Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Srizbi Botnet Servers Flee To Estonia » Possible defense?
Search Topic:
Uniqs:
41		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
What took them so long? »
AuthorAll Replies

kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH

Possible defense?

If the algorithm for the domains has been cracked, an enterprising security firm could register up the next few batches of domains, use them to take control of the botnet, and distribute an "update" that removes (or at least shuts down) the malware from the victim's systems.
--
To ISPs: Leave our ports alone! If I want ports blocked, I'll do it myself, thank you.
to forum · permalink · · 2008-11-28 10:32:55 · Reply to this


fireflier
Coffee. . .Need Coffee
Premium
join:2001-05-25
Limbo
·Skype
said by kpatz See Profile :

If the algorithm for the domains has been cracked, an enterprising security firm could register up the next few batches of domains, use them to take control of the botnet, and distribute an "update" that removes (or at least shuts down) the malware from the victim's systems.
Some kinda thought of that, but not so much to disable the bots, more to prevent registration of the next domains they'd be looking for:

»www.theregister.co.uk/2008/11/26···om_dead/

"For weeks, the researchers were able to thwart the emergency backup measure by generating the domain names such as qpqduqud.com themselves and then snapping up the addresses ahead of the bad guys. The cat-and-mouse standoff ended this week after FireEye researchers decided they could no longer afford to spend the money buying the domains."

But, as you pointed out, it would be nice if they could use that vulerability to disable the bots. . .
--
Tradition: Just because you've always done it that way doesn't mean it's not incredibly stupid. --despair.com
to forum · permalink · · 2008-11-28 11:43:04 · Reply to this


RARPSL

join:1999-12-08
Suffern, NY
said by fireflier See Profile :

"For weeks, the researchers were able to thwart the emergency backup measure by generating the domain names such as qpqduqud.com themselves and then snapping up the addresses ahead of the bad guys. The cat-and-mouse standoff ended this week after FireEye researchers decided they could no longer afford to spend the money buying the domains."
There is a simple solution to that issue of cost. Have the names (for the next year) put on a banned list so they can not be registered). There is no need to PAY for them (the registrar can eat the minimal cost as a contribution to the SPAM/BOT fight).
to forum · permalink · · 2008-11-28 12:28:42 · Reply to this
-
Forums » Srizbi Botnet Servers Flee To EstoniaWhat took them so long? »

Monday, 09-Nov 19:55:18 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [68] VoIP Over 3G Still Not Working For iPhone
· [57] Verizon Keeps Swinging At AT&T
· [32] Bill Would Force ISPs To Block Financial Scams
· [16] Mediacom Hints At 50, 100 Mbps Speeds
· [12] Clearwire To Get Another $1.5 Billion
· [9] 15 States Have Now Gotten Broadband Mapping Money
· [5] AT&T Launching New 7.2 Mbps 3G Modem
· [1] Monday Morning Links
Most people now reading
· Google Has Acquired Gizmo5 [VOIP Tech Chat]
· Divorce advice... [General Questions]
· How in the world am I going to get into college? [General Questions]
· My cat is reluctant to exercise. [General Questions]
· Framed for child porn 151; by a PC virus [Security]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· 60 Minutes piece on cyber security last night [Security]
· Blown out Ballasts [Home Repair & Improvement]
· [SU] Apple Releases Mac OS X 10.6.2 [All Things Macintosh]
· A fishy CRTC tarriff filed by bell? [TekSavvy]