Slashdot Mirror
Researchers Cripple Pushdo Botnet
Trailrunner7 writes with this from ThreatPost: "Researchers have made a huge dent in the Pushdo botnet, virtually crippling the network, by working with hosting providers to take down about two thirds of the command-and-control servers involved in the botnet. Pushdo for years has been one of the major producers of spam and other malicious activity, and researchers have been monitoring the botnet and looking for ways to do some damage to it since at least 2007. Now, researchers at Last Line of Defense, a security intelligence firm, have made some serious progress in crushing the botnet's spam operations. After doing an analysis of Pushdo's command-and-control infrastructure, the researchers identified about 30 servers that were serving as C&C machines for the botnet. Working with the hosting providers who maintained the servers in question, the LLOD researchers were able to get 20 of the C&C servers taken offline, the company said."
I would love to see stories like this publishing a full list of the providers who didn't take down a server.
Don't know if you got the memo, but the feds pay others to do the dirty work for them.
Fed: "Wanna work with the FBI, Fido? Wanna help us catch bad guys?"
Snitch: "Yeahyeahyeahyeahyeahyeah!
Fed: "There's an athiest group that looks suspicious. I think they're laundering money to fund their picnics. You need to infiltrate them, earn their trust, and if you don't find anything make something up so we have a good excuse to raid their headquarters. You will get a pat on the head and a nice, big doggy bone if we get convictions. Snitch: "Yeahyeahyeahyeahyeah!
[ Months later, a number of the atheist group's members are arrested for child pornography for unwittingly having nude pics of their 17 year-old sons and daughters who kept them stored "privately" in facebook ]
Fed: "Bad news, Fido. The D.A. wants to charge you with computer crimes. You're expected to do 5 years in the pen."
Snitch: *whimper*
Fed: "It's okay, you helped us save the children. Just suck it up and don't drop the soap."
Wait, so I wont be getting any more exciting opportunities to add inches to my penis? What about all that steady income I was getting helping out Nigerian bankers!?!? How am I going to feed my family and satisfy my wife?
Unresponsive providers might be more likely to respond if responsive parties who controlled upstream routers were to stop routing traffic from them.
All traffic.
There's no legal authority for the courts to order such actions. Even execution orders are authorized by the legislative body, approved by the chief executive, and carried out by subordinates to the executive (subject to the lack of intervention by the judicial body). Any offensive action against spammers/hackers would require a similar path.
You can never go home again... but I guess you can shop there.
I'm proposing that people deal with their own dirty laundry, and if they won't, that the people above them do. For example if I am causing a problem, my ISP will call me and say "Hey fix your shit." Happened many years ago, a roommate got a virus on his computer. They called me, I turned it off, life was good. Should I refuse, however, the ISP would have shut down my line. They were not interested in sending out viruses all over the place.
What I'm proposing is that the big bandwidth providers take the same attitude. If some hosting provider has systems doing evil, you contact them. However if they refuse to deal with it, you can then contact the big providers. They can check, if evil is going on they warn the company. If it doesn't stop, they shut down the links.
I fail to see a problem here. Such a thing wouldn't be done capriciously because it is against a business's best interest. If a customer is paying money and not causing problems of course they want to keep the connection active. They don't want to turn it off for fun (and probably break the contract).
All lines have AUPs, even big ones. I just think they need a mechanism to allow for complaints and enforcement, and something that is less severe than a total disconnection. Rather than something having to get to the "You cause so much trouble you are in violation of the contract and we stop selling service to you," point instead they can say "You've refused to deal with complaints so you are blocked, fix your shit and promise to listen in the future and we turn you back on."
The reason I want to see this is first because I want less shit on the net, but also because with many things you find you either self regulate or the government will regulate you. What happens if instead the US government, or a council at the UN gains complete regulatory power and can tell providers who to shut down? I'd much rather have it as a self regulating system.
It works well for ISPs, and most ISPs do it. As I said, as a university we are an ISP and we do just that. We investigate and respond to claims of malicious network activity. However, we need a higher level to deal with the ISPs that won't respond to the complaints.