Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

McColo Briefly Returns, Hands Off Botnet Control

kdawson posted more than 5 years ago | from the should-have-used-a-stake-through-the-heart dept.

Security 242

A week ago we discussed the takedown of McColo (and the morality of that action). McColo was reportedly the source of anywhere from 50% to 75% of the world's spam. On Saturday the malware network briefly returned to life in order to hand over command and control channels to a Russian network. "The rogue network provider regained connectivity for about 12 hours on Saturday by making use of a backup arrangement it had with Swedish internet service provider TeliaSonera. During that time, McColo was observed pushing as much as 15MB of data per second to servers located in Russia, according to ... Trend Micro. The brief resurrection allowed miscreants who rely on McColo to update a portion of the massive botnets they use to push spam and malware. Researchers from FireEye saw PCs infected by the Rustock botnet being updated so they'd report to a new server located at abilena.podolsk-mo.ru for instructions. That means the sharp drop in spam levels reported immediately after McColo's demise isn't likely to last."

cancel ×

242 comments

Sorry! There are no comments related to the filter you selected.

How to stop internet crime (0)

Anonymous Coward | more than 5 years ago | (#25810341)

We have a global network of humanity, yet our government structures are still based on ancient geographical distinctions. In order to govern the net (and to coin another useless buzzword) we need Government 2.0 [squidoo.com] .

Re:How to stop internet crime (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25810439)

What you're advocating is direct democracy. Direct democracy has never and will never work. Don't you people ever learn?

Re:How to stop internet crime (0, Interesting)

Anonymous Coward | more than 5 years ago | (#25810583)

How many times has web-based direct democracy failed?

On the contrary, aren't open source projects an example of the success of leaderless democracy?

Re:How to stop internet crime (3)

Iamthecheese (1264298) | more than 5 years ago | (#25811135)

Thats right! Direct democracy can never work. Which is what made Switzerland [cia.gov] such a hellhole

Re:How to stop internet crime (-1, Redundant)

Seraphim1982 (813899) | more than 5 years ago | (#25811215)

Your link doesn't mention anything about Switzerland being a direct democracy. So what exactly was your point?

The solution is anarchy (0)

Anonymous Coward | more than 5 years ago | (#25810571)

The solution is to have a free for all, whereby vaccine writers are free to play by the same rules as virus writers.

One way to knock out the botnet would be a write a viral vaccine that infects the PC, knocks out the bot, plugs all known holes then attempts to infect all other PCs with itself. If it hasn't managed to get a successful infection after a period of time it takes that as an indication that it has been successful and it eliminates itself from its host.

Re:The solution is anarchy (1)

pitchpipe (708843) | more than 5 years ago | (#25810691)

The solution is to have a free for all, whereby vaccine writers are free to play by the same rules as virus writers.

Can I test out the "solutions" first on the network you manage.

Re:The solution is anarchy (3, Informative)

DarkOx (621550) | more than 5 years ago | (#25811041)

Do you remember just a few years ago the "MS Blaster" fiasco?

Do you remember "Welchia" I think it was called. It was just that it removed Blaster and then tried to spread itself the same way. In the end Welchia was a troublesome for network operators as "MS Blaster" itself. It was terrible.

In Soviet Russia (3, Funny)

Anonymous Coward | more than 5 years ago | (#25810349)

Sesame seed bun is on two all spam patties, special sauce, lettuce, cheese, pickles and onions.

Re:In Soviet Russia (1)

RuBLed (995686) | more than 5 years ago | (#25810551)

I for one welcome or "Next Generation" (tm) Soviet Russia overlords.

Shipping jobs overseas (0)

Anonymous Coward | more than 5 years ago | (#25810975)

It's not like it's going to really stop spam, child pornography, or identity theft.

All that bandwidth used by spam keeps a network admin employed somewhere, and keeps the justice department busy prosecuting people under the can spam act.

Let's turn TeliaSonera into a smoking crater next (1, Informative)

Nimey (114278) | more than 5 years ago | (#25810371)

they should have terminated their contract with these assholes immediately instead of letting them back up.

Re:Let's turn TeliaSonera into a smoking crater ne (1)

martinw89 (1229324) | more than 5 years ago | (#25810413)

What, you mean TeliaSonera? [teliasonera.com]

By the way, no one click on that link.

