Slashdot Mirror
New Round of Server Take-Downs Fells Grum Botnet
judgecorp writes "The Grum botnet has been finally put out of action by a co-ordinated international effort. After Dutch servers were taken out, the remaining C&C servers in Russia and Panama were removed, with help from ISPs and their upstream providers."
Great that they finally kill a bot-net, I hope this is an example how "easy" it can be to do it. Now it would be even better if they'd somehow warned the infected PCs, or maybe take them down. Most people will not even realize their PC is infected, and don't have a clue how to do something about it.
This is *NOT* easy. Botnets can be made very resilient and there is no reason to assume that it will always be possible to take them down. Peer to peer systems are very hard to take down. Except for simple worms, it is often only bugs that allow one to take control.
Also, there are *HUGE* issues in doing something to clean up the infected machines. Doing anything to them is a huge risk as there is no way to tell what critical functions these computers may be doing and how a patch will interfere with this. The 'but they were already infected' argument sounds nice in theory, but doesn't really work in practice because it is so hard to tell what will happen. In addition, there is a risk of making people get used to remote clean-up actions and fall for fake anti-virus scams even more.
Great that they finally kill a bot-net, I hope this is an example how "easy" it can be to do it. Now it would be even better if they'd somehow warned the infected PCs, or maybe take them down. Most people will not even realize their PC is infected, and don't have a clue how to do something about it.
Look, maybe for you botnets are "easy". Some of us just don't have that natural charm. Getting one to go down takes money, effort, and patience. Dinner, Broadway, drinks, those things aren't cheap!
Everything is better with chainsaws.
aka HijackMyPC?? or CleanOutMyWallet??
there are now some very effective FREE methods to clean a PC (Windows Defender Offline is one of them)
and with WSUSoffline and Ninite even doing a Nuke And Pave is relatively easy.
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Nice to see someone else using WSUSOffline and Ninite, its a great one two punch when it comes to quickly whipping a machine back into shape.
And the problem with the authorities doing anything about infected PCs is thus: Already too many fall for the "ZOMG U got teh viruz! Run "Iz_not_Viruz_Iz_Security_Tool to clean ur machine ZOMG!" trick as it is, if the authorities actually DO start popping up helpful tips and cleaning machines remotely it'll just make it that much easier for those using Security tool and AV20XX variants to pwn more systems.
A better answer would be for the ISPs to be able to contact the customers directly about this but even then I'm leery as I've dealt with ISPs in the past that used "You must be infected" as a catch all excuse to weasel out of actually giving you what you paid for as far as bandwidth. The last one of those i dealt with I walked in with my Xandros Business laptop and said "Okay Sparky, show me the virus on this laptop" and the retard actually tried to install Norton from a home burnt disc onto a Linux laptop!
In the end all you can do is try to educate users as best you can and realize that no matter how well you harden your systems, and Win Vista and Win 7 with UAC and a decent AV can actually be pretty damned good, you'll always have the dancing bunnies problem that frankly NO OS can cure.
ACs don't waste your time replying, your posts are never seen by me.
I was getting around 20 spams a day. I only got one real spam today so far... So I'm thankful for our bot-killing overlords.