Zeus Botnet Dealt a Blow As ISPs Troyak, Group 3 Knocked Out

← Back to Stories (view on slashdot.org)

Zeus Botnet Dealt a Blow As ISPs Troyak, Group 3 Knocked Out

Posted by timothy on Wednesday March 10, 2010 @11:59AM from the brief-respite-while-sauron-regroups dept.

itwbennett writes "Ninety of the 249 Zeus command-and-control servers were knocked offline overnight when two ISPs, named Troyak and Group 3, were taken offline. Whoever was behind the takedown 'just decided to knock out a large area of cyber-crime, and this was probably one of the easiest ways to do it,' said Kevin Stevens, a researcher with SecureWorks. As with the McColo takedown of just over a year ago, Troyak's upstream providers seem to have knocked it off the Internet, Cisco said in a statement. 'The ISP was "De-peered,"' Cisco said. 'Troyak's upstream network providers effectively pulled the plug on Troyak's router, refusing to transmit its traffic.'"

156 comments

Min score:

Reason:

Sort:

Good by drDugan · 2010-03-10 12:00 · Score: 5, Insightful

What about the other 150?
I have a difficult time understanding how Zeus is *still* around; it started in mid 2007! According to WP, it has more than 3.6 Million infected PCs.
There is no reasonable stance that defends the existence or the activities of botnets either legally or morally. How is it that we know there are 150 other command nodes, presumably that we can also discover their IP addresses, but law enforcement has been unable to bring them down?
While I understand there are differences in laws, and with what is legal and what is accepted in different jurisdictions, but this seems patently absurd. If an ISP provides service to a verified botnet control node, and refuses to quickly turn them off, I would expect immediate upstream action like this. Why hasn't this happened even more?
1. Re:Good by c++0xFF · 2010-03-10 12:11 · Score: 4, Interesting
  
  From the article:
  
  Troyak is based in Kostanay, Kazakhstan, according to whois records.
  Taking down the servers is a political matter, not a technical one (in general). But I would imagine that clearly harboring illegal activity would be sufficient motivation for anybody. Imagine if we classified servers like we do countries that support terrorism?
  But even if we got all 249, it's like playing whack-a-mole or cutting off the head of a hydra.
2. Re:Good by NEDHead · 2010-03-10 12:20 · Score: 1
  
  Why are you asking me? I just got home.
3. Re:Good by icebike · 2010-03-10 12:22 · Score: 1
  
  Not all the command nodes are in jurisdictions that are reachable. Some peer with larger carriers from behind borders where they are essentially untouchable.
  Some may represent a large amount of income for there ISPs. Some may cross the palms of their upstreams.
  Its hard to cut off an entire country just because the only backbone provider has one customer that bribes them to look the other way.
  
  --
  Sig Battery depleted. Reverting to safe mode.
4. Re:Good by John+Hasler · 2010-03-10 12:48 · Score: 2, Funny
  
  > Imagine if we classified servers like we do countries that support terrorism?
  Because that works so well...
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
5. Re:Good by shentino · 2010-03-10 13:02 · Score: 4, Informative
  
  And for once it WOULD be a good idea.
  Just look at what happened to Blue Security. They put spam down so well that a pissed off spammer lobbed an electronic nuke at them.
  The guys that took out Blue were able to do so because they had a freaking ARMY of computers. An army, by the way, that they built up through illegal means. Now, accumulating firepower through theft, that does sound like a form of terrorism to me.
6. Re:Good by shentino · 2010-03-10 13:04 · Score: 1
  
  Depends on if the country's government looked the other way with the backbone that was aiding and abetting.
7. Re:Good by grandpa-geek · 2010-03-10 13:12 · Score: 1
  
  ... presumably that we can also discover their IP addresses, but law enforcement has been unable to bring them down?
  As I understand it, they don't use static IP addresses. They change their IP addresses frequently. They use all kinds of tricky schemes to shield their activities. It sounds like some of their schemes have been figured out lately and successfully attacked.
8. Re:Good by Sir_Lewk · 2010-03-10 13:14 · Score: -1, Flamebait
  
  pissed off spammer lobbed an electronic nuke at them.
  Oh come on now! What is this, a bad hollywood movie? We don't have to be so overly dramatic.
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
9. Re:Good by Attila+Dimedici · 2010-03-10 13:19 · Score: 3, Insightful
  
  Any system that can reliably take botnets offline can also be (mis)used to reliably take something like wikileaks offline.
  
  --
  The truth is that all men having power ought to be mistrusted. James Madison
10. Re:Good by jd2112 · 2010-03-10 13:21 · Score: 3, Insightful
  
  There is no reasonable stance that defends the existence or the activities of botnets either legally or morally.
  
  "We can make money off of it" seems to work for a lot of people.
  
  --
  Any insufficiently advanced magic is indistinguishable from technology.
11. Re:Good by Korin43 · 2010-03-10 13:25 · Score: 1
  
  It's not like we need to go in those countries. All that needs to be done is force ISPs in other countries to stop peering with them.
12. Re:Good by efalk · 2010-03-10 14:21 · Score: 2, Insightful
  
  All that needs to be done is force ISPs in other countries to stop peering with them.
  "Force"? How do you propose we do that?
13. Re:Good by HungryHobo · 2010-03-10 14:23 · Score: 3, Insightful
  
  Ya I'm not really seeing the victory here.
  If 90 of their command and control servers are knocked off can't they just push an update out through one of their other 159 command servers to the botnet to add another 1000 potential command and control servers scattered around the internet?
14. Re:Good by Korin43 · 2010-03-10 14:33 · Score: 1
  
  Laws? "ISPs in country X may not peer with other ISPs known to be allowing activity prohibited by law x"
15. Re:Good by erroneus · 2010-03-10 14:58 · Score: 1
  
  With your line of reasoning, thepiratebay would have gone down and stayed down in spite of Swedish law and not because of it.
  I can't say whether or not the laws of the lands in which the remaining servers reside make their existence illegal -- I hope they do or I hope they will soon -- but it is best to act within the law rather than outside of it.
  I am glad that thepiratebay is still up and running. I find it useful. And if it means tolerating the existence of botnets for the same reasons, I could learn to live with it. I seriously dislike it when business and/or government decide to ignore the law to go after their aims directly. I much prefer that they stay within the rules.
  It can still be done if there is enough interest expressed in it. Write your congressman. Contact your ambassadors. Email the president.
16. Re:Good by camperdave · 2010-03-10 15:01 · Score: 1
  
  It's also possible that the botnet is controlled by the ISP in the first place.
  
  --
  When our name is on the back of your car, we're behind you all the way!
17. Re:Good by Hadlock · 2010-03-10 15:52 · Score: 3, Interesting
  
  Pretty much obliterated Blue Security, I had to google them to figure out what the hell he was talking about. He used a fairly generic term, but the end result is the same.
  
  --
  moox. for a new generation.
18. Re:Good by Hadlock · 2010-03-10 15:55 · Score: 1
  
  Laws don't mean anything unless you enforce them.
  