Re:Let's turn TeliaSonera into a smoking crater ne (0)

Anonymous Coward | more than 5 years ago | (#25810605)

they're down! forget slashdotted, they're internetted!

Re:Let's turn TeliaSonera into a smoking crater ne (1)

Dachannien (617929) | more than 5 years ago | (#25810739)

Damn you! No, I didn't click on the link, but now thanks to you, I've got beans up my nose. [wikipedia.org]

Re:Let's turn TeliaSonera into a smoking crater ne (4, Informative)

moderatorrater (1095745) | more than 5 years ago | (#25810467)

I don't see why. 15MB/sec for 12 hours is rougly 650 gigs - a lot, but a single external hard drive could have pulled it off. At most they shaved a week off their time to get the botnets back up and running at full capacity.

It's not the data, it's the cooperation. (4, Interesting)

khasim (1285) | more than 5 years ago | (#25810661)

This pretty much shows how certain ISP's help spammers. Particularly since they did not IMMEDIATELY bring up their backup link. Instead they waited until the weekend.

Re:Let's turn TeliaSonera into a smoking crater ne (4, Insightful)

Goaway (82658) | more than 5 years ago | (#25810707)

Er, you can't communicate with a botnet with a harddrive, you know.

Re:Let's turn TeliaSonera into a smoking crater ne (3, Insightful)

moderatorrater (1095745) | more than 5 years ago | (#25810941)

During that time, McColo was observed pushing as much as 15MB of data per second to servers located in Russia

The massive amounts of data they were talking about were being pushed to other servers, so they could have done that work with a hard drive. However, it also says that the botnet was updated. Assuming that the botnet couldn't have been updated from those same russian servers, they could have done any number of things, including any number of regular internet connections to buildings nearby or satellite/cellular internet service.

I doubt, however, that the data center was a single point of failure for them. The idea that the malware builders can build massive botnets with distributed architecture that elude understanding by security researchers, but they can't figure out how to make it so that they can run it from a backup data center, seems unlikely to me.

Re:Let's turn TeliaSonera into a smoking crater ne (3, Funny)

Cyberax (705495) | more than 5 years ago | (#25810747)

Nuke them from orbit. It's the only way to be sure.

Sadly, it's true :(

Re:Let's turn TeliaSonera into a smoking crater ne (5, Informative)

aproposofwhat (1019098) | more than 5 years ago | (#25810909)

Apparently TeliaSonera shut down the link as soon as they realised what was happening - the contract was through a proxy company.

See the Register [theregister.co.uk] article for more details.

So we can't really blame TeliaSonera.

Why the spamming bastards didn't just courier a hard drive to Russia instead is a mystery, though.

Re:Let's turn TeliaSonera into a smoking crater ne (5, Interesting)

Nimey (114278) | more than 5 years ago | (#25811077)

The article said they had to update the command & control data for the botnets. The 'nets won't let just any computer control them, and this Russian server probably wasn't on the master list, so they needed to get back online with their old DNS hostname first.

Can they hear me now? (0)

Anonymous Coward | more than 5 years ago | (#25810377)

I can't find an abilena.podolsk-mo.ru any more. It's giving me an NXDOMAIN, though that could be the firewall here.

Pity that, I was thinking about pinging them a few million times. You know, as a connectivity test.

Re:Can they hear me now? (1)

Fastolfe (1470) | more than 5 years ago | (#25811291)

Check the article for the IP address. Reverse DNS still resolves to that name, but it's not clear to me that forward DNS ever resolved.

Uncongested Relief! (5, Informative)

IgnacioB (687913) | more than 5 years ago | (#25810407)

I gotta say the past week without so much SPAM has been like having a 10 year head cold where I've become more and more congested...and just lived with it. To suddenly have the congestion stop for just a week....I almost forgot what life is SUPPOSED to be like without a clogged sinus of an Inbox. Damn spammers! I wish I could have one pointed out and slap them up side the head....and then let the other million of people get to slap them. Then after that slapfest.....find a person that bought something from a spammer and slap them. If there were ever a time for authorities to get involved...it would be now! Raid that ISP and you know they'd catch some guilty folks...some of which could flip.

Re:Uncongested Relief! (2, Insightful)

magarity (164372) | more than 5 years ago | (#25810947)

I wish I could have one pointed out and slap them up side the head
 
While we're having wild fantasies, I wish I had a time machine to go slap the idealistic hippies who originally designed the fledgeling network with practically no verification or security ON PURPOSE.

