folder the programs you want to run are in and run them. Anything that spawns from here will be running as admin.

      --
      NewslilySocial News. No lolcats allowed.
    6. Re:Further Proof by julian67 · · Score: 3, Interesting

      There's a lot more to it than launching applications. Even then it's unsatisfactory in many ways. It's extremely inconvenient to have to run an application as admin and have all the output non-executable and non-writable for other users...one more crappy task to fix all the permissions after every run. Anyway there are many applications which simply don't work with run as. The previous poster who linked to Super SU was nearer the mark. Windows user model works fine for users with no local admin rights working under a domain controller, i.e. in the office with IT dept running everything. For home/individual users it really stinks. The existence of botnets of tens or hundreds of thousands of compromised Windows PCs should negate the need to even mention or discuss this but it seems that simple, sane authorisation models have been thoroughly subverted for so long that the absolute worst model is considered normal and acceptable. What's really incredible to me is that if you look at unix user/super user model or the Ubuntu/OS X style sudo model they are both easy and *convenient* for the end user as well as the administrator and have no real drawback; I can't quite work out why MS dedicated the last 10 years to screwing it up so badly. It is a horrible experience for their users to suffer unwanted malicious software on their systems and it could all have been easily avoided. It shouldn't be normal to run a system so badly configured and implemented that it requires 3rd party add ons simply to appear secure. It shouldn't be anything other than extraordinarily unusual to have one's personal and financial details exposed to criminals etc. Run as is not the answer because there are too many situations where it simply doesn't work or is so inconvenient that it becomes impractical. Personally speaking, Windows is only for games while everything else gets done on a sensible OS. Windows by default has no immunity and no powers of recovery. It has AIDS.

    7. Re:Further Proof by Jason+Hildebrand · · Score: 2, Informative

      Why would botnet harvesting be done by domain name anyways? Wouldn't it be easier to collect systems by just running through accessible IP addresses?

      RTFA. The bots are generating domain names which they then attempt to contact in order to re-connect with botnet control.

      It's very clever, really. The algorithm can generate a near-endless list of domain names, and all the botnet owners have to do is register one of them and set it up to respond to the bots.

      On the other hand, in order to block this attempt by the bots to re-connect with the botnet owner, you have to pre-emptively register ALL domains which the algorithm generates. So in the long run, it's not financially feasible to block this.

      I assume that the researchers are now going to try to make arrangements directly with the registrars to block registration of such domains in the future -- hope they can get co-operation on this.

    8. Re:Further Proof by LackThereof · · Score: 2, Interesting

      You misunderstand.

      Srizbi has an algorithm to generate a pseudo-random domain name from the current date, and looks to that domain for command & control instructions.

      The author of the bot has the same algorithm, and can calculate the domain names days and weeks out. Thus, if their c&c server is knocked off the internet, the bot herder just has to register a few domain names that Srizbi will be looking to in the near future.

      This has nothing to do with the domain names of the bots themselves, or of the target machines.

      --
      Legalize recreational marijuana. Seriously.
    9. Re:Further Proof by SanityInAnarchy · · Score: 2, Interesting

      Worth mentioning, sudo is essentially UAC, only somewhat less annoying. But it's still a broken model.

      One thing a lot of Unix daemons get right is, one user per task. Basic, stupidly simple security model -- nothing should have more access than it needs to do its job. Server systems still handle this reasonably well -- small things as root, only where needed. Take Apache -- it's root mostly just to bind port 80; everything else is www-data.

      Things like this completely go away with modern desktops. The only two users you deal with most of the time are yourself and root. Not that it matters -- X is full of potential exploits.

      Oh, and Windows isn't entirely unrecoverable, though the most effective recovery tools I know of are all Linux-based -- a decent livecd, ntfsclone, etc.

      --
      Don't thank God, thank a doctor!
    10. Re:Further Proof by ArsenneLupin · · Score: 2, Insightful

      Why can't someone honeypot a bot, move the system time forward and intercept NTP queries, and watch the traffic to see what DNS queries it generates?

      Actually, they managed to do better than that: they reverse-engineered the algorithm, and didn't even need to VM a bot.

      However, where the plan failed was not in guessing the domain names, but in coming up with enough money to preemptively register them...

  3. Going back in time ... by Anonymous Coward · · Score: 5, Interesting

    "the big spam-spewing Srizbi botnet, shut down two weeks ago when McColo was shuttered, has been resurrected and is again under the control of criminals"

    I'd love to go back in the '50s, find one of those future drawing artists, show him that head news, and ask him to draw what he think that means in the year 2008.

