Re: Possible defense?

Author	All Replies
fireflier Coffee. . .Need Coffee Premium join:2001-05-25 Limbo	reply to kpatz Re: Possible defense? said by kpatz: If the algorithm for the domains has been cracked, an enterprising security firm could register up the next few batches of domains, use them to take control of the botnet, and distribute an "update" that removes (or at least shuts down) the malware from the victim's systems. Some kinda thought of that, but not so much to disable the bots, more to prevent registration of the next domains they'd be looking for: »www.theregister.co.uk/2008/11/26···om_dead/ "For weeks, the researchers were able to thwart the emergency backup measure by generating the domain names such as qpqduqud.com themselves and then snapping up the addresses ahead of the bad guys. The cat-and-mouse standoff ended this week after FireEye researchers decided they could no longer afford to spend the money buying the domains." But, as you pointed out, it would be nice if they could use that vulerability to disable the bots. . . -- Tradition: Just because you've always done it that way doesn't mean it's not incredibly stupid. --despair.com
	to forum · permalink · 2008-11-28 11:43:04 ·
RARPSL join:1999-12-08 Suffern, NY	said by fireflier: "For weeks, the researchers were able to thwart the emergency backup measure by generating the domain names such as qpqduqud.com themselves and then snapping up the addresses ahead of the bad guys. The cat-and-mouse standoff ended this week after FireEye researchers decided they could no longer afford to spend the money buying the domains." There is a simple solution to that issue of cost. Have the names (for the next year) put on a banned list so they can not be registered). There is no need to PAY for them (the registrar can eat the minimal cost as a contribution to the SPAM/BOT fight).
RARPSL join:1999-12-08 Suffern, NY	to forum · permalink · 2008-11-28 12:28:42 ·

Srizbi Botnet Servers Flee To Estonia > Possible defense?