  --
  moox. for a new generation.
19. Re:Good by Anonymous Coward · 2010-03-10 18:08 · Score: 0
  
  Here we go again....
  "known to be allowing activity prohibited by law x"
  Whose law? Yours? Why? Did the population of country x just get a say in your daily life and, if not, what makes you think that you have a right to say what is legal or not in their country? The best solution here is a technical one but you might have to use diplomacy to convince other governments to follow your lead. By the way, diplomacy does not entail sending an army in to force someone to do as you would wish.
20. Re:Good by Anonymous Coward · 2010-03-10 18:16 · Score: 1, Insightful
  
  It isn't always so clear cut. Sure, there's ISPs like McColo and the two from TFA, but what about ISPs frequented by stupid people (often the major telecom in most countries) who get themselves infected? We all know that these masses of zombie machines are out there, including the ISPs in question. So should those ISPs start cutting off infected users? Let alone the opportunity to sabotage competing ISPs (rent their service and do something illegal, then report them and get them shut down).
  The other problem with your plan is that you suggest that ISPs should be responsible for their traffic. I can hear the cheers from the *IAAs from here, and I bet you can too. They'd pounce on this to force the ISPs to police their product, since obviously the ISPs are obligated to take down illegal traffic. And you better believe that any ISP-policing law won't explicitly target only botnets; in fact, I wouldn't be surprised if stopping botnets was a secondary consideration by the lawmakers (the primary being "stop those nasty internet folk from 'stealing' from the nice company that bought me this yacht").
  This is all ignoring the fact that we don't have a world government and that diplomats will gladly refuse to police another country's laws, just to spite them (depending on the particulars of the political relationship) or to turn an advantage. And the criminals only need find one country which doesn't want in on this absurd law.
21. Re:Good by zzottt · 2010-03-10 19:08 · Score: 1
  
  I laughed, and then I laughed more when I saw that it was posted at 4:20PM
22. Re:Good by hairyfeet · 2010-03-10 19:24 · Score: 4, Informative
  
  As a PC repairman allow me to explain why Zeus is still around, it is because the OEMs suck ass, that's why. You see ever since XP Sp2 (and some even earlier) the OEMs have been loading PCs with images that have the absolute worst default security policies you can possibly imagine, hell a junior HS student could do better. They set up an obvious username with no password, like "HP_User" and then go and turn autoupdates to OFF. In fact in 6 years I don't think I've seen an OEM PC with autoupdates activated. Just yesterday I had one cross my desk that the patches only went to SP2, that was...what 7 years ago? Hell no wonder there are so many botnets, the OEMs make it so any script kiddie can own millions of PCs!
  As for TFA, my guess is that many of the C&C servers are hosted in some idoncareistan, where a nice fat bribe will make all those problems go bye bye. Just look at Nigeria, where scamming is practically a noble profession. And it isn't like they can't find plenty of sleazeballs here in the USA that will be happy to do business with them as long as the money is green.
  Ultimately if we are gonna turn the tide I think it has to start with the OEMs before the customer ever picks up the PC. We need to demand some basic common sense, like having the user pick a password on first launch, having automatic updates set to on as default, and having some rules with regards to the crapware AVs they install, such as having it refuse to start if it is no longer good, so the user won't have a false sense of security. If I had my way it would give the user a list of AVs on first run, including free ones, like Windows 7 did on first start, but since I haven't had any OEM Windows 7 machines cross my desk yet I'm sure the OEMs disabled that as well. But expecting the customer to know their machine is crippled from the factory, as well as the steps to fix it, is just insane when so much can be done at the factory to negate this problem IMHO.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
23. Re:Good by mikael_j · 2010-03-10 19:29 · Score: 3, Interesting
  
  Well, a bunch of guys (spammers) from specialham decided that BlueFrog was working a bit too well at killing spam so they basically threw everything they had at Blue security while simultaneously launching a massive propaganda and FUD campaign online (where they made all sorts of unsubstantiated claims about Blue Security and the BlueFrog software).
  This kind of behaviour from spammers is one of the reasons I wouldn't be the least bit upset if the top 10 spammers in the world were all found one morning with holes in their heads, hopefully it would at least dissuade others (and stop these particular asshats).
  
  --
  Greylisting is to SMTP as NAT is to IPv4
24. Re:Good by mikael_j · 2010-03-10 19:35 · Score: 3, Interesting
  
  Well, most legit ISPs regardless of size tend to put a clause in their ToS about their customers not being allowed to do things that disrupt the network, and spamming and DDoS attacks seem like good enough reasons for claiming someone is disrupting the network. Hell, when I worked the abuse desk for an ISP we would warn residential customers after we got the first indication or complaint about them, disconnect them and send them a letter the second time and only reconnect when they contacted us and verified that they had fixed the problem, if there were any further complaints we would often just cut them off completely (sometimes giving them the option to present us with a receipt from a computer store showing that they'd had their computer looked at by someone there before finally cutting them off).
  No reason to make this about laws that tell ISPs what they must police in their networks, if the respectable and serious ISPs start taking their own Terms of service seriously and actually act on them even when the customer is another ISP then we'd have a lot fewer problems with botnets and spam.
  
  --
  Greylisting is to SMTP as NAT is to IPv4
25. Re:Good by Mechanized+Elf · 2010-03-10 20:07 · Score: 1
  
  No, it means negotiating an ACTA agreement beyond public purview, with stipulations that all parties at table must get their ducks in a row within six months. This is the result of "international politics" not "diplomacy", which, in its traditional forms, is extinct.
26. Re:Good by Korin43 · 2010-03-10 20:44 · Score: 1
  
  How about the laws of the country they're in? As in a US law saying: "ISPs in the United States may not peer with ISPs known to not stop virus/spam activity on their networks".
27. Re:Good by L4t3r4lu5 · 2010-03-10 23:55 · Score: 1
  
  Yes, but a customer who is cut off from the network makes the company no profit, signs up with a competitor without these draconian "shoot first, ask questions later" regulations, and eventually "most legit ISPs" go out of business.
  
  Where did you learn about customer satisfaction? UbiSoft?
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
28. Re:Good by Anonymous Coward · 2010-03-11 00:26 · Score: 3, Informative
  
  Now, accumulating firepower through theft, that does sound like a form of terrorism to me.
  Despite what the talking heads on TV or the politicians have told you to think, terrorism does not mean "anything illegal" or "anything against the interests of the country". Terrorism is an activity that is designed to accomplish its goals through the use of fear and paranoia against the general population.
  Stockpiling a supply of bombs does not make you a terrorist, using or threatening to use them against a target such as a school does.
29. Re:Good by mikael_j · 2010-03-11 01:17 · Score: 2, Insightful
  
  You're assuming that most customers would not fix their equipment and that they would switch to another ISP, my experience tells me otherwise, most users will rather fix their own equipment than change ISPs.
  Also, did you notice the second paragraph where I mentioned ISPs actually using these rules against other ISPs who are their customers? We're not talking about Bargain Bob's Discount Intarwebs here, we're talking about Level 3, TeliaSonera, Verizon, AT&T et al actually bothering to disconnect Bargain Bob's Discount No Questions Asked As Long As You Pay Us Intarwebs from their networks. There's a fairly small number of Tier 1 and regional Tier 1 ISPs out there and once a "rogue" smaller ISP gets blacklisted with a few of these it's likely the others will do the same.
  /Mikael
  
  --
  Greylisting is to SMTP as NAT is to IPv4
30. Re:Good by gparent · 2010-03-11 01:29 · Score: 1
  
  At that point in time it was the only way to be sure.
31. Re:Good by shentino · 2010-03-11 03:20 · Score: 1
  
  No, but using those assets in attacks against civilians (hell, even military/government) might count.
  Naturally it's a slippery slope that makes censorship more convenient as a side effect.
  Consider also, that the USAF has gotten into cyber-defense. That's the freaking AIR FORCE. Now, I must ask...why bother unless cyber-attacks actually have the potential to cause extensive damage?
32. Re:Good by Anonymous Coward · 2010-03-11 04:19 · Score: 0
  
  This bluefrog software sounds like THE solution... why is slashdot advocating such draconian regulations in their hatred of spam when something like this exists? Albeit, it becomes an all-out war against an enemy that is overtly equipped... if we can get over the first bump we would most certainly outnumber THEM.
  Though, on second thought, simply reciprocating spam won't work against botnets... at least not without an arms race against spammers and some whitehatting.
33. Re:Good by Sir_Lewk · 2010-03-11 05:32 · Score: 1
  
  I'm not saying they didn't effectively devastate these guys, I'm saying that when you talk about dropping "electronic nukes" on people, you sounds like you are from a cheap 1990's hacker movie.
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
34. Re:Good by Renraku · 2010-03-11 10:46 · Score: 0, Troll
  
  Hey, great idea.
  Let's just allow Microsoft to patch in whatever the hell they want with no regard for legality or ethics. I'll agree to turn autoupdates on whenever I trust Microsoft farther than to decide my copy is fake and lock me out of it. When they stop telling me to buy a new copy because I bought a new motherboard. When they stop adding in secret back doors for various security agencies.
  