Re:Uncongested Relief! (4, Insightful)

statemachine (840641) | more than 5 years ago | (#25811245)

While we're having wild fantasies, I wish I had a time machine to go slap the idealistic hippies who originally designed the fledgeling network with practically no verification or security ON PURPOSE.

Speaking of wild fantasies about idealist notions... Ever wanted to be paid for work that wasn't asked for or justified at the time?

Re:Uncongested Relief! (0)

Anonymous Coward | more than 5 years ago | (#25811195)

slap?

far far too tame.

I'd like to stab them all in the brain.

Too extreme? These people waste time and resources all across the planet. And prey on everyone they can in anyway they can.

The world would be better off without them.

So much for little pleasures (1)

bfmorgan (839462) | more than 5 years ago | (#25810411)

I did so like not having to have all that crap in my server's inbox

Alas... (5, Insightful)

Amazing Quantum Man (458715) | more than 5 years ago | (#25810417)

This is an example of the old saying "The Internet treats censorship as damage and routes around it".

Unfortunately, this is happening for the bad guys as well as us.

Re:Alas... (4, Funny)

Renraku (518261) | more than 5 years ago | (#25811141)

The Internet could route around McColo too, if say, it were burned to the ground in the middle of the night. Or barring that, some 'hard pipe-hittin' thugs' somehow gained access to the building and went on a smashing spree. Anyone want to set up a donation box to hire somee thugs?

After all, what's this doing for us? It sounds almost like..well..treason! A foreign power is accessing systems in the United States and is using those systems to infect/enslave other systems. I wouldn't shed a tear if a black ops detachment traced the stuff back to its source and C4ed the offending equipment/operators in Russia or wherever they're coming from.

This just in! (4, Funny)

LockeOnLogic (723968) | more than 5 years ago | (#25810437)

After whacking down a mole, they continue to pop up!

Epic Fail. (-1, Troll)

girlintraining (1395911) | more than 5 years ago | (#25810475)

I wonder how all those security researchers feel after destroying a legitimate commercial enterprise and affecting a lot of people who weren't spammers. Must have been pretty righteous. Of course, now it looks like they're going to have to play a game of whack-a-mole. What ISP shall die next at the hands of vigilante justice? Will my internet connection go down because someone uses my ISP for spam? If my computer becomes infected with malware, how long before I have 'researchers' digging through my private data? What will the next press release say -- Russian NAPs taken offline by massive DDoS initiated by "researchers" from the United States? How long until this kind of behavior sparks an international incident?

This is all eerily similar in scope, methods, and results to a real world issue; The war on drugs. You see, there's an economic incentive to do this. As long as that incentive remains, all you're doing is changing the face of the problem. Today it's hackers in Sweden. Tomorrow it's script kiddies in Russia. Next week it'll be unemployed programmers in Romania. And how can people justify this kind of behavior in the name of "research"? It's the same kind of attitude that the DEA has -- which is to use ever-increasing levels of force, and to continually lower the standards they have to adhere to in order to "catch more criminals". At some point it de-evolves to the Judge Dredd scenario... People driving around metting out instant 'justice', with no review or appeals process to speak of.

Re:Epic Fail. (5, Interesting)

rossz (67331) | more than 5 years ago | (#25810545)

I wonder how all those security researchers feel after destroying a legitimate commercial enterprise and affecting a lot of people who weren't spammers.

Let's say you rent some space anf open a small convenience store. You work hard and make a modest living. Then your landlord rents out the shop next door to a crack dealer who's thriving business attracts a swarm of lowlifes who destroy the neighborhood. Are you going to be upset with the neighborhood watch when they make a fuss, or are you going to be upset with your landlord?

Re:Epic Fail. (0, Troll)

girlintraining (1395911) | more than 5 years ago | (#25810595)

To use your analogy, sir... I would get a camcorder and record the activity. I would then turn that over to the police and wait for the wheels of justice to smash the dealer into hamburger. Then, as he could no longer pay rent, my landlord would find a new tenant who would very probably NOT deal drugs. So no, I wouldn't harbor any ill-will towards the landlord, why would I? My money's as good as the next person's, and I can't expect him to know in advance about something like this.

