Man Challenges 250,000 Strong Botnet and Succeeds

nandemoari writes "When security officials decide to 'go after' computer malware, most conduct their actions from a defensive standpoint. For most of us, finding a way to rid a computer of the malware suffices — but for one computer researcher, however, the change from a defensive to an offensive mentality is what ended the two year chase of a sinister botnet once and for all. For two years, Atif Mushtaq had been keeping the notorious Mega-D bot malware from infecting computer networks. As of this past November, he suddenly switched from defense to offense. Mega-D had forced more than 250,000 PCs to do its bidding via botnet control."

PR "Stuff" from Fireeye

[winkydink]

For some value of "Stuff".

Yeah. He succeeded in eradicating the mega-D botnet. For about 2 weeks anyway.

From MessageLabs Intelligence: 2009 Annual Security Report "Almost eradicated on 4 November 2009 as the result of community action to disrupt the botnet, spam from Mega-D fell to approximately 1% of all spam. Mega-D returned on 13 November using a different collection of bots, sending between 4-5% of spam."

Command & Control

[phantomcircuit]

All they did was get the DCs hosting the command and control servers to shut them down and register the spare domain names.

Obviously this was a temporary solution.