  --
  Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
35. Re:Good by Anonymous Coward · 2010-03-11 19:08 · Score: 0
  
  No it's not, if a few of the very largest top-level ISPs declare "We don't want any traffic from that Rogue ISP" and block all their IP addresses, the game is over. Anyone else who dares to serve them will be blocked too. End of story. The bad ISP will be done, and the bad guys will have to get new bots on new ISPs, who actually do care - especially after seeing what happened to the old ISPs.
  As for people talking about Wikileaks, IP, etc. This is different in a large way, because while "virtual" theft is one thing, and laws vary from country to country, this is about _real_ theft of _real_ money. As far as I know that is unambiguously illegal everywhere.
36. Re:Good by Anonymous Coward · 2010-03-11 19:37 · Score: 0
  
  I am still not sure why Blue gave up. If the spammers were directing all their energy at them, there must have been less spam at the time. Seems Blue was winning through losing ;)
Wolfram Alpha by Anonymous Coward · 2010-03-10 12:00 · Score: -1, Offtopic

Remember that thing? It's not a search engine though, its a computational knowledege engine. That took off like a lead balloon.
1. Re:Wolfram Alpha by Anonymous Coward · 2010-03-10 12:10 · Score: -1, Offtopic
  
  It was pretty Cuil.
Niney by Evelas · 2010-03-10 12:01 · Score: 3, Informative

Read that, figured it was Nine, read the article, 90 of 249
1. Re:Niney by monkeySauce · 2010-03-10 13:47 · Score: 1
  
  I figured it was either supposed to be ninety or niner. In case of the former... spellcheck? editing? In the latter case... was this story submitted via walkie talkie?
2. Re:Niney by schlick · 2010-03-10 14:30 · Score: 1
  
  Niney you know kinda like sevenish.
  
  --
  "It's because they're stupid, that's why. That's why everybody does everything." -Homer Simpson
Niney!? by Anonymous Coward · 2010-03-10 12:02 · Score: 1, Funny

I'm not sure exactly how many Niney is, but it sounds like a lot!
1. Re:Niney!? by LikwidCirkel · 2010-03-10 12:24 · Score: 5, Funny
  
  It comes after atey and before teny
2. Re:Niney!? by SimonTheSoundMan · 2010-03-10 12:27 · Score: 3, Funny
  
  I think it's after twelfty.
3. Re:Niney!? by Anonymous Coward · 2010-03-10 13:47 · Score: 1, Funny
  
  It comes after atey and before teny
  Epic... Made me LOL real hard...
4. Re:Niney!? by L4t3r4lu5 · 2010-03-10 23:58 · Score: 2, Funny
  
  It comes after atey and before teny
  Did you really just spell "eight" like that?
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
5. Re:Niney!? by L4t3r4lu5 · 2010-03-10 23:59 · Score: 1
  
  Got any can's of can't?
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
Niney by jamesyouwish · 2010-03-10 12:05 · Score: 4, Funny

Niney n. The amount of drinks it takes to say this word correctly.
Words by Threni · 2010-03-10 12:06 · Score: 5, Insightful

knocked offline...taken offline....takedown...knock out.......have knocked it off..."De-peered,"'...pulled the plug... refusing to transmit
I'm sorry, you're going to have to repeat that; what happened? Were they somehow removed from the internet?
1. Re:Words by chadenright · 2010-03-10 12:14 · Score: 5, Informative
  
  The Internet Service Providers providing internet service to the 90 zeus command nodes suddenly (and involuntarily) stopped providing internet service. TFA attributes this to "anonymous community action". Basically, someone got irritated at the bot net and blacked out a fair chunk of Kazakhstan in order to damage it.
2. Re:Words by Anonymous Coward · 2010-03-10 12:14 · Score: 5, Funny
  
  Troyak and Group 3 were like car dealerships, who sold cars to evil customers, who ran car-botnets. The suppliers of Troyak and Group 3 decided to stop supplying cars to them, so they couldn't resell the cars.
3. Re:Words by icebike · 2010-03-10 12:15 · Score: 1
  
  The ISPs that hosted these botnet control centers had their wires cut. The entire ISP is offline. None of the companies they send their internet traffic to will talk to them any more.
  
  --
  Sig Battery depleted. Reverting to safe mode.
4. Re:Words by MrMista_B · 2010-03-10 12:24 · Score: 0, Troll
  
  You suck at reading comprehension, huh? Yes, yes they ere removed from the internet, 'somehow'.
5. Re:Words by Anonymous Coward · 2010-03-10 12:32 · Score: 2, Funny
  
  He sucks at reading comprehension just like you're awesome at sarcasm.
6. Re:Words by Anonymous Coward · 2010-03-10 12:46 · Score: 0
  
  It's amusing how the loudest people are rarely the sharpest. How can you miss that that was sarcasm? If it wasn't sarcasm, what exactly was it?
7. Re:Words by obarthelemy · 2010-03-10 12:50 · Score: 2, Funny
  
  this has to be the worst car analogy ever.
  
  --
  The Cloud - because you don't care if your apps and data are up in the air.
8. Re:Words by Nefarious+Wheel · 2010-03-10 12:59 · Score: 2, Informative
  
  I'm sorry, you're going to have to repeat that; what happened? Were they somehow removed from the internet?
  They were the recipients of a staged compaction of fissile material achieving critical mass and subsequent chain reaction within a projectile arriving from an exospheric source.
  
  --
  Do not mock my vision of impractical footwear
9. Re:Words by __aajfby9338 · 2010-03-10 14:01 · Score: 5, Funny
  
  this has to be the worst car analogy ever.
  You might say it's like the Yugo of car analogies.
10. Re:Words by Anonymous Coward · 2010-03-10 14:01 · Score: 0
  
  For those who didn't get it, (about a dozen replies at the time of this posting), parent is referring to how pointless the summary is. The submitter basically took the title and rephrased it 4 different ways instead of adding additional useful information.
11. Re:Words by grcumb · 2010-03-10 14:05 · Score: 2, Funny
  
  this has to be the worst car analogy ever.
  Yeah, it's like the AMC Pacer of car analogies.
  
  --
  Crumb's Corollary: Never bring a knife to a bun fight.
12. Re:Words by Anonymous Coward · 2010-03-10 14:13 · Score: 0
  
  Troyak and Group 3 were like car dealerships, who sold cars to evil customers, who ran car-botnets. The suppliers of Troyak and Group 3 decided to stop supplying cars to them, so they couldn't resell the cars.
  But that would only stop new cars from driving on the road, not take the evil customer driven ones off "overnight." No, Troyak and Group 3 were service stations who sold fuel to customers who drove evil cars ...
13. Re:Words by Kalriath · 2010-03-10 14:32 · Score: 1
  
  It's the only way to be sure.
  
  --
  For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
14. Re:Words by blackraven14250 · 2010-03-10 14:38 · Score: 1
  
  A troll.
15. Re:Words by Angst+Badger · 2010-03-10 14:59 · Score: 3, Insightful
  
  TFA attributes this to "anonymous community action".
  Of which there might be more if someone would be thoughtful enough to publicly post the IP addresses of the command and control nodes of major botnets on a regular basis.
  
