Slashdot Mirror

← Back to Stories (view on slashdot.org)

Man Challenges 250,000 Strong Botnet and Succeeds

Posted by CmdrTaco on from the i-fought-the-law-and-the-law-one dept.

nandemoari writes "When security officials decide to 'go after' computer malware, most conduct their actions from a defensive standpoint. For most of us, finding a way to rid a computer of the malware suffices — but for one computer researcher, however, the change from a defensive to an offensive mentality is what ended the two year chase of a sinister botnet once and for all. For two years, Atif Mushtaq had been keeping the notorious Mega-D bot malware from infecting computer networks. As of this past November, he suddenly switched from defense to offense. Mega-D had forced more than 250,000 PCs to do its bidding via botnet control."

3 of 206 comments (clear)

  1. Re:PR "Stuff" from Fireeye by Red+Flayer · · Score: 5, Interesting

    Almost eradicated on 4 November 2009 as the result of community action to disrupt the botnet, spam from Mega-D fell to approximately 1% of all spam. Mega-D returned on 13 November using a different collection of bots, sending between 4-5% of spam."

    So now there can be coordinated effort against the new botnet, he'll come back with new bots, community response to kill that one off...

    Fighting spammers is like fighting against a guerilla army. Constant vigilance, swift response times, and, eventually, wholesale destruction of the people supporting the guerillas will be necessary to win the war. Impact of spammers can be reduced by constant counter-attacks, but the only way to eliminate spam networks hosted on compromised machines is to remove compromised machines from the network (and as many compromisable machines as possible).

    The cost of this may be too high to be worth it... but if you take away someone's internet access for a while when they get hosed, then maybe they'll stop getting hosed.

    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  2. shows its possible by Gothmolly · · Score: 4, Interesting

    1 guy, in 2 weeks, trashed a botnet. Why again can't major ISPs do this? Oh wait, they're getting paid to look the other way by their colocation clients (the spammers).

    --
    I want to delete my account but Slashdot doesn't allow it.
  3. Re:Treat the illness, not the symptoms... by Requiem18th · · Score: 3, Interesting

    What illness Windows? The Windows ecosystem security is hopelessly broken.

    Lot's of outdated machines won't upgrade because the upgrades are expensive, and even if they were free they might brake software OR compatibility, and even if they are free and don't break compatibility many of these systems use pirate copies of Windows and they aren't going to expose themselves to unexpected lockouts.

    No, the solution is implementing a counter-spaming initiative at the ISP level. With counter spaming I mean spaming the spamers, NO, I don't mean naively counter-spaming their email addresses, I mean spaming their honey pot channels, there was a thunderbird extension for this, basically they follow the links in the spam message and sign up/buy whatever they ask for, credit card numbers, friend email addresses, SSN, etc, all fake of course. Unlike their source email addresses they use to spam, they DO pay attention to information sent this way, because it is the way they make money, it's their biggest weak point, spam that and you take them out of business.

    --
    But... the future refused to change.