Man Challenges 250,000 Strong Botnet and Succeeds

nandemoari writes "When security officials decide to 'go after' computer malware, most conduct their actions from a defensive standpoint. For most of us, finding a way to rid a computer of the malware suffices — but for one computer researcher, however, the change from a defensive to an offensive mentality is what ended the two year chase of a sinister botnet once and for all. For two years, Atif Mushtaq had been keeping the notorious Mega-D bot malware from infecting computer networks. As of this past November, he suddenly switched from defense to offense. Mega-D had forced more than 250,000 PCs to do its bidding via botnet control."

Command & Control

[phantomcircuit]

All they did was get the DCs hosting the command and control servers to shut them down and register the spare domain names.

Obviously this was a temporary solution.

Re:PR "Stuff" from Fireeye

[Red+Flayer]

Almost eradicated on 4 November 2009 as the result of community action to disrupt the botnet, spam from Mega-D fell to approximately 1% of all spam. Mega-D returned on 13 November using a different collection of bots, sending between 4-5% of spam."

So now there can be coordinated effort against the new botnet, he'll come back with new bots, community response to kill that one off...

Fighting spammers is like fighting against a guerilla army. Constant vigilance, swift response times, and, eventually, wholesale destruction of the people supporting the guerillas will be necessary to win the war. Impact of spammers can be reduced by constant counter-attacks, but the only way to eliminate spam networks hosted on compromised machines is to remove compromised machines from the network (and as many compromisable machines as possible).

The cost of this may be too high to be worth it... but if you take away someone's internet access for a while when they get hosed, then maybe they'll stop getting hosed.