  --
  Proud member of the Weirdo-American community.
16. Re:Words by Dachannien · 2010-03-10 15:05 · Score: 1
  
  knocked offline...taken offline....takedown...knock out.......have knocked it off..."De-peered,"'...pulled the plug... refusing to transmit
  If they weren't pushing out the spam, they'd be pushing up the daisies!
17. Re:Words by Wayne247 · 2010-03-10 15:57 · Score: 1
  
  Which makes it the best. +5 insightful
18. Re:Words by witherstaff · 2010-03-10 17:32 · Score: 2, Funny
  
  How about this one then - Zeus is like a Toyota. It keeps going and going, no matter how hard you try to put on the brakes to its activities. However after a long fight someone found a way to hit the brakes, emergency brakes, positioned a cop car in front of, and slowed it down enough to yank the key out. Troyak and Group 3 are like Toyota car dealerships. All of their cars (Servers) are now sitting idle because no one in their right mind wants to go anywhere near - or in front of - a Toyota, er a Zeus bot.
19. Re:Words by Morgor · 2010-03-10 21:34 · Score: 1
  
  Everyone knows that a bad analogy is like a leaking screwdriver...
20. Re:Words by fastest+fascist · 2010-03-10 23:09 · Score: 1
  
  It's the car analogy of car analogies.
21. Re:Words by Anonymous Coward · 2010-03-11 01:41 · Score: 0
  
  No, no. The botnet is merely pining for the fiords.
22. Re:Words by Anonymous Coward · 2010-03-11 01:41 · Score: 0
  
  God damn, it's not rocket science, they blocked the traffic.
23. Re:Words by clone53421 · 2010-03-11 01:45 · Score: 1
  
  If it wasn't sarcasm, what exactly was it?
  Crappy sarcasm.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
24. Re:Words by happy*nix · 2010-03-11 02:28 · Score: 1
  
  So and up stream ISP took some action to take these server off the internet.
  So did they
  A. Cut the tubes leading to zeus
  B. clog the tube with something
  C. install a calve on the tube
  Cause if they didn't (A) cut the tube, won't zeus be able to pump stuff into the internet again by (B) having their internet tube cleaned or (C) have someone walk out to the curb and turn the valve back on?
  -GW
  P.S. could we flush a tube-bursting bomb down zeus's tube and reall shut them down for good
  
  --
  Gone to my happy place.
25. Re:Words by clone53421 · 2010-03-11 02:41 · Score: 1
  
  No; the up-stream ISP was Troyak, and they did nothing. Troyak’s own up-stream provider got fed up with them and they cut the tube coming from Troyak and left it draining into the kitchen sink.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
26. Re:Words by __aajfby9338 · 2010-03-11 06:00 · Score: 1
  
  My head just exploded... like a Ford Pinto.
Yay!! KILL THE COMMIES TO HELL AND MOSCOW !! by Anonymous Coward · 2010-03-10 12:08 · Score: -1, Troll

We don't need no stinkin' commies on this here AMERICAN internet.
Internet Death Penalty by Anonymous Coward · 2010-03-10 12:11 · Score: 4, Informative

Might as well call it by its name: Internet Death Penalty
Cisco? by GPLDAN · 2010-03-10 12:14 · Score: 1

John Chambers thinks he's John Wayne.
1. Re:Cisco? by Anonymous Coward · 2010-03-10 15:18 · Score: 0
  
  Or Juan Jane, as the case may be.
Violation of network neutrality? by Anonymous Coward · 2010-03-10 12:16 · Score: 0

Violation of network neutrality?
1. Re:Violation of network neutrality? by Anonymous Coward · 2010-03-10 12:33 · Score: 3, Funny
  
  Their network has been neutralized alright.
2. Re:Violation of network neutrality? by clone53421 · 2010-03-11 01:22 · Score: 1
  
  Net neutrality only applies when you don’t know what’s going on or at least can reasonably argue this.
  If you know someone is spamming, it’s a different situation.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
The short answer? Money. by khasim · 2010-03-10 12:21 · Score: 5, Insightful

Why hasn't this happened even more?
Because the spammers and such are paying good money for such "bullet-proof" hosting sites.
Meanwhile, the more legitimate ISP's don't want to spend the money to block the command/control servers individually on their networks.
1. Re:The short answer? Money. by failedlogic · 2010-03-10 12:40 · Score: 1
  
  It would be interesting to find out how much money they are being paid though.
2. Re:The short answer? Money. by Nefarious+Wheel · 2010-03-10 12:55 · Score: 3, Interesting
  
  Meanwhile, the more legitimate ISP's don't want to spend the money to block the command/control servers individually on their networks.
  I suspect the "expense" they're afraid to incur would most likely be in the form of legal costs. Give a decent sysadmin any size list of culprits and he'll script a way to block them within a day, max. Fighting lawsuits, OTOH, is quite expensive, bogus or otherwise.
  
  --
  Do not mock my vision of impractical footwear
3. Re:The short answer? Money. by Anonymous Coward · 2010-03-10 13:05 · Score: 3, Informative
  
  This is called a pink contract.
  http://catb.org/jargon/html/P/pink-contract.html
4. Re:The short answer? Money. by xanadu-xtroot.com · 2010-03-10 14:54 · Score: 1
  
  AH! I saw what you did there.
  
  --
  I'm not a prophet or a stone-age man,
  I'm just a mortal with potential of a super man.
5. Re:The short answer? Money. by Anonymous Coward · 2010-03-10 15:00 · Score: 0
  
  Are you looking for a new career?
6. Re:The short answer? Money. by failedlogic · 2010-03-10 15:47 · Score: 1
  
  I know what you're probably thinking. I want to figure out how much they make to start a business. My username probably doesn't help much. I intended to phrase it as a rhetorical question.
  Would it really be worth getting your server(s) kicked off the Net as a hosting/ISP in order to make some quick bucks off some guys hosting a bot net instead of pursuing likely bigger paying corporate clients?
  I don't know much about this ISP. Maybe this is the only type of business they've tried to acquire in the first place.
7. Re:The short answer? Money. by Anonymous Coward · 2010-03-10 19:09 · Score: 2, Interesting
  
  It's true.
  At one of my jobs the boss willingly hosts a spammer and gives him a couple subnets, a XEON and a few mbit of traffic and gets thousands from it.
  It's pretty annoying because i've been instructed to deal with spamhaus over it all the time and one of these days they're going to call the companies bluff.
8. Re:The short answer? Money. by zmollusc · 2010-03-10 19:41 · Score: 1
  
  I suspect that an _individual_ is being paid to risk losing his job if his _employers'_servers_ get kicked off the net.
  
  --
  They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
9. Re:The short answer? Money. by Anonymous Coward · 2010-03-11 01:19 · Score: 0
  
  Congratulations, your boss just joined spammers on my list of people I’d be grateful to have someone kill.
10. Re:The short answer? Money. by precariousgray · 2010-03-11 02:15 · Score: 1
  
  What, do ISPs not have a "we reserve the right to do whatever the hell we want with your equipment/account/etc. while you receive service through us for no justifiable reason whatsoever" catch-all like every other corporation in the world?
  
  --
  not much, just being forced to manually insert line breaks into my comment
re by Mantis8 · 2010-03-10 12:24 · Score: 1

All I have to say is, "Bout time"!
1. Re:re by gwdoiron · 2010-03-10 13:03 · Score: 1
  
  Or is that, "'bot time"!
2. Re:re by AlamedaStone · 2010-03-10 17:28 · Score: 1
  
  Or is that, "'bot time"!
  It isn't.
  
  --
  "All these years believing you're the signified monkey, only to find out you're just a big hunk of nobody cares."
Tangled memes by moteyalpha · 2010-03-10 12:26 · Score: 2, Insightful

In Russia, Chuck Norris knocks out your bot net niney times , as he turns seveny.
I smell my karma burning.
1. Re:Tangled memes by Crudely_Indecent · 2010-03-10 16:07 · Score: 1
  
  You beat me to it.....only I was going to say:
  WTF is "Niney"
  You turned it into a triple-combo!
  
