Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Srizbi Botnet Servers Flee To Estonia » Possible defense?
Search Topic:
Uniqs:
43		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
What took them so long? »
AuthorAll Replies
-


RARPSL

join:1999-12-08
Suffern, NY

reply to fireflier
Re: Possible defense?

said by fireflier See Profile :

"For weeks, the researchers were able to thwart the emergency backup measure by generating the domain names such as qpqduqud.com themselves and then snapping up the addresses ahead of the bad guys. The cat-and-mouse standoff ended this week after FireEye researchers decided they could no longer afford to spend the money buying the domains."
There is a simple solution to that issue of cost. Have the names (for the next year) put on a banned list so they can not be registered). There is no need to PAY for them (the registrar can eat the minimal cost as a contribution to the SPAM/BOT fight).
to forum · permalink · · 2008-11-28 12:28:42 · Reply to this


fireflier
Coffee. . .Need Coffee
Premium
join:2001-05-25
Limbo
·Skype

reply to kpatz
said by kpatz See Profile :

If the algorithm for the domains has been cracked, an enterprising security firm could register up the next few batches of domains, use them to take control of the botnet, and distribute an "update" that removes (or at least shuts down) the malware from the victim's systems.
Some kinda thought of that, but not so much to disable the bots, more to prevent registration of the next domains they'd be looking for:

»www.theregister.co.uk/2008/11/26···om_dead/

"For weeks, the researchers were able to thwart the emergency backup measure by generating the domain names such as qpqduqud.com themselves and then snapping up the addresses ahead of the bad guys. The cat-and-mouse standoff ended this week after FireEye researchers decided they could no longer afford to spend the money buying the domains."

But, as you pointed out, it would be nice if they could use that vulerability to disable the bots. . .
--
Tradition: Just because you've always done it that way doesn't mean it's not incredibly stupid. --despair.com
to forum · permalink · · 2008-11-28 11:43:04 · Reply to this

kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH

 If the algorithm for the domains has been cracked, an enterprising security firm could register up the next few batches of domains, use them to take control of the botnet, and distribute an "update" that removes (or at least shuts down) the malware from the victim's systems.
--
To ISPs: Leave our ports alone! If I want ports blocked, I'll do it myself, thank you.
to forum · permalink · · 2008-11-28 10:32:55 · Reply to this
Forums » Srizbi Botnet Servers Flee To EstoniaWhat took them so long? »

Sunday, 29-Nov 10:01:16 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [74] Verizon CEO: Hulu Will Be Dead Soon
· [74] Weekend Open Thread
· [69] In-Flight Internet Headed For Bumpy Landing?
· [62] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· Anyone have a problem [Software]
· Evading throttling with uTP / uTorrent 1.9a [TekSavvy]
· [Beta] Office 2010 Beta (Wow) [Microsoft Help]
· ToC 4th boss - Preliminary Strategy for Twin Valkyr [World of Warcraft]
· [Snow Leopard] NFS Mounts - no more Directory Utility [All Things Macintosh]
· Surfers beware !!! [TekSavvy]
· [music] Top 40 anyone? [56k Lookout (Broadband Heavy)]