Slashdot Mirror

← Back to Stories (view on slashdot.org)

Estonian ISP Shuts Srizbi Back Down, For Now

Posted by kdawson on from the informal-pressure dept.

wiedzmin writes "In response to the recent resurrection of the Srizbi botnet, an Estonian ISP has shut down the hosting company that was housing its new control servers. Starline Web Services, based in Estonia's capital Tallinn, had become the new home for the Srizbi botnet control center after the McColo hosting company (which was taken down earlier this month) has briefly come back to life last week, allowing the botnet to hand-off control to the Estonian network. After Estonia's biggest ISP Linxtelecom demanded that Starline Web Service be taken offline, the newly acquired Srizbi control servers went down with it. However, as the rootkit is armed with an algorithm that periodically generates new domain names where the malware then looks for new instructions, it is only a matter of time before a new set of control servers is created and used to manipulate one of the biggest spam botnets in the world."

2 of 237 comments (clear)

  1. Re:Think by Anonymous Coward · · Score: 0, Flamebait

    To all the people who are saying "just take the botnet down with that control system", this isn't always possible.

    Huh. You're just making crap up now that sounds plausible.

    Google is handy. Or just read a bit.

    Here's a good summary for the people with lazy-assicle syndrome:

    http://blog.fireeye.com/research/2008/11/fallback-cc-channels-part-deux.html#more

    And what do you know, it *is* just that easy. The concern would be damages to systems, blame, unintended consequences.


    A couple things the FE research team has discovered how to command Srizbi to do, but will not be doing for obvious reasons: Sending the "uninstall" command; Sending an updated binary; Sending an updated driver; Attempting to decrypt any of the data being sent to us by these Bots (other than those from our labs)

  2. Re:Who wants to bet... by Frosty+Piss · · Score: 0, Flamebait

    The same argument could be made about the police and the anti-terrorists. I don't know about you, but I prefer that they have to follow rules.

    We're not talking about "terrorists" and "police" here. This discussion is about spammers. Two different things, so your "argument" such as it is is irrelevent.

    --
    If you want news from today, you have to come back tomorrow.