  --
  
  "Lame" - Galaxar
2. Re:Tangled memes by Anonymous Coward · 2010-03-10 16:31 · Score: 0
  
  I smell your liniment grandpa.
Update: Troyak is back online by angry+tapir · 2010-03-10 12:37 · Score: 5, Informative

According to this article: "Just hours after Internet service providers severed network connectivity to Troyak, an ISP associated with the Zeus botnet, the ISP has regained connectivity after peering with a new upstream Internet service provider."
1. Re:Update: Troyak is back online by NiteMair · 2010-03-10 12:48 · Score: 3, Funny
  
  They say only sixeyate made it back online though...
2. Re:Update: Troyak is back online by Anonymous Coward · 2010-03-10 12:52 · Score: 0
  
  This is believable. I got 25% ~more~ spam on my domains today than any day in the last month. From the patterns, I suspect they felt obliged to resend some after their outage.
3. Re:Update: Troyak is back online by Anonymous Coward · 2010-03-10 16:52 · Score: 0
  
  nice.
Why the "statement" from Cisco? by Seor+Jojoba · 2010-03-10 12:41 · Score: 2, Insightful

As far as I can tell, Cisco wasn't involved in the decisions. It looks like the writer went to the two ISPs for comment, but came up dry--well, except for that one anoymous comment. Then the writer asked Cisco what they thought about the whole thing to fill out the piece. Probably the ISPs are afraid of being targeted in retaliation and want to keep a low profile.
PININ' for the FJORDS?! by asdf7890 · 2010-03-10 12:46 · Score: 2, Insightful

knocked offline...taken offline....takedown...knock out.......have knocked it off..."De-peered,"'...pulled the plug... refusing to transmit
... IT IS A DEAD ISP! </cleese>
1. Re:PININ' for the FJORDS?! by don_bear_wilkinson · 2010-03-10 13:17 · Score: 2, Funny
  
  IT IS A DEAD PEER NET (better meter for 'par-rot')
  
  --
  In Nature, stupidity is a capital offense. In human society, too many get off with less than a warning.
2. Re:PININ' for the FJORDS?! by plover · 2010-03-10 14:07 · Score: 5, Funny
  
  Mr Praline walks into a datacenter.
  He walks to a desk where a sysadmin tries to hide below a tape rack.
  PRALINE: Hello, I wish to register a complaint... Hello? Miss?
  SYSADMIN: What do you mean, miss?
  PRALINE: Oh, I'm sorry, I have a cold. I wish to make a complaint.
  SYSADMIN: Sorry, we're closing for patch Tuesday.
  PRALINE: Never mind that my lad, I wish to make a complain about this hosting service what I leased not half an hour ago from this very datacenter.
  SYSADMIN: Oh yes, the Kazakhstan Big Blue Blade Server package. What's wrong with it?
  PRALINE: I'll tell you what's wrong with it. It's offline, that's what wrong with it.
  SYSADMIN: No, no it's connecting, look!
  PRALINE: Look my lad, I know a dead host when I ping one and I'm pingin' one right now.
  SYSADMIN: No, no sir, it's not dead. It's syncing.
  PRALINE: Syncing?
  SYSADMIN: Yeah, remarkable host the Kazakhstan Big Blue, beautiful rackmounting job, innit?
  PRALINE: The rackmountin' don't enter into it - it's stone dead.
  SYSADMIN: No, no - it's just syncing.
  PRALINE: All right then, if it's syncing I'll sync with it. (shouts into cabinet) Hello Khaki! I've got a nice piece of Cat 6 for you when you wake up, Khaki!
  SYSADMIN: (jogging rack) There it blinked.
  PRALINE: No it didn't. That was you yankin' the wire.
  SYSADMIN: I did not.
  PRALINE: Yes, you did. (unplugs wire from cabinet, shouts into the end of the ethernet cable) Hello Khaki, Khaki (whips it against counter) Khaki host, wake up. Khaki. (throws it in the air and lets it fall to the floor) Now that's what I call a dead host.
  SYSADMIN: No, no it's stunned.
  PRALINE: Look my lad, I've had just about enough of this. That host is definitely depeered. And when I leased it not half an hour ago, you assured me that its lack of connectivity wad due to it being tired and shagged out after delisting a porn site.
  SYSADMIN: It's probably pining for the fjords.
  PRALINE: Pining for the fjords, what kind of talk is that? Look, why did it refuse to connect the moment I got home?
  SYSADMIN: The Kazakhstan Big Blue prefers connecting via SSL. Beautiful host, lovely rackmounting.
  PRALINE: Look, I took the liberty of examining that host, and I discovered that the only reason that its lights were blinking in the first place was that there was a flashlight taped inside the case.
  SYSADMIN: Well of course it was taped there. Otherwise it would roll out the back and voom.
  PRALINE: Look matey (picks up cable) this host wouldn't voom if I put four thousand volts through it. It's bleeding offline.
  SYSADMIN: It's not, it's pining.
  PRALINE: It's not pining, it's unplugged. This host is no more. It has ceased to be. Its license has expired. This is a late host. It's a brick. Bereft of electrons, it rests in peace. And if you hadn't taped a flashlight inside the case, the only cycles it would ever see from here on out are re-cyclers. It's dropped out of DNS and unjoined the internet invisible. This is an ex-host.
  SYSADMIN: Well, I'd better replace it then.
  PRALINE: (to camera) If you want to get anything done in this country you've got to complain till you're blue in the mouth.
  SYSADMIN: Sorry guv, we're right out of blade servers.
  PRALINE: I see. I see. I get the picture.
  SYSADMIN: I've got a PC running Windows.
  PRALINE: Does it scale?
  SYSADMIN: Not really, no.
  PRALINE: Well, it's scarcely a replacement, then is it?
  
  --
  John
3. Re:PININ' for the FJORDS?! by nlindstrom · 2010-03-10 14:22 · Score: -1
  
  If I had any mod points, I'd give them all to you. That was brilliant, absolutely brilliant! Well done!
4. Re:PININ' for the FJORDS?! by Anonymous Coward · 2010-03-10 16:27 · Score: 0
  
  Aw come on mods, the meter may be a tad off (I'm used to the audio-only version) but give this guy his props already.
  That was the best laugh I've had all week.
5. Re:PININ' for the FJORDS?! by L4t3r4lu5 · 2010-03-11 00:02 · Score: 3, Funny
  
  Excuse me for a moment, I have to go change my trousers.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
Zeus shall have his revenge! by ae1294 · 2010-03-10 13:12 · Score: 1

When the gods are at war it is us, mere mortals who suffer because of it. Ye best beware the Ides of March will soon be upon us!
1. Re:Zeus shall have his revenge! by Anonymous Coward · 2010-03-10 13:24 · Score: 0
  
  These guys? Ye gods! Help us!
2. Re:Zeus shall have his revenge! by ae1294 · 2010-03-10 13:50 · Score: 1
  
  These guys? Ye gods! Help us!
  What? no no, The God Mars isn't into that crap! Zeus is planing to fuck up Silverstein's concert this coming 15th down at the Jersey shore. You know, the post-hardcore band with that song, The Ides of March? It's track #3 on their full length studio album, Discovering the Waterfront. Mars really digs them, loves to get totally wasted, get in brutal fights and steal lose women from their punk-ass boyfriends while at their shows...
  Haven't you been keeping up with all this? We're talking about the Gods for Gods sake!
Windows again by straponego · 2010-03-10 13:28 · Score: -1, Flamebait

