Slashdot Mirror
Estonian ISP Shuts Srizbi Back Down, For Now
wiedzmin writes "In response to the recent resurrection of the Srizbi botnet, an Estonian ISP has shut down the hosting company that was housing its new control servers. Starline Web Services, based in Estonia's capital Tallinn, had become the new home for the Srizbi botnet control center after the McColo hosting company (which was taken down earlier this month) has briefly come back to life last week, allowing the botnet to hand-off control to the Estonian network. After Estonia's biggest ISP Linxtelecom demanded that Starline Web Service be taken offline, the newly acquired Srizbi control servers went down with it. However, as the rootkit is armed with an algorithm that periodically generates new domain names where the malware then looks for new instructions, it is only a matter of time before a new set of control servers is created and used to manipulate one of the biggest spam botnets in the world."
...that in two weeks this is going to be back up somewhere else in the world? Heck, we could turn it into a game, guessing which country it is being run from next.
However, as the rootkit is armed with an algorithm that periodically generates new domain names where the malware then looks for new instructions, it is only a matter of time before a new set of control servers is created and used to manipulate one of the biggest spam botnets in the world."
If so, perhaps we could try pre-registering the domains that will be used to control the bot-net, or seizing them if need be. Then perhaps we could tell the damn thing to shut itself down, or at least notify the owners of infection and then ignore instructions from any future botnet controllers...
Wouldn't it be possible to grab one of these domain names, then tell the botnet to uninstall the rootkit or something?
I remember recently that they accused Russians or Chinese or whatever for attacking their government sites and kind of they created some serious cyberforce after these attacks? Kind of makes me wonder. How is this possible to have some serious cyberforce and not able to shut botnet which originates from your own country. Smelling bullshit somewhere.
Sigh, once again, lets go over the facts. It was Russia who Estonia accused of helping with the cyber attacks. Basically all the IPs that were being used to DDoS originated from Russia and with some radical Russian youth people also taking credit for the attacks. It was not just one lone hacker like everyone likes to think, just 1 guy got fined because Estonia can't go into Russia and start arresting people. You can read my previous comment about this the last time someone ignorant like you started spewing garbage everywhere here: http://slashdot.org/comments.pl?sid=553424&cid=23414966 Next up, no there is not some "serious cyberforce" running around policing the interwebs or whatever you got in your head. A school, a training facility, was setup so governments from around the world could collaborate and get information on what to do incase your country is cyber-attacked. Its training ground, not a "force" in any way. Who gave you this idea anyway? Last, what bullshit do you smell? Your own? The domains were found and taken down right quick. Everything was handled quickly and professionally, no bullshit there. Why are you complaining or are you just trying to troll on Estonia?
While they're up and running, effectively you have locked all the herded bots down. Take over the control bots, and just do nothing with them. Change them so they don't accept any new instructions from their overlords.
Don't send the herded bots new instructions, nothing. You have effectively taken control away from the spammers/evil masterminds.