    Hilarity ensue.

    1. Re:Going back in time ... by DahGhostfacedFiddlah · · Score: 5, Funny

      Never fails - I never have mod points when I see posts worthy of them.

      --
      Last post!
    2. Re:Going back in time ... by Reality+Master+101 · · Score: 5, Funny

      I don't know what he'd draw, but I know it'd be covered in chrome. :)

      --
      Sometimes it's best to just let stupid people be stupid.
    3. Re:Going back in time ... by denis-The-menace · · Score: 5, Funny

      I guess it would a giant, dilapidated 50's-style robot vomiting a stream of cans of spams to crowds of innocent people.

      --
      Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
  4. They stopped them once. by Finallyjoined!!! · · Score: 5, Insightful

    Now do it again. Rinse, repeat, until there's nowhere left for them to host the "command and control" servers.

    The sooner the better. My good:spam ratio is almost 5:95 at the moment :-(

    --
    If I had an Ass, I'd call it Fanny Bottom, then I could slap my Ass; Fanny Bottom, on the Arse.
    1. Re:They stopped them once. by snowraver1 · · Score: 5, Funny

      If by 5:95 you mean 1:19. Didn't your math teacher teach you to reduce your fractions/ratios?

      --
      Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
    2. Re:They stopped them once. by armanox · · Score: 3, Interesting

      Actually mine told me not to reduce, as it helps to see where they came from.

      --
      I'm starting to think GNU is the problem with "GNU/Linux" these days.
    3. Re:They stopped them once. by smittyoneeach · · Score: 3, Interesting

      Will switching to IPv6 make the bot nets more transparent to those trying to defend the intertubes?
      If that were true, then that might be a good argument to upgrade...

      --
      Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
    4. Re:They stopped them once. by Liath · · Score: 2, Funny

      I think you mean 52429 : 1048576

    5. Re:They stopped them once. by sa1lnr · · Score: 2, Informative

      I read that they had. Servers in Estonia shutdown quickly but one left up in Germany.

      http://www.theregister.co.uk/2008/11/26/srizbi_returns_from_dead/

  5. What intriques me... by powerslave12r · · Score: 5, Insightful

    ..most is how efficiently the bad guys always work. Its just astounding.

    --
    Real men read Slashdot articles at -1, bottom up.
    1. Re:What intriques me... by Yvan256 · · Score: 5, Funny

      Well of course. With no worker unions, government bureaucracy or international laws to get in the way, they have it easier than your average law-abiding citizens and companies.

    2. Re:What intriques me... by Marc+Desrochers · · Score: 5, Insightful

      No red tape, no bureaucratic processes, no politics, no concern about being polite and correct about everything. Also, no customer support. It's a wonder what you can accomplish by not giving a shit who you inconvenience. Just get the job done well enough that it works.

    3. Re:What intriques me... by owlnation · · Score: 2, Insightful

      Also, no customer support. It's a wonder what you can accomplish by not giving a shit who you inconvenience. Just get the job done well enough that it works.

      You mean, "by not even trying to appear as though you give a shit about who you inconvenience".

      If you've tried to contact Customer Support of any corporation (especially any outsourced CS) you know that that company really only pays lip service to the concept. Most corporations only provide just enough CS to be able to show that (massaged) stats reveal 80% customer satisfaction. There is almost never any genuine attempt to actually support customers.

      Most corporations would be as well to just stop providing any customer support whatsoever, there would be little net difference in most cases.

      I think the lack of bureaucracy is probably the key factor in the success of the black economy. Anyone who has worked in a corporation knows how many hoops you have to jump through to get anything meaningful done at any level in the organization. It's often best forgetting about anything that's not groundbreaking.

      That, and the fact that the bottom feeders in the foodchain who fail to cover their asses often don't get a warning on their permanent record so much as a bullet in the brain.

  6. Thats strange... by pillowcase1 · · Score: 5, Funny

    I know it's off topic, but my machine was running great for a couple weeks... now its all slow again.

  7. We don't need no stinking backups... by Anonymous+Monkey · · Score: 5, Insightful

    I have worked in more than a few offices that have no backup plans for when things go wrong; power outs, network outages, supply chain disruptions, and the like would stop work cold. I find it amusing that a band of criminals are running a more flexible and 'professional' operation than many ligament businesses.