Once again, the summary and the linked article neglect to mention the vulnerable OS. Once again, it's Windows. I guess that goes without saying, but it really seems like there's a widespread agreement to refrain from mentioning Microsoft or Windows in articles on viruses and botnets. Seems to me that mentioning the targets, and how to secure them, would be integral to any such story. It could be one sentence and a link, fer chrissakes.
1. Re:Windows again by cdrguru · 2010-03-10 13:35 · Score: 5, Insightful
  
  The target is a "user". Anyone that doesn't understand system administration and security that is left alone with a computer can defeat anything that the OS does. If your grandma wants to install something like WeatherBug on Linux and the software to do this exists, she will succeed. If it requires root access and she has it, she will provide it in copious amounts for the malware application. Whatever is needed will be provided. Because she knows she wants to install this, for some utterly unknown reason.
  Now, if you have a computer that it is impossible for the user to install stuff on, well then you have a much more secure platform. Unfortunately, this requires an administrator for those cases where something is really needed and actually should be installed. Once the user and the administrator are the same person, you have just lost any semblance of security.
  99% of the Windows machines in homes out there do not have an administrator other than the user themselves. If these were magically replaced by Linux machines with the same administrator, this wouldn't solve anything. Sure, the user would need to do sudo or su in order to really screw things up, but if the application they thought they wanted to install asked for it, they would do it.
2. Re:Windows again by cortesoft · 2010-03-10 17:36 · Score: 3, Informative
  
  Now, if you have a computer that it is impossible for the user to install stuff on, well then you have a much more secure platform.
  What you have is a damn iPad
3. Re:Windows again by Anonymous Coward · 2010-03-10 19:30 · Score: 0
  
  What is there to do then? We started out at a level #1 where the mainframes had maintainers and users (scientists.) Decades passed and things went the other direction to #2. The "maintainers" are people who no longer touch our PC because we have it under lock and key under a desk. But they have "unplug" control... wasn't the ultimate control over a machine that same one where nobody but "us" controlled the hardware and OS passwords? Technically, #3 is the midpoint: a place where we just play around in a sandbox, and IT decides what we can do and when we can get permission, "for our own good." Having had all three choices, I sure as heck don't want #1, and users sure as heck don't want #3 either, because they want to call the shots ignorantly but with 100% of their own perceived control.
4. Re:Windows again by Macthorpe · 2010-03-10 21:49 · Score: 1
  
  Maybe it's because this is Slashdot, and everyone with half a brain knows that the malware writers target Windows almost exclusively. Whether this is because it's insecure or because of popularity, or otherwise, is up to the reader. None of the rest of us need that to be repeated over and over again to satisfy the sense of self-worth you get just because you don't use it.
  
  --
  "It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
5. Re:Windows again by Anonymous Coward · 2010-03-11 02:08 · Score: -1, Troll
  
  Because Windows has nothing to do with it you moron. Give your mom root and she'll fuck up her Linux box once more than 10 people use Linux so that malware actually gets written for it.
6. Re:Windows again by Anonymous Coward · 2010-03-11 04:22 · Score: 0
  
  Because Windows has nothing to do with it you moron. Give your mom root and she'll fuck up her Linux box once more than 10 people use Linux so that malware actually gets written for it
7. Re:Windows again by Anonymous Coward · 2010-03-11 12:42 · Score: 0
  
  "If these were magically replaced by Linux machines with the same administrator, this wouldn't solve anything. "
  Bla bla bla. The point is that RIGHT NOW you have 20 kazillion PC's infected with God knows what crap. So don't tell me that "there might be a problem in the future if we move to Linux"..... while RIGHT NOW we being swamped with shit.
8. Re:Windows again by Buelldozer · 2010-03-11 15:33 · Score: 1
  
  Or a properly configured terminal server. Or a WINDOWS PC joined to an Active Directory domain where the System Administrators know what they're doing. Or a Commodore 64.
  What you DON'T have is an iPad. The end user will still be able to install applications, even ones riddled with spyware, to an iPad just like they can to an iPhone and the iPod.
As will become more and more apparent... by cdrguru · 2010-03-10 13:29 · Score: 2, Insightful

The only way to truely combat cybercrime is to just cut the connection.
When you have a country that willingly harbors criminals - just because they are attacking someone else - the problem ceases to be one of law enforcement or diplomacy. Sure, you can try to send some cops over there and see what can be accomplished. For the most part, not much.
The key is that if Russia, Bulgaria, Romania or whereever wants to have "Internet freedom" for their citizens where they can do whatever they heck they want without any consequences, the only possible response is for everyone else on the planet to just agree to pull the plug.
Now, so far it has been impossible to make this happen. Nobody has cared enough because "well, it is just some virtual land called cyberspace." For the most part, law enforcement doesn't care if people are robbed in cyberspace - it isn't really their jurisdiction. There is no global cop that can go anywhere to track down cybercriminals, and in most of the world a request to please go down and arrest someone because they committed a crime somewhere else is met with guffaws and snickers. So as long as your local law enforcement was willing to turn a blind eye to your activities, you could pretty much get away with anything.
And believe me, in most of the world today, law enforcement has a lot better things to do than deal with any sort of computer crime. So there are zero consequences. Something a lot of people have learned over the last 15 years or so. Of course a few Unix geeks knew that since 1980 or so.
Now, if this sticks and if it can be repeated - both of which are highly doubtful - we might actually get somewhere in having some real consequences for bad actions on the Internet. But I suspect this will all be put back together next week (if not sooner) and there will continue to be zero consequences. Keep this in mind, because if you annoy someone enough on the Internet there is a chance they already know there are no consequences in most of the world. Lori Drew is a case in point. They really wanted to nail her for something, anything. But the rule of cyberspace wins out in the end. The physical world has real consequences, the virtual world has only virtual consequences.
1. Re:As will become more and more apparent... by Plekto · 2010-03-10 13:53 · Score: 2, Insightful
  
  The only way to truly combat cybercrime is to just cut the connection.
  What will end up happening is that there will be several chunks of the "Net". So Nigeria can do its own thing(as an example). There's absolutely nothing to keep other countries from yanking the plug on anyone that they want as soon as it crosses their borders. "We don't like you - get lost" seems like a fairly effective way, especially for countries that lack a proper satellite infrastructure and have to rely on optical and metal/copper wire connections to get in and out.
  Often this boils down to as few as 2-3 main optical cables. Cut those at the border and they're in the dark. People are exactly correct that this is a political problem. The countries of the world that have the power need to flex their muscles and deny those who don't police their own traffic adequately a chance to participate. Now, I'm all for freedom and all of that, but it's like having a town meeting and one guy in the back with Tourette's keeps screaming at the top of his lungs. Sensible people politely push him out the door, lock it, and proceed with the meeting.
  I bet even a week without any net in most countries would suddenly get a few thousand police mobilized and start kicking down doors. But as it is, without any stick, there's no incentive for them to do anything at all about it.
2. Re:As will become more and more apparent... by Culture20 · 2010-03-10 14:38 · Score: 1
  
  it's like having a town meeting and one guy in the back with Tourette's keeps screaming at the top of his lungs. Sensible people politely push him out the door, lock it, and proceed with the meeting.
  Sensible and caring people would muzzle him so that he could still listen and participate (via writing or sign language), you NARGIN FLARGIN WERTHERS CANDIES!
3. Re:As will become more and more apparent... by vajorie · 2010-03-10 14:43 · Score: 1
  
  When you have a country that willingly harbors criminals - just because they are attacking someone else - the problem ceases to be one of law enforcement or diplomacy. Sure, you can try to send some cops over there and see what can be accomplished. For the most part, not much.
  The key is that if Russia, Bulgaria, Romania or whereever wants to have "Internet freedom" for their citizens where they can do whatever they heck they want without any consequences, the only possible response is for everyone else on the planet to just agree to pull the plug.
  
