Slashdot Mirror
New Round of Server Take-Downs Fells Grum Botnet
judgecorp writes "The Grum botnet has been finally put out of action by a co-ordinated international effort. After Dutch servers were taken out, the remaining C&C servers in Russia and Panama were removed, with help from ISPs and their upstream providers."
Great that they finally kill a bot-net, I hope this is an example how "easy" it can be to do it. Now it would be even better if they'd somehow warned the infected PCs, or maybe take them down. Most people will not even realize their PC is infected, and don't have a clue how to do something about it.
This is *NOT* easy. Botnets can be made very resilient and there is no reason to assume that it will always be possible to take them down. Peer to peer systems are very hard to take down. Except for simple worms, it is often only bugs that allow one to take control.
Also, there are *HUGE* issues in doing something to clean up the infected machines. Doing anything to them is a huge risk as there is no way to tell what critical functions these computers may be doing and how a patch will interfere with this. The 'but they were already infected' argument sounds nice in theory, but doesn't really work in practice because it is so hard to tell what will happen. In addition, there is a risk of making people get used to remote clean-up actions and fall for fake anti-virus scams even more.
Great that they finally kill a bot-net, I hope this is an example how "easy" it can be to do it. Now it would be even better if they'd somehow warned the infected PCs, or maybe take them down. Most people will not even realize their PC is infected, and don't have a clue how to do something about it.
Look, maybe for you botnets are "easy". Some of us just don't have that natural charm. Getting one to go down takes money, effort, and patience. Dinner, Broadway, drinks, those things aren't cheap!
Everything is better with chainsaws.
as they will need to find somewhere else to host their honey's!
aka HijackMyPC?? or CleanOutMyWallet??
there are now some very effective FREE methods to clean a PC (Windows Defender Offline is one of them)
and with WSUSoffline and Ninite even doing a Nuke And Pave is relatively easy.
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Nice to see someone else using WSUSOffline and Ninite, its a great one two punch when it comes to quickly whipping a machine back into shape.
And the problem with the authorities doing anything about infected PCs is thus: Already too many fall for the "ZOMG U got teh viruz! Run "Iz_not_Viruz_Iz_Security_Tool to clean ur machine ZOMG!" trick as it is, if the authorities actually DO start popping up helpful tips and cleaning machines remotely it'll just make it that much easier for those using Security tool and AV20XX variants to pwn more systems.
A better answer would be for the ISPs to be able to contact the customers directly about this but even then I'm leery as I've dealt with ISPs in the past that used "You must be infected" as a catch all excuse to weasel out of actually giving you what you paid for as far as bandwidth. The last one of those i dealt with I walked in with my Xandros Business laptop and said "Okay Sparky, show me the virus on this laptop" and the retard actually tried to install Norton from a home burnt disc onto a Linux laptop!
In the end all you can do is try to educate users as best you can and realize that no matter how well you harden your systems, and Win Vista and Win 7 with UAC and a decent AV can actually be pretty damned good, you'll always have the dancing bunnies problem that frankly NO OS can cure.
ACs don't waste your time replying, your posts are never seen by me.
i can only say,Go get a life.
as long as google packaging is re-cycleable,who,apart from a few, sad,lonely people,who is gives a toss?
does google pack keep out dust and dirt etc better than apple packing?
Finally after all these years, they get around to working together to bring down the botnets.....should have started this years ago and saved many companies a lot of bandwidth, but atleast they are starting....if they can keep it going, until there is almost no spam, that would be great.
If they wanted to take down the infected pc, they could incorporate a pay per email system, and cap it at 50$ per month max....from your ISP, you would then get the bill, and wonder why u r charged, they would tell you how much spam you sent out...
and you would realise you are infected...you could continue, but next month would be the same bill.....this would allo you to decide to fix/clean your pc yourself before coming back unto the web......
this would also let ms know just how good or bad their products are, because it would not be long before everyone with all the updates and anti virus and windows 7 latest, would still complain about that or start a class action lawsuit and and just stop using ms altogether... :)
I was getting around 20 spams a day. I only got one real spam today so far... So I'm thankful for our bot-killing overlords.
This is good but needs to be followed up with prosecutions. Or at the very least, issue enough foreign indictments that these jokers will think twice before stepping on an international flight. Though nothing will ever be perfect, this needs to be fought both technically and as crimes.
This is *NOT* easy. Botnets can be made very resilient and there is no reason to assume that it will always be possible to take them down. Peer to peer systems are very hard to take down. Except for simple worms, it is often only bugs that allow one to take control.
Also, there are *HUGE* issues in doing something to clean up the infected machines. Doing anything to them is a huge risk as there is no way to tell what critical functions these computers may be doing and how a patch will interfere with this. The 'but they were already infected' argument sounds nice in theory, but doesn't really work in practice because it is so hard to tell what will happen. In addition, there is a risk of making people get used to remote clean-up actions and fall for fake anti-virus scams even more.
Huh? We don't want to try to do remote cleanup of these machines. Simply disconnect them from the net, and notify the owner that they are disconnected until they fix the infection.
There is no 'huge risk' because no single machine on the net is critical. Important for somebody perhaps, but if so - they will be real quick about fixing the box. They may even have a backup machine in case their primary fails. It is not so much how important the machine is for them - it is how important an Internet with fewer botnets and less spam is for everybody else.
Remote cleanup is dangerous, often impossible, and a lot of work when doable. Let the owner handle the hassle of cleaning the machine - they also know if the machine is important and what it is supposed to be doing.
I'm curious as to what method you would propose, specifically to accomplish what you are advocating?
These days, many (if not most) computers connect to the net via NAT with a more-or-less unattended DHCP configured. In that circumstance, the ISP will have no-way to determine WHICH computer connected to the NAT'd network is responsible, so do they then wipe an entire network off the 'net?
Hard to imagine an ISP would be interested in taking entire corporate networks offline because there's an infected machine sending spam out... ...and that scenario is just an off-the-top-of-my-head example of the difficulties with your suggestion, I'm sure there are plenty of others.
I'm just saying, it's not so simple as you suggest either....
-AC