Possible defense? in http://www.dslreports.com/forum/r21496386 en Tue, 01 Dec 2009 10:26:37 EDT Tue, 01 Dec 2009 10:26:37 EDT Re: Possible defense? http://www.dslreports.com/forum/remark,21496836 RARPSL :
said by fireflier See Profile :

"For weeks, the researchers were able to thwart the emergency backup measure by generating the domain names such as qpqduqud.com themselves and then snapping up the addresses ahead of the bad guys. The cat-and-mouse standoff ended this week after FireEye researchers decided they could no longer afford to spend the money buying the domains."
There is a simple solution to that issue of cost. Have the names (for the next year) put on a banned list so they can not be registered). There is no need to PAY for them (the registrar can eat the minimal cost as a contribution to the SPAM/BOT fight).]]> http://www.dslreports.com/forum/remark,21496836 Fri, 28 Nov 2008 12:28:42 EDT Re: Possible defense? http://www.dslreports.com/forum/remark,21496660 fireflier :
said by kpatz See Profile :

If the algorithm for the domains has been cracked, an enterprising security firm could register up the next few batches of domains, use them to take control of the botnet, and distribute an "update" that removes (or at least shuts down) the malware from the victim's systems.
Some kinda thought of that, but not so much to disable the bots, more to prevent registration of the next domains they'd be looking for:

»www.theregister.co.uk/2008/11/26···om_dead/

"For weeks, the researchers were able to thwart the emergency backup measure by generating the domain names such as qpqduqud.com themselves and then snapping up the addresses ahead of the bad guys. The cat-and-mouse standoff ended this week after FireEye researchers decided they could no longer afford to spend the money buying the domains."

But, as you pointed out, it would be nice if they could use that vulerability to disable the bots. . .
--
Tradition: Just because you've always done it that way doesn't mean it's not incredibly stupid. --despair.com]]> http://www.dslreports.com/forum/remark,21496660 Fri, 28 Nov 2008 11:43:04 EDT Possible defense? http://www.dslreports.com/forum/remark,21496386 kpatz : If the algorithm for the domains has been cracked, an enterprising security firm could register up the next few batches of domains, use them to take control of the botnet, and distribute an "update" that removes (or at least shuts down) the malware from the victim's systems.
--
To ISPs: Leave our ports alone! If I want ports blocked, I'll do it myself, thank you.]]> http://www.dslreports.com/forum/remark,21496386 Fri, 28 Nov 2008 10:32:55 EDT