    --
    We are the Borg...
    1. Re:We don't need no stinking backups... by Anonymous Coward · · Score: 2, Funny

      I have worked in more than a few offices that have no backup plans for when things go wrong; power outs, network outages, supply chain disruptions, and the like would stop work cold. I find it amusing that a band of criminals are running a more flexible and 'professional' operation than many ligament businesses.

      And here I've been wasting my time trying to set up an organ chop shop in Hong Kong!

    2. Re:We don't need no stinking backups... by Anonymous+Monkey · · Score: 3, Funny

      AAHHAAAHH!!! My ham string!!! Make the burning stop!!!

      --
      We are the Borg...
    3. Re:We don't need no stinking backups... by syncmaster955 · · Score: 2, Funny

      AAHHAAAHH!!! My ham string!!! Make the burning stop!!!

      Did you mean: Spam string?

    4. Re:We don't need no stinking backups... by mikael_j · · Score: 3, Interesting

      Swedish TeliaSonera and it wasn't done directly, they purchased the link through a third party and made sure it was activated just as the weekend started (probably hoping that no one would shut it down before the weekend was over).

      /Mikael

      --
      Greylisting is to SMTP as NAT is to IPv4
  8. Re:Random crashes by RiotingPacifist · · Score: 2, Funny

    They're not random dammit! they always occur where the real part is a half, well the non-trivial crashes anyway.

    --
    IranAir Flight 655 never forget!
  9. A McColo with Fries by INeededALogin · · Score: 5, Funny

    ... and a Coke

  10. Some Idiots by Nom+du+Keyboard · · Score: 4, Insightful

    Is this because some idiot(s) let McColo get back online for a number of hours, or was that fallback already in place before the McColo initial shut down? These major ISP backbone providers reall need to be talking to each other when they blacklist a site so that one rogue provider doesn't undermine the good efforts of all the rest.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
    1. Re:Some Idiots by Detritus · · Score: 3, Informative

      This was because they good guys stopped registering the dynamically generated domain names used by the botnet, allowing the bad guys to register some domain names and regain control.

      --
      Mea navis aericumbens anguillis abundat
    2. Re:Some Idiots by damn_registrars · · Score: 3, Insightful

      Is this because some idiot(s) let McColo get back online for a number of hours, or was that fallback already in place before the McColo initial shut down?

      I would be inclined to believe it to be more of the latter than the former. Why wouldn't the authors of the botnet software want to write something in to allow for the creation of a new botnet control system? These guys aren't idiots, as much as we might like to wish they were. They know that it takes time to amass a botnet, so I would expect they included some way to bring back the botnet, should they get caught somewhere.

      need to be talking to each other when they blacklist a site

      I might be missing something here, but I rather doubt that botnet control comes down to a specific site anywhere. Didn't they just say that the botnet is now controlled from a different country than before? I'm not sure that any amount of activities from major ISP's would be able to be both tolerable to users and capable of restricting the botnets.

      --
      Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  11. OK now... by damn_registrars · · Score: 4, Insightful

    Anyone who is surprised by this, raise your hand. If someone was able to write the requisite application to gather the botnet, one would expect the same programmer to have the foresight to write in a way to re-gather and restart the botnet at a later point in time.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re:OK now... by jon3k · · Score: 2, Insightful

      You mean operators of a massive botnet worth literally MILLIONS of dollars have a backup plan? SHOCKING!

      How is this surprising to anyone? Do you not understand this is a business, illegal or otherwise? Do you not think cocaine smugglers have backup plans too?

  12. They missed the chance by confused+one · · Score: 3, Insightful

    While the command and control was down, they missed the chance to take out the bots too.

    1. Re:They missed the chance by LackThereof · · Score: 4, Informative

      Srizbi will, in fact, accept an uninstall command from a bogus C&C server.

      Lots of stuff about Srizbi

      In the course of invesigating Srizbi, researchers had 250,000 bots under their control for a span of a few days. Sending the uninstall command was one of several ways they could have crippled this small portion of Srizbi. But honestly, no citizen has the legal authority to make changes to hundreds of thousands of other people's PCs. Maybe if some law enforcement agencies would get involved, that would be nice. Or at least give blanket immunity to researchers who would do so.

      --
      Legalize recreational marijuana. Seriously.
  13. Not really. by khasim · · Score: 4, Informative

    They also have to deal with various groups trying to stop them. As in TFA:

    "We have registered a couple hundred domains," Gong said, "but we made the decision that we cannot afford to spend so much money to keep registering so many [domain] names."

