Researchers Hijack Mebroot Botnet, Study Drive-By Downloads

← Back to Stories (view on slashdot.org)

Researchers Hijack Mebroot Botnet, Study Drive-By Downloads

Posted by ScuttleMonkey on Monday October 5, 2009 @07:30AM from the hijack-and-inject-vaccine dept.

TechReviewAl writes "Researchers at the University of California at Santa Barbara hijacked the Mebroot botnet for about a month and used it to study drive-by downloading. The researchers managed to intercept Mebroot communications by reverse-engineering the algorithm used to select domains to connect to. Mebroot infects legitimate websites and uses them to redirect users to malicious sites that attempt to install malware on a victim's machine. The team, who previously infiltrated the Torpig botnet, found that at least 13.3 percent of systems that were redirected by Mebroot were already infected and 70 percent were vulnerable to about 40 common attacks."

5 of 130 comments (clear)

Min score:

Reason:

Sort:

Re:arrest them by noundi · 2009-10-05 07:39 · Score: 5, Insightful

so universities can break the law but common criminals can't? remind's me of nazi/japanese experiments on humans in the name of 'science'.
Really? Intercepting a botnet reminds you of experiments leading to the deaths and suffering of thousands of helpless adults and children? No I see your point, exactly the same thing.

--
I am the lawn!
Re:Like stealing illicit drugs? by noundi · 2009-10-05 07:43 · Score: 4, Insightful

Strikes me that this is a "crime" somewhat akin to stealing money from a drug dealer. Sure, I guess you are doing something "illegal" since it's not your money, but it's not like the drug dealer is going to report you to the police...
Announcing this activity publicly doesn't strike me as particularly prudent, even if it is valuable information...
Not even that. There is absolutely no personal gain for them in this. Even stealing the money has a gain and this experiment neither hurts nor benefits anybody. It's a completely neutral act not to be trolled into some nonsensical paralell about murder or theft.

--
I am the lawn!
Re:Like stealing illicit drugs? by palegray.net · 2009-10-05 07:45 · Score: 4, Insightful

This is more like intercepting and recording the conversations had among a network of criminals, which yields a lot of good insights into how these organizations operate. This can be extremely valuable information if it's forwarded to appropriate law enforcement personnel, which don't always have the technical talent or resources to conduct investigations like this in the first place.

--
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Re:arrest them by clone53421 · 2009-10-05 07:55 · Score: 4, Insightful

so universities can break the law
They broke the law? Citation needed.
Oh wait... you didn't even RTFA.

--
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Hats off to the UCSB guys by benjfowler · 2009-10-05 09:34 · Score: 4, Insightful

They have some serious cojones to be messing with dangerous organised criminals. Good on 'em and I hope they keep fighting the good fight -- and not come unstuck. They are stepping on the toes of some seriously ugly, violent people.