republican-creole
Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Srizbi Botnet Servers Flee To Estonia » Possible defense?
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
What took them so long? »
AuthorAll Replies


fireflier
Coffee. . .Need Coffee
Premium
join:2001-05-25
Limbo
·Skype

reply to kpatz
Re: Possible defense?

said by kpatz See Profile :

If the algorithm for the domains has been cracked, an enterprising security firm could register up the next few batches of domains, use them to take control of the botnet, and distribute an "update" that removes (or at least shuts down) the malware from the victim's systems.
Some kinda thought of that, but not so much to disable the bots, more to prevent registration of the next domains they'd be looking for:

»www.theregister.co.uk/2008/11/26···om_dead/

"For weeks, the researchers were able to thwart the emergency backup measure by generating the domain names such as qpqduqud.com themselves and then snapping up the addresses ahead of the bad guys. The cat-and-mouse standoff ended this week after FireEye researchers decided they could no longer afford to spend the money buying the domains."

But, as you pointed out, it would be nice if they could use that vulerability to disable the bots. . .
--
Tradition: Just because you've always done it that way doesn't mean it's not incredibly stupid. --despair.com
to forum · permalink · · 2008-11-28 11:43:04 · Reply to this


RARPSL

join:1999-12-08
Suffern, NY
said by fireflier See Profile :

"For weeks, the researchers were able to thwart the emergency backup measure by generating the domain names such as qpqduqud.com themselves and then snapping up the addresses ahead of the bad guys. The cat-and-mouse standoff ended this week after FireEye researchers decided they could no longer afford to spend the money buying the domains."
There is a simple solution to that issue of cost. Have the names (for the next year) put on a banned list so they can not be registered). There is no need to PAY for them (the registrar can eat the minimal cost as a contribution to the SPAM/BOT fight).
to forum · permalink · · 2008-11-28 12:28:42 · Reply to this
-
Forums » Srizbi Botnet Servers Flee To EstoniaWhat took them so long? »

Thursday, 10-Dec 15:50:08 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [200] Sprint Sued For Distracted Driving Death
· [131] AT&T Launching New 24 Mbps U-Verse Tier
· [85] AT&T Hints At Usage-Based iPhone Data Pricing
· [82] 3G Network Test Says AT&T Is Tops
· [72] Mediacom Unveils 105 Mbps Pricing
· [71] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [66] Sprint Poised For A Turnaround?
· [51] The Future Of Wi-Fi Is Bright
· [50] Average American Consumes 34 Gigabytes Daily
· [47] Site Leaks Yahoo, Verizon Fed Data Share Pricing
Most people now reading
· [WIN7] Well, I was dumb, but do I have recourse? [Microsoft Help]
· New Mediacom Email [Mediacom]
· Cross Server Dungeon Experience [World of Warcraft]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· So what's your impressions of Lich King so far.... [World of Warcraft]
· Will Gearscore die now? [World of Warcraft]
· malware has been found hidden inside an Ubuntu screensaver [Security]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· Windows 7 boot manager editing questions [Microsoft Help]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]