Re:Epic Fail. (1)

st0rmshad0w (412661) | more than 5 years ago | (#25810665)

And when your drug-dealer neighbors are right over the border outside your PD's jurisdiction and the other PD has no interest in pursuing it?

To continue the analogy.

Re:Epic Fail. (1, Redundant)

girlintraining (1395911) | more than 5 years ago | (#25810771)

In this highly hypothetical situation, I'd go to the local TV station with my recording(s) and a statement from the police indicating their lack of interest.

And "to continue the analogy" if that doesn't work I'll just transform into Optimus Prime and destroy anyone who keeps on about hypothetical situations instead of using common sense.

Re:Epic Fail. (0, Flamebait)

kv9 (697238) | more than 5 years ago | (#25810853)

you're quite the busybody there, aren't ya? yet you complain about other busybodies for knocking spammers offline. make up your mind Optimus Second.

Re:Epic Fail. (1)

st0rmshad0w (412661) | more than 5 years ago | (#25810869)

And if it's not against the law right over the border?

Also, I should point out you ran with the hypothetical instead of reverting to the car analogy.

Re:Epic Fail. (1)

Nefarious Wheel (628136) | more than 5 years ago | (#25811129)

...if that doesn't work I'll just transform into Optimus Prime...

Good telco, that.

Re:Epic Fail. (4, Insightful)

Cajun Hell (725246) | more than 5 years ago | (#25810675)

I would get a camcorder and record the activity. I would then turn that over to the police and wait for the wheels of justice to smash the dealer into hamburger.

And if the police do nothing?

Re:Epic Fail. (1)

MarkvW (1037596) | more than 5 years ago | (#25810985)

Life doesn't work that way. Dope dealer after dealer would flock to the complaisant landlord--despite the busting of the previous dealer--just like spam/malware pushers would flock to the complaisant ISP after one got caught.

And spammers are harder than drug dealers to prove guilty beyond a reasonable doubt.

If an ISP facilitates trespass on my computer, then the ISP is WRONG and should be stopped. That's my story, and I'm sticking to it.

Re:Epic Fail. (0)

Anonymous Coward | more than 5 years ago | (#25811163)

And when the police force the entire building to be shutdown because of the meth lab, and you are unable to do your business?

Re:Epic Fail. (3, Funny)

Fulcrum of Evil (560260) | more than 5 years ago | (#25810547)

Question of the day: is this a mediocre troll or do you actually believe this? Your complaint doesn't exactly line up with the facts.

Re:Epic Fail. (0, Troll)

girlintraining (1395911) | more than 5 years ago | (#25810713)

So, how long have you been beating your wife for, Mr. Fulcrum?

My complaint is that the first ISP that this botnet used is now in shambles. Now the backup ISP for this has gone active and transferred control to a third ISP in Russia. I'm just curious to find out how long those other ISPs are going to be around, and whether we as a community are prepared to deal with where this line of thinking ends. What's to prevent them from doing this every few months and leaving a trail of dead service providers in the wake of our new definition of "justice" as the botnet owners simply hop from one provider to the next?

Re:Epic Fail. (4, Insightful)

Fulcrum of Evil (560260) | more than 5 years ago | (#25810819)

What's to prevent them from doing this every few months and leaving a trail of dead service providers in the wake of our new definition of "justice" as the botnet owners simply hop from one provider to the next?

That's simple - ISPs that value their continued existence will enforce their anti-spam/botnet policies rather than look the other way and take money from anyone who can pay. This isn't vigilantism, it's the upstream ISP dropping connectivity for contract violations when informed of the situation at one of their downstreams.

Re:Epic Fail. (4, Insightful)

Falconhell (1289630) | more than 5 years ago | (#25810823)

Sigh

Way to ignore the obvious facts here.

The ISP had the option of blocking off the spammers.

They did not. Eventually, ISP who do not stop spam will be disconnected. The ISP that supported this botnet SHOULD be a shambles, they became that when they decided not to stop their clients spamming.

What will prevent them from going to new ISP is that ISP probably dont like being put out of business completely.

This should be a salutory lesson for the next ISP that is told they are sending spam.

I see no ethical issues, unless you are a spammer.

But I suspect troll is closer to the mark.

