Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Cripple Pushdo Botnet

Posted by timothy on from the nothing-wrong-with-the-word-cripple dept.

Trailrunner7 writes with this from ThreatPost: "Researchers have made a huge dent in the Pushdo botnet, virtually crippling the network, by working with hosting providers to take down about two thirds of the command-and-control servers involved in the botnet. Pushdo for years has been one of the major producers of spam and other malicious activity, and researchers have been monitoring the botnet and looking for ways to do some damage to it since at least 2007. Now, researchers at Last Line of Defense, a security intelligence firm, have made some serious progress in crushing the botnet's spam operations. After doing an analysis of Pushdo's command-and-control infrastructure, the researchers identified about 30 servers that were serving as C&C machines for the botnet. Working with the hosting providers who maintained the servers in question, the LLOD researchers were able to get 20 of the C&C servers taken offline, the company said."

6 of 129 comments (clear)

  1. Legal hacking? by Creepy+Crawler · · Score: 4, Interesting

    I wonder if the courts would issue an order that would legalize hacking of unstoppable network computers to prevent ongoing attacks?

    Other normally illegal tactics can be utilized legally, if a judge deems them necessary or in a court of law. You know, 1st degree murder vs E-Chair?

    --
    1. Re:Legal hacking? by FriendlyLurker · · Score: 4, Interesting

      If it hasn't happened already - how long before they control the biggest botnets on the block (they being "security intelligence firm's"), to meet the Cyber-defense budget laid down by American taxpayers. Personally I prefer to setup a few spam filters on my servers over having Goverments use their shady "security intelligence firm's" to take websites like wikileaks offline.

    2. Re:Legal hacking? by WrongSizeGlass · · Score: 3, Interesting

      I'm sorry to be the one to tell you this, but your little 'story' is very reminiscent of the ABC After School Special "When Good Dogs Do Bad Things (And Hard Time) For Good Reasons". Be on the look out for a little 'invitation' to a court party being held in your honor thrown by the ASSAA and their affiliated legal teams. ;-)

  2. I would love to see... by ysth · · Score: 5, Interesting

    I would love to see stories like this publishing a full list of the providers who didn't take down a server.

    1. Re:I would love to see... by mysidia · · Score: 3, Interesting

      So would I like to see that.

      So I could switch to those providers, and know they wouldn't be messing with my server without talking to me just because some er "researcher" decided they thought the server might be some sort of C&C

      I imagine there could be some legal concerns of the researchers were to publish such a list... it might seem like extortion "Take down that server, or we'll publish your name!"

      Or it might attract more business to those providers.. the, er, bad guys, would also know some go-to providers [not that they don't already]

  3. Re:Unresponsive providers might be more likely... by FlyingGuy · · Score: 4, Interesting

    This reminds of a story that may be more tech myth and legend and if it is not true it should be and it goes something like this:

    Back in the early days of the net when the major interconnects were MAE East and MAE West and other interconnect points had not been established almost everything routed through these two points.

    So the story goes that there was a tech who dutifully monitored the system during his shift. He had noticed that someone from another country was trying to get access to files on a certain server at major university. Now he was curious because he saw the same attempts over and over again over a rather long period of time. Now since we all forget password or thing we know them and then try and try without success this is not that unusual and normally after fumbling around we will just contact the machines owner and ask for the correct password. Now in those days it was still a relatively small group of folks so there were not a whole lot of questions asked.

    But the tech in question started noticing the pattern was limited to times when the people attending these machines would not be there.

    So he sent off an e-mail to the admins he knew and they had not been requested to change or provide any passwords.

    So our intrepid tech sent off an e-mail to the administrators of the location of the seeming intruder and asked that they have him stop. Well the admins said that it was really none of their business anyway and being in a foreign country our admin had no say over what anyone there did. The long and short of it was that the apparent intruder kept it up.

    So one night our intrepid admin had had enough, so he did what he thought might get peoples attention. He simply unplugged the cable that was the source of the problem and effectively disconnecting an entire country from MAE West!

    Well in a few hours phones started ringing into MAE West asking questions and trying to figure out what was wrong? He told them he had asked, many time for the admins of the network that the rude behavior was originating from to kindly ask the owner of the machine to stop and had been rudely rebuffed to say the least.. He also said when the attempted intrusions stop, he would plug them back in. To say the least they stopped in fairly short order and he plugged them back in.

    Now that is a bit far flung because I doubt there is any one cable that could disconnect an entire country but I am pretty sure you could simply route class A's to /dev/null. Perhaps that what it will take to get ISP's to get serious. Just pull their plug until they behave. Everyone peers in someplace so it should not be that hard to go and find that Ethernet cable and simply unplug it and leave it dangling until their behavior changes/

    --
    Hey KID! Yeah you, get the fuck off my lawn!