Storm Worm Botnet "Cracked Wide Open"

Heise Security reports that a 'team of researchers from Bonn University and RWTH Aachen University have analysed the notorious Storm Worm botnet, and concluded it certainly isn't as invulnerable as it once seemed. Quite the reverse, for in theory it can be rapidly eliminated using software developed and at least partially disclosed by Georg Wicherski, Tillmann Werner, Felix Leder and Mark Schlösser. However it seems in practice the elimination process would fall foul of the law.'

so what?

[derfy]

However it seems in practice the elimination process would fall foul of the law.

I'm sure I'm not alone when I say, "So?"

Re:so what?

[Nazlfrag]

If it screws up uninfected machines and networks, oh well, umm whoops?
If there are actually critical, life-supporting systems affected, damn, I guess we can't say sorry to the dead, perhaps send a nice e-mail to their grieving families?

There are plenty of scenarios in which the cure is far more catastrophic than the botnet. We should not be reckless or rash in implementing a solution. When taking on something that utilises the worlds stupidity I think we should keep Murphys law foremost in mind.

Re:Law?

[ScrewMaster]

Who cares about laws? I mean, the criminals don't, the government doesn't care, is anyone still clinging to this outdated model of a coexistance standard?

Yes. Governments.

So you are sued and lose your house.

[khasim]

That's the problem.

The criminals do not care because they were criminals to begin with. This affects the people who are not criminals but who want to clean up the mess made by the criminals.

Now, if the various governments could/would authorize their law enforcement agencies to use this method ...

Re:So you are sued and lose your house.

[owlnation]

"Now, if the various governments could/would authorize their law enforcement agencies to use this method ..."

That is the worst idea I have heard all week.

No Kidding! The problem with such laws (any laws) in most countries, is that they are open to interpretation. This is why we have courts. Which means, that allowing any government agency the right to access 3rd party computers for any reason sets a very, very dangerous precedent which can be exploited by the more fascist politicians in the world.

We've already seen the UK Governing Regime try to find ways of accessing the public's computers whenever they see fit, and without any court warrant. There is no sane way to allow this kind of exception, without running the risk of opening the door to further Government inspection of your computer, if they decide to exploit precedent.

Be very careful with vigilantism. Especially when a government agency is the vigilante. It WILL be exploited for other reasons.

Re:So you are sued and lose your house.

[Yez70]

I don't think the primary goal here is capture and prosecution of the controllers, but shutting the botnet down. Shouldn't that be the priority?

Re:Just more whack-a-mole

[damn_registrars]

Spam is profitable even when only one in 10,000 people respond to them

Spam makes for an excellent case study in the problem, more on that in a moment.

People have been building better and better spam filters for years

Filters will never solve the spam problem. I have said that before, and I will continue to say it until people start to realize the reality of the situation.

Build better filters, and spammers will send better spam.

You have to remove the profit motive.

And a fair portion of botnet activity is spam-driven or spam-propagating. So if we work on the spam problem, the botnet problem will diminish.

And there is one angle in particular that is available for stopping spam:

• The damned registrars

If you look at spam messages, you'll see that the vast majority of them ask you to go to domains that are on the order of days old, and seldom remain up for more than a few weeks. This is because registration of domains is too easy, with too little liability anywhere along the way.

Spamming and spamvertised domains are registered at a bewildering rate 24/7. And most of them are registered with bogus information to boot. We need a few things to hinder this

• Registrars need to sell domains only to valid registration data
• Registrars that willingly sell domains to spammers need to be punished swiftly and severely
• ISPs that willingly offer services repeatedly to spammers need to face the same

If the virtual storefronts selling the v!@gr@ are shut down promptly, and proper impediments are put in place to hinder their creation, spam will become less profitable. The owners of the spamvertised domains can only afford to pay the spammers for their services as long as they are still selling products.

Re:Screw the law.

[Todd+Knarr]

Because we don't need to. The botnet software is readily detectable. Simple solution: require ISPs to warn users if their machines are found to be infected and, if no action is taken (ie. not cleaned up and the user doesn't contact the ISP to discuss it) in a reasonable timeframe, suspend their network access.

If you're driving with a car that's spraying oil all over the road, dropping pieces off and generally posing a hazard to other drivers, the police will cheerfully ticket you and impound the car. They don't try to fix the car, they take it off the road and leave what to do next up to the owner. I fail to see why a similar approach can't be applied (other than "But then they won't be able to use the Internet!", to which I reply "Well, yes, that's kind of the point.").