Researchers Hijack Mebroot Botnet, Study Drive-By Downloads

TechReviewAl writes "Researchers at the University of California at Santa Barbara hijacked the Mebroot botnet for about a month and used it to study drive-by downloading. The researchers managed to intercept Mebroot communications by reverse-engineering the algorithm used to select domains to connect to. Mebroot infects legitimate websites and uses them to redirect users to malicious sites that attempt to install malware on a victim's machine. The team, who previously infiltrated the Torpig botnet, found that at least 13.3 percent of systems that were redirected by Mebroot were already infected and 70 percent were vulnerable to about 40 common attacks."

Re:Like stealing illicit drugs?

[girlintraining]

It's a completely neutral act not to be trolled into some nonsensical paralell about murder or theft.

The law criminalizes behavior, not intent. Intent is no longer necessary to be convicted in the United States. It's not a troll to point this out, and there was no parallel made to murder, only theft. And it is arguably theft: If someone burglarizes your home, and then another person comes in after and "studies" the scene, it is still unlawful entry. When they "hijacked" the botnet, it moved from unlawful entry to theft of services, because in order to do that they need to send commands to the client on the machine.

While it is valuable knowledge in learning what the state of the art is in botnets, they should restrict themselves to studying machines under their own administrative control and/or machines which they have permission to conduct those activities on.