Researchers Hijack Mebroot Botnet, Study Drive-By Downloads

TechReviewAl writes "Researchers at the University of California at Santa Barbara hijacked the Mebroot botnet for about a month and used it to study drive-by downloading. The researchers managed to intercept Mebroot communications by reverse-engineering the algorithm used to select domains to connect to. Mebroot infects legitimate websites and uses them to redirect users to malicious sites that attempt to install malware on a victim's machine. The team, who previously infiltrated the Torpig botnet, found that at least 13.3 percent of systems that were redirected by Mebroot were already infected and 70 percent were vulnerable to about 40 common attacks."

Like stealing illicit drugs?

[mcrbids]

Strikes me that this is a "crime" somewhat akin to stealing money from a drug dealer. Sure, I guess you are doing something "illegal" since it's not your money, but it's not like the drug dealer is going to report you to the police...

Announcing this activity publicly doesn't strike me as particularly prudent, even if it is valuable information...

Re:Like stealing illicit drugs?

[mcrbids]

The information gained doesn't benefit them? Why else did they do this, then? Benefit isn't just cash, you know. Anythiing that provides an advantage is a 'benefit'...

Re:Like stealing illicit drugs?

[Nadaka]

They violated the DRM placed on the legally copyrighted software produced by bot net authors. They committed a US federal felony according to the DMCA.

Re:Like stealing illicit drugs?

[amicusNYCL]

It was a case where one guy was buying a car from another guy, paid for it, and never got it. There was no evidence which showed that the seller intended to keep the money and the car at the time the money changed hands. So, according to the indictment he did not steal the money. They showed intent several months later when he modified the car (you wouldn't modify a car unless you considered it yours), but the indictment clearly stated that he was being charged for theft by intending to deprive the buyer of his property (money) when he took the payment, not several months down the line whenever he decided to keep the car. If the state had worded the indictment differently so that we could establish intent at a later date then he would have been found guilty.

Re:Really?

[Idiomatick]

There have been studies on how far people travel daily/weekly/monthly. To do so, the study used thousands of people's locations based on cellphones. The participants of the study were fully unaware that they were being tracked for months. At least this one isn't scary...

Re:Go after the software companies

[AlexBirch]

You could do a civil lawsuit where the burden of proof is that it's more likely that they knew than they didn't.

This could be avoided.

[hesaigo999ca]

Think of all the illegal copies of windows....now imagine that overnight they were to offer a special deal for those with an illegal copy of windows. Buy a license from us for 6months at 50$
rechargeable every 6months after that...atleast everybody and their grandmother would get the first 6 months, get their updates, be rid of 90% of viruses and problems, getting rid of 3/4 of the botnets out in the wild, and then when it came to the next 6motnhs, Microsoft would have made their money already, the people will probably revert back to being non legal, with no ill effects, except for those talked into keeping their copies legit for further patches. The people that did buy legal copies would not have anything to bitch about, as these were not legit copies and revert back to being bad people...which most owning a legit copy do not want to be branded...
everybody wins.