    So the spammers had to have thought about and planned for such a contingency.

    And still bring in enough money to pay for the connections they'll be using to control the zombies.

    The updated Srizbi includes hard-coded references to the Estonian command-and-control servers, but Gong was unaware of any current attempt to convince the firm now hosting those servers to yank them off the Web.

    So while attempting to register the domain names, work was going on to update the zombie software.

    The question now is how to get those hard-coded references to the various ISP's in the world so that they can block traffic to/from them and stop the zombies from updating again.

    Why isn't information such as that ever included in these articles?

    1. Re:Not really. by Rich0 · · Score: 2, Interesting

      Yeah, but do you really need to block the whole country?

      The bots obviously need to find their home. Most likely this is via either a hard-coded IP, or a DNS lookup. So, just publish whichever one it is and then everybody can blackhole either the DNS entry or the IP address. If the major ISPs do that the bot dies.

      Now, if the bot uses IRC or something like that it could get trickier, since blocking that at the protocol level (short of killing an entire irc network) isn't possible. However, the irc network could probably block the appropriate channels.

  14. Sample bias by DahGhostfacedFiddlah · · Score: 2, Insightful

    how efficiently the bad guys always work.

    Not really - we only ever hear about the efficient ones here. Head on over to Fark (or even Youtube:) to get some examples of bad guys working....inefficiently.

    --
    Last post!
  15. Re:Aim for the head ... by sexconker · · Score: 4, Funny

    You don't have much experience battling hydras, do you?

  16. Re:fallback strategy by maxume · · Score: 2, Funny

    Nice troll.

    I think it might be more accurate to say if only they had a strategy.

    --
    Nerd rage is the funniest rage.
  17. Soft on terrorism by Animats · · Score: 4, Informative

    So where are the US antiterrorism people? This is an attack on US assets by foreign nationals. We have a whole Department of Homeland Security. They had a good computer security guy in charge of dealing with such attacks, Amit Yoran, and he quit in 2004, fed up because DHS didn't really want to deal with real problems. His replacement was a career lobbyist. Really. "He served as Director of 3Com Corporation's Government Relations Office in Washington, DC where he was responsible for all aspects of the company's strategic public policy formulation and advocacy." That's America's first line of defense against cyberterrorism.

    The FBI has an antiterrorism operation. What are they doing? What they say they're doing is working to "strengthen and support our top operational priorities: counterterrorism, counterintelligence, cyber, and major criminal programs." What they're actually doing is flying around the FBI director in the private jet purchased with antiterrorism funds.

    FBI testimony before Congress, 2001: "The FBI believes cyber-terrorism, the use of cyber-tools to shut down, degrade, or deny critical national infrastructures, such as energy, transportation, communications, or government services, for the purpose of coercing or intimidating a government or civilian population, is clearly an emerging threat for which its must develop prevention, deterrence, and response capabilities."

    FBI testimony before Congress, 2004: " In the event of a cyberterrorist attack, the FBI will conduct an intense post-incident investigation to determine the source including the motive and purpose of the attack."

    So where's the action?

    Heads need to roll at DHS and the FBI.

  18. how come you say for sure they're in Estonia? by tankadin · · Score: 2, Interesting

    You could send an e-mail about command-and-control servers, to our Cyber Defence Center (Küberkaitse Keskus aka KKK) http://en.wikipedia.org/wiki/CCDCOE Estonia is not a big country at all so i think these new servers would be taken down pretty quickly.

  19. (H|Cr)ack attack by Thaelon · · Score: 3, Interesting

    What I wonder is, why don't some of those white/grey/black hat hackers out there don't try to hijack the botnets, spammers, or the control servers of the spammers and shut that shit down. I'm sure it would be challenging and billions would approve.

    The way I see it, spam is a distributed problem that ignores virtually any boundary you can think of, so the solution must be equally pervasive and distributed. Such as an equally (dis)organized group of spammer-attackers. Sure some innocents will probably get nailed, but ain't war hell?

    --

    Question everything

    1. Re:(H|Cr)ack attack by Yvanhoe · · Score: 2, Interesting

      While looking for informations on Code Green, I came accross this 2002 Black hat conference that discusses the possibility of back striking an attacker in the case of the Nimda worm epidemic. http://www.blackhat.com/presentations/bh-asia-02/bh-asia-02-mullen.pdf You may be interested by this presentation.

