Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Srizbi Botnet Servers Flee To Estonia » Possible defense?
Uniqs:
45		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
What took them so long? »
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH

Possible defense?

If the algorithm for the domains has been cracked, an enterprising security firm could register up the next few batches of domains, use them to take control of the botnet, and distribute an "update" that removes (or at least shuts down) the malware from the victim's systems.
--
To ISPs: Leave our ports alone! If I want ports blocked, I'll do it myself, thank you.
permalink · 2008-11-28 10:32:55 · Reply to this

fireflier
Coffee. . .Need Coffee
Premium
join:2001-05-25
Limbo
·Skype

Re: Possible defense?

said by kpatz See Profile :

If the algorithm for the domains has been cracked, an enterprising security firm could register up the next few batches of domains, use them to take control of the botnet, and distribute an "update" that removes (or at least shuts down) the malware from the victim's systems.
Some kinda thought of that, but not so much to disable the bots, more to prevent registration of the next domains they'd be looking for:

»www.theregister.co.uk/2008/11/26···om_dead/

"For weeks, the researchers were able to thwart the emergency backup measure by generating the domain names such as qpqduqud.com themselves and then snapping up the addresses ahead of the bad guys. The cat-and-mouse standoff ended this week after FireEye researchers decided they could no longer afford to spend the money buying the domains."

But, as you pointed out, it would be nice if they could use that vulerability to disable the bots. . .
--
Tradition: Just because you've always done it that way doesn't mean it's not incredibly stupid. --despair.com
permalink · 2008-11-28 11:43:04 · Print · Reply to this

RARPSL

join:1999-12-08
Suffern, NY

Re: Possible defense?

said by fireflier See Profile :

"For weeks, the researchers were able to thwart the emergency backup measure by generating the domain names such as qpqduqud.com themselves and then snapping up the addresses ahead of the bad guys. The cat-and-mouse standoff ended this week after FireEye researchers decided they could no longer afford to spend the money buying the domains."
There is a simple solution to that issue of cost. Have the names (for the next year) put on a banned list so they can not be registered). There is no need to PAY for them (the registrar can eat the minimal cost as a contribution to the SPAM/BOT fight).
permalink · 2008-11-28 12:28:42 · Print · Reply to this
Forums » Srizbi Botnet Servers Flee To EstoniaWhat took them so long? »

Thursday, 03-Dec 11:06:00 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [162] Comcast Releasing Promised Usage Meter
· [118] Avast Antivirus Has Gone Mad
· [103] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [80] Latest Consumer Reports Survey Not Kind To AT&T
· [70] Baltimore To Ban Lazy Cable Installs
· [63] Broadband Killed The Game Console
· [55] Rogers Unveils The ISP Dream Model
· [47] ACTA: Global Three Strikes
· [44] Comcast Makes NBC Universal Acquisition Official
· [42] Cable Industry's 'Adoption Plus': Altruism Or PR Stunt?
Most people now reading
· False positive in Avast! or is it real? [Security]
· [TWC] Audio/Video outage in Brooklyn [Time Warner Cable TV/Voice]
· [Rant] Disrespect of PTO [Rants, Raves, and Praise]
· Quality/longevity of 15A 120V receptacles [Home Repair & Improvement]
· outdoor to indoor conduit power run [Home Repair & Improvement]
· Many Sites Unreachable [Rogers]
· PVP in wow today [World of Warcraft]
· Options if ACTA is ratified [TekSavvy]
· crack in trane xe80 heater exchange? [Home Repair & Improvement]
· Working in a Stairwell and Surrounding High Walls [Home Repair & Improvement]