  That sounds quite familiar but I cannot... Oh, wait!
4. Re:As will become more and more apparent... by Plekto · 2010-03-10 15:37 · Score: 1
  
  Sensible and caring people would muzzle him so that he could still listen and participate (via writing or sign language), you NARGIN FLARGIN WERTHERS CANDIES!
  Heh. But, seriously. They can't get internet, but they do have news feeds and newspapers and all of the non-digital technology at their disposal, so it IS a bit like they can effectively only listen to part of what's going on until they stop trying to ruin it for everyone else.
5. Re:As will become more and more apparent... by !eopard · 2010-03-10 18:12 · Score: 1
  
  Did you just advocate the ACTA, but on a much larger scale?
  
  --
  Boolean logic: True, False, and File not found.
6. Re:As will become more and more apparent... by RMH101 · 2010-03-10 21:43 · Score: 1
  
  It's not that no-one cares enough, it's just that there's a bigger picture. Countries benefit from international trading, and internet connectivity is part of that. The geopolitics here are bigger than just stopping spam. The US government isn't going to put a virtual trade embargo on a country just for spam, as the beenfits (either to the country or to the rulers of that country) outweighs the negatives by quite some margin.
7. Re:As will become more and more apparent... by oreaq · 2010-03-11 02:01 · Score: 2, Insightful
  
  The countries of the world that have the power need to flex their muscles and deny those who don't police their own traffic adequately a chance to participate.
  
  So you suggest our great leaders should cut every country from the internet that doesn't implement the terrorist-and-child-molester-stopping three strikes law? Politicians will abuse every power that we the people give them.
8. Re:As will become more and more apparent... by Plekto · 2010-03-11 04:30 · Score: 1
  
  Did you just advocate the ACTA, but on a much larger scale?
  Obviously not. But what exactly should we do when there is a known criminal element(remember this - it's kind of important) that is abusing and making the rest of us unsafe as well as so burdened by their activity that it actually is causing the entire Internet to nearly come to a screeching halt? Perhaps my previous example was wrong and I should have likened it to an outbreak of a disease. Of course you quarantine the area. If they won't do it themselves, you stop the flights and deny them entry at your borders. Each nation has a responsibility here to keep the Internet operating properly and without it being a burden to the rest of the planet. Or else they don't get to play.
  Remember, companies and corporations own the infrastructure, so as a last resort they can do what they did here and take action on their own. The normal "rules" that apply in the U.S. to public works and projects don't apply here since there isn't technically "freedom" of anything online. It's not a right, it's a privilege that you pay for, the same as a cell phone or a car. They are just currently not enforcing the fine print that you agree to when you get a connection. I'm 100% positive there's a clause against criminal and malicious behavior in the fine print.
  This is known and verified criminal behavior going on here and as such deserves a different response. People can go on and on about freedom like some wet behind the ears college student or pre-law wanna-be, but without someone physically putting a stop to it, all you end up with is a bunch of victims. So of course the public safety has to override other concerns in these cases. And this is what happens in real life as well. Some people might dislike the police, but we do need them, nonetheless.
  Since this is online and not some physical crime, though, it's not seen as a big deal in most of the world. So the only way to get the police in those countries to see it as something worth dealing with seems to be to put pressure on the governments that allow this criminal behavior. The easiest way is just to cut the connection until they adequately police their own criminals.
  P.S. I like the other comment:
  "So you suggest our great leaders should cut every country from the internet that doesn't implement the terrorist-and-child-molester-stopping three strikes law?"
  Um, what part of illegal and criminal isn't getting through? As much as I dislike these sorts of actions, what should we do? Remember, the Internet isn't a god-given right. It's a paid optional service that the provider has every right to deny you access to if you are doing illegal things with it. If it was me, there would be a 1 strike and we target your house from orbit rule for child molesters and child porn. Three strikes is already more than they deserve.
And these ISP's other customers...? by J'raxis · 2010-03-10 13:39 · Score: 3, Insightful

There seems to be an implication that Troyak and Group 3 were somehow complicit with all this botnet activity, yet no such claims are actually being explicitly made - just that the ISPs have been "associated" with these botnets, whatever that means.
Did these ISPs have legitimate customers who have now been cut off because of the criminals alongside them on the ISP's network? Was the ISP asked to deal with the situation first, and either ignored or refused such requests? If these ISPs were fronts for the botnet owners, where's the evidence? Did someone just think, oh, there are a bunch of bad guys on this ISP; let's cut the whole thing off and fuck the rest of their customers?
This action sounds like the IT equivalent of a government blowing up an entire city block because a couple terrorists are renting an apartment there.
If these ISPs have legitimate customers, hopefully they sue the hell out of the upstream for this.

--
Liberty in your lifetime
1. Re:And these ISP's other customers...? by wamatt · 2010-03-10 19:11 · Score: 2, Informative
  
  I find it very hard to believe the ISP was not aware. Depeering is a last resort when al other options have failed and the ISP has failed to respond or is unwilling to address the problem client.
2. Re:And these ISP's other customers...? by lhunath · 2010-03-10 19:14 · Score: 1
  
  Give parent a voice; mod up.
  
  --
  ``OK, so ten out of ten for style, but minus several million for good thinking, yeah?''
3. Re:And these ISP's other customers...? by clone53421 · 2010-03-11 01:37 · Score: 1
  
  When a botnet’s executable is contacting server xyz, and server xyz’s IP address belongs to you, damn right you will know about it, because if you don’t figure out on your own that you’re providing internet connectivity to a botnet control server, you’ll soon be notified by authorities and asked to cut the plug on the customer who’s running the server.
  All it takes is some antivirus/antimalware group to reverse-engineer the code and determine that yes, in fact, it IS using that server as a control node. There can be absolutely no excuse of the ISP not knowing about it.
  The problem is:
  the “authorities” who contact the ISP are from an entirely different country and can’t enforce anything;
  the local authorities don’t care and/or are profiting from the spam;
  the ISP doesn’t want to cut a paying customer.
  So nothing happens... unless the ISP’s neighbours simultaneously decide to start routing its packets to /dev/null. Which, effectively, is the nuclear option. You kill a lot of legitimate servers, and there’s not a whole lot you can do about it because when crooks are also providing legitimate services, killing off the crooks hurts the legitimate customers.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
4. Re:And these ISP's other customers...? by AVee · 2010-03-11 04:25 · Score: 1
  
  Did these ISPs have legitimate customers who have now been cut off because of the criminals alongside them on the ISP's network?
  Yes
  
  Was the ISP asked to deal with the situation first
  Yes
  
  , and either ignored or refused such requests?
  Yes
  
  If these ISPs were fronts for the botnet owners, where's the evidence?
  Probably not
  
  Did someone just think, oh, there are a bunch of bad guys on this ISP; let's cut the whole thing off and fuck the rest of their customers?
  Yes
  
  This action sounds like the IT equivalent of a government blowing up an entire city block because a couple terrorists are renting an apartment there.
  Maybe, but nobody died. A store which sells illegal drugs will be closed, even when they also sell legitimate stuff to legitimate customers. Is that excessive?
  