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
  20. Money was involved... by The+Master+Control+P · · Score: 2, Informative

    There is no possible way any ISP would reconnect someone like McColo out of ignorance: TeliaSonera was bribed.

    1. Re:Money was involved... by Antique+Geekmeister · · Score: 2, Insightful

      Are you under the impression that ISP's cannot be bribed, confused, or flat out lied to using stolen credit card information? Boy, I wish I had your ISP to tell me what singles ads are lying about.

    2. Re:Money was involved... by afidel · · Score: 4, Informative

      More like duped, they bought the backup link through a reseller a long time ago and never activated it till Sat 11/15.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  21. Re:Blue Frog? by u38cg · · Score: 3, Interesting
    The trouble was any kind of central point became a massive juicy target for them, and it would be just the same for an open source project. Bluefrog IIRC ended up just drowning in a tide of DDOSing. Kinda ironic, really :)

    As far as I can see the only real solution to spam is intelligent filtering, which Google leads the way on: it's got to the point where if a spam mail gets through, I open it it up and have a good look at it to see how the heck it got through.

    --
    [FUCK BETA]
  22. Re:Please grow up and join the real world by Animats · · Score: 2, Interesting
    You are receiving spam not nuclear weapons, you idiot. It's not terrorism.

    Tens of millions of American computers are under the direct control of hostile foreign interests. At any moment, they can be ordered to do anything by those interests, including erasing files, sending financial information, or attacking infrastructure sites. That's a much bigger threat than some guys mouthing off in a bar in Miami about blowing up some building, which got the FBI's full attention.

  23. Re:Please grow up and join the real world by WTF+Chuck · · Score: 2, Interesting

    Or simply killing all those whose machines are infected? And if you think that any of those is acceptable then you surely won't have any objection if/when other nations start behaving that way in your country, will you? I know where most of my spam originates.

    I have no problem with the infected machines being killed off, regardless of where the attacker that killed the machine is located or who the attacker is. Just leave some indication of why the machine was killed so I can point to it when charging the customer for re-installing their OS and recovering whatever of their files that you are kind enough to leave for them. A nice little README.txt file explaining "Your machine was a spam spewing zombie in the <botnet name> botnet." will be sufficient.

    --
    Note - Liberal use of <sarcasm> tags may or may not need to be applied.
  24. Random or crashing? by mi · · Score: 2, Funny

    You see, Linux is the fix for the random crashing!

    Which part of "random crashing" is alleviated by Linux? The "random" or the "crashing"?

    --
    In Soviet Washington the swamp drains you.
  25. Re:domains ? by LackThereof · · Score: 2, Interesting

    Because Srizbi has an algorithm that generates new pseudo-random domain names based on the current date. If the hard-coded C&C server ever goes down, the bot herder can calculate what domain names Srizbi will be looking to in the near future, and register them to reclaim the botnet (and push an update that changes the hard-coded server)

    Technical Details of Srizbis domain generation algorithm

    --
    Legalize recreational marijuana. Seriously.
  26. Update by LackThereof · · Score: 4, Informative

    The Estonia based Command and Control servers have been kicked offline.

    Only one server is still online, based in Frankfurt, Germany; name registered through the Cayman Islands.

    This is not the server that's hard-coded in to the new Srizbi patch, just one of the backup servers supplying it.

    source

    --
    Legalize recreational marijuana. Seriously.
  27. In related news ... by PPH · · Score: 4, Funny

    ...the one remaining 4800 baud link between Estonia and the rest of the world was taken down earlier today when IT technicians took control of the phone line to order a pizza.

    --
    Have gnu, will travel.
  28. then doing nothing is a crime too by cheekyboy · · Score: 2, Interesting

    surely doing nothing is just like knowing a criminal has done a crime without reporting it, so you are deemed an aid to the crime if you let it happen.

    Idiots.

    Just do it under the table from a netcafe, and no one will complain, really, no one will, no body, bloody no one!!! Those guys have NO balls.

    --
    Liberty freedom are no1, not dicks in suits.
  29. Re:Why is this still going on? by kvezach · · Score: 2, Interesting

    What they should have done was this: Cut the provider's proverbial balls off. Then snap up the next ten or twenty domains. Connect them all to a server that instructs the bots that get there to uninstall themselves. I can see why they didn't, though; they could have been liable for any unintended effects (computers crashing, whatever), which is why that step should ideally have been done by some anonymous or pseudonymous party.