  If these ISPs have legitimate customers, hopefully they sue the hell out of the upstream for this.
  No, hopefully they will know better then to do business with an ISP which doesn't mind doing business with criminals. It's not like this wasn't public knowledge.
5. Re:And these ISP's other customers...? by AVee · 2010-03-11 04:27 · Score: 1
  
  The depeering was done by their upstream providers. They basically kicked their customer out and lost business by doing so. Believe me, they will have warned them in advance, more then once.
6. Re:And these ISP's other customers...? by Anonymous Coward · 2010-03-11 07:01 · Score: 0
  
  Oh, I'm sure they were complicit. Being in the network security line of work, I will state straight out that an ISP sufficiently incompetent so as to *not* know this was going on is also insufficiently competent to keep its network running, or maybe even to build one in the first place.
  Put that together with their location, which is friendly to that sort of thing - especially in exchange for cash - and the case for complicity is pretty well established. Heck, McColo was right here in the United States and while it had a few legit customers who got burned, McColo was established for the sole purpose of providing botnet C&C infrastructure. When major botnet operators are referred to as organized crime, that's no exaggeration. They are highly organized, have money, and are very skilled at building resilient infrastructure, including buying or building supportive ISPs and colo facilities.
7. Re:And these ISP's other customers...? by J'raxis · 2010-03-11 07:35 · Score: 1
  
  Maybe, but nobody died. A store which sells illegal drugs will be closed, even when they also sell legitimate stuff to legitimate customers. Is that excessive?
  Whereas my terrorism example is probably an exaggeration, your store example is an understatement. A store has customers who have no continuing contractual agreements with the store: You walk in, buy something, pay, walk out. Deal done. In the case of an ISP, the ISP has ongoing contractual obligations to their legitimate customers that have been stomped on by this take-down. Those customers had a term relationship that they paid for in advance, for months if not a year or more, and now that's been forcibly interfered with.
  A more apt analogy might be the government or some other entity coming in and forcibly evacuating an apartment building, barring all the tenants from re-entering their own homes, because one criminal rented from that landlord. Yes, I would consider that to be excessive.
  
  --
  Liberty in your lifetime
8. Re:And these ISP's other customers...? by dkf · 2010-03-11 21:22 · Score: 1
  
  Whereas my terrorism example is probably an exaggeration, your store example is an understatement. A store has customers who have no continuing contractual agreements with the store: You walk in, buy something, pay, walk out. Deal done. In the case of an ISP, the ISP has ongoing contractual obligations to their legitimate customers that have been stomped on by this take-down. Those customers had a term relationship that they paid for in advance, for months if not a year or more, and now that's been forcibly interfered with.
  That tends to come under the heading "Tough Shit". The upstream providers do not have any kind of responsibility to keep any of the customers of Trokak and Group 3 online; there's no contractual relationship between the two groups. The problem ISPs were told to clamp down on their evil customers or be disconnected, and refused to do anything about it. So the threat was carried out, and any legit customers affected should sue their provider for failing to take actions to keep them online.
  To put it another way. If you have a contract with Troyak (picking one name for clarity) to get service, why should that be binding on the upstream provider? They don't know you exist. It's Troyak's responsibility to get connectivity to service their contract with you; if Troyak failed to do it (by being at the very least asshats) then they carry the can for failing to satisfy their contract with you. And the upstream provider will have an AUP that lets them terminate their customers (not you, Troyak et al) for excessive scumbagness that impacts their other customers.
  If you're impacted by this, it's time to fire up the lawyers. And change ISP.
  
  --
  "Little does he know, but there is no 'I' in 'Idiot'!"
9. Re:And these ISP's other customers...? by J'raxis · 2010-03-15 09:12 · Score: 1
  
  Yes---and you send the lawyers after the upstream, not your own ISP:
  
  Tortious interference with contract rights can occur where ... the tortfeasor disrupts the ability of one party to perform his obligations under the contract, thereby preventing the plaintiff from receiving the performance promised.
  
  --
  Liberty in your lifetime
No Longer Vigilantism? by IonOtter · 2010-03-10 13:47 · Score: 1

In the past, when this sort of thing has been suggested, the cries of "vigilante" and "lawlessness" were cried from the highest mountaintops, and the lowest swamps of the Internet. And anyone who actually DID anything was pilloried and run out of town on a rail.
[sarcasm] What changed, I wonder? [/sarcasm]
Now that the losses are in the hundreds of millions, in several dozen different currencies, those same voices seem to have lost their enthusiasm.

--
[End Of Line]
1. Re:No Longer Vigilantism? by Anonymous Coward · 2010-03-10 14:12 · Score: 2, Informative
  
  The Internet Death Penalty is older than Slashdot and even older than some Slashdot users. The internet is based on huge number of peering agreements, agreements which can be made, changed and terminated. The structure of the internet changes all the time. Take a look at the BGP updates if this interests you. One of the reasons for depeering is "you're causing us too much trouble, so we don't want your business anymore." Then the shunned ISP has to find another uplink. Sometimes no other ISP wants to act as uplink for an ISP with a bad reputation and the bad ISP can't get back online. That's the IDP. There's nothing lawless or vigilante about it.
2. Re:No Longer Vigilantism? by John+Hasler · 2010-03-10 14:40 · Score: 1
  
  It isn't "vigilantism" to choose to cease doing business with someone. If these ISPs feel that there was a breach of contract they can sue.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Beowulf cluster by nacturation · 2010-03-10 13:52 · Score: 2, Insightful

36% of their highly redundant infrastructure was made unavailable, leaving 64% of the control servers online and fully capable of servicing the millions of bots under its control.

--
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
YRO by bl8n8r · 2010-03-10 14:02 · Score: 0

Nobody likes to see crooks get away with being crooks but keep in mind if you are championing the forced removal of content like this, then you are also championing the removal of any content deemed objectionable by a governing body.

--
boycott slashdot February 10th - 17th check out: altSlashdot.org
1. Re:YRO by Anonymous Coward · 2010-03-10 14:11 · Score: 2, Insightful
  
  Nobody likes to see crooks get away with being crooks but keep in mind if you are championing the forced removal of content like this, then you are also championing the removal of any content deemed objectionable by a governing body.
  Please drop the strawman and move away slowly.
  Botnets are NOT content.
2. Re:YRO by Dan541 · 2010-03-10 15:42 · Score: 1
  
  Absolutely, at the end of the day I would rather just deal with a few more spam emails.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
3. Re:YRO by dotancohen · 2010-03-10 20:25 · Score: 2, Funny
  
  Botnets are NOT content.
  They are after a cigarette.
  
  --
  It is dangerous to be right when the government is wrong.
4. Re:YRO by jpate · 2010-03-11 01:04 · Score: 1
  
  mos' def
5. Re:YRO by clone53421 · 2010-03-11 01:40 · Score: 1
  
  What exactly do you think was located on the control servers that they killed?
  Content.
  It’s not a strawman fallacy. It’s a slippery slope fallacy. Get your fallacies straight, man.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
The same way Turkey took down YouTube by tlambert · 2010-03-10 18:14 · Score: 1

The same way Turkey took down YouTube
By pushing bogus BGP packets to the backbone routers you have access to. Only the routers the people who dislike botnets have administrative control over are not just inside Turkey.
-- Terry
1. Re:The same way Turkey took down YouTube by mikael_j · 2010-03-10 19:30 · Score: 1
  
  I believe you're thinking of Pakistan.
  
  --
  Greylisting is to SMTP as NAT is to IPv4
... in the meantime... by GNUPublicLicense · 2010-03-11 04:14 · Score: 2, Interesting

... hundreds of bot nets were created... but they got 1, they are happy.
LOL Windows as Secure as Linux by Anonymous Coward · 2010-03-13 18:58 · Score: 0

cdguru
You are not vary familiar with Linux I hope or work in Redmond WA at worst. There are exactly 0 Linux viruses in the wild to catch. In linux most user aimed distros install with no server based services by default unlike Windows which has the "server" service going just fine so when I bang with Medusa on your little windows network I WILL GET A PASS FROM SOME DAMN BOX and then its game over for your whole windows LAN most likely. A little sniffin and a little pasing the hash around and every damn box will get pwned in no time. It just is not that easy against a linux network.
Windows puts profit and control far above your safety and they like it that way as it supports their "CERTIFIED PARTNERS" like Norton's ( the worst AV that due to ad dollars spent some IT think is good, Hell last thing Symantech made was defrag and that was in the last century ). So for the people who are too stupid to use anything but point and click "Your screwed" try not to go many places or just pay geeksquad 200$ to "Fix" it everytime your kid is surfin for the pron.
For the rest of us lucky few thank god there are other options