Re:Epic Fail. (1)

DarkOx (621550) | more than 5 years ago | (#25810933)

I must agree while it seems more difficult this is a problem that must be fought both at the source and the target. Its one thing to go after bot net operators but someone should be going after negligent individuals who allow devices they are responsible for to become bots. I think the network must be managed. I think internet access SHOULD BE LICENSED, we don't let you drive a car on our public road without one because the hazard it would pose to others persons and property. We should not let you on our public network where your improperly operated equipment might threaten the use of mine and others.

There should be an exam that all individuals with access must pass that is demonstrative of some learning about how tcp/ip works, what firewalling is, why maintaining your systems is important. I don't think you should be liable for something a cracker does with your system after you have been 0wn3d because that would pose to much risk but you should get cut off. If you can't demonstrait that you attempted to maintain your systems they you should not be let back on.

Re:Epic Fail. (2, Insightful)

maxume (22995) | more than 5 years ago | (#25810555)

People want drugs.

No one wants spam.

Your comparison of the two doesn't make any sense.

Re:Epic Fail. (0, Troll)

girlintraining (1395911) | more than 5 years ago | (#25810625)

So you're comfortable with your small penis, then? Okay, more seriously though -- if spam wasn't profitable nobody would be doing it. My comparison of the two is based on how people are attacking the problem, not the source of the problem.

Re:Epic Fail. (4, Insightful)

maxume (22995) | more than 5 years ago | (#25810715)

That's why your comparison doesn't make any sense. Drugs are a demand driven problem; attacking supply centers simply leads to more supply popping up. Spam is a supply driven problem; attacking supply centers leads to less spam.

If you really think that ISPs will continue to operate with gray customers, I guess you might think this is wack-a-mole, but ISPs have plenty of legitimate business and will have no problem ceasing doing business with spammers. This ISP didn't do that and learned a hard lesson. They were not a good-actor here.

Re:Epic Fail. (1)

Shikaku (1129753) | more than 5 years ago | (#25810893)

It's the same exact problem.

Even if I pull numbers out of my ass and say that small % of the human population want illegal drugs, there's also a small population that responds to spam, sadly, wanting cheap viagra, etc.

The difference next to nothing.

Re:Epic Fail. (1)

maxume (22995) | more than 5 years ago | (#25811239)

A significant percentage of the human population (in the United States) wants illegal drugs.

Spam is driven by the people purchasing the spam runs, not by the people who get the spam. I guess there might be several million people who repeatedly buy penis enlargement pills and other drugs over the internet, but I don't really think so.

Re:Epic Fail. (3, Interesting)

girlintraining (1395911) | more than 5 years ago | (#25810927)

> Drugs are a demand driven problem; attacking supply centers simply leads to more supply popping up.

But if there wasn't a supply in the first place, there wouldn't be a demand problem... or so goes the logic. Attacking supply centers leads to higher costs as supply has diminished. Because the price is now higher, there's now more incentive for an agent to enter the market who can produce at a lower price. There's a few extra steps in this that make calling it either a supply or a demand problem a meaningless distinction; It's a self-balancing system.

E-mail is cheaper than a millionth of a penny in actual costs, so I don't see any way to resolve the issue. If there's even one person who would reply and buy $40 worth of penis enlargement pills, that one person has just paid for about 20 billion e-mails to try to find the next person. Attacking the suppliers doesn't remove the economic incentive, which was the entire point of my original post!

It's a self-correcting system... At best they'll reduce supply to the point that new players enter the market who might be better prepared and vested in evading detection to protect their profits. This, of course, makes them even more difficult to detect and then turn over to the authorities to face prosecution. Taking away their means of production accomplishes nothing because the cost of re-entering the market is effectively zero.

The only long-term strategy that will have any impact is to use the criminal justice system to tag and bag these people. And at that, it's not a solution but a band-aid, but it will help more than vigilantism.

Re:Epic Fail. (1)

Cajun Hell (725246) | more than 5 years ago | (#25810895)

So you're comfortable with your small penis, then?

Why do you think I eventually stopped beating my wife?

Re:Epic Fail. (4, Insightful)

sqlrob (173498) | more than 5 years ago | (#25810979)

if spam wasn't profitable nobody would be doing it

Not necessarily. Spam may not be profitable, spamming may be. If you convince someone to pay you to spam for them, whether or not the spam itself generates any profit, you hustled them out of the money.

Re:Epic Fail. (1)

robertjw (728654) | more than 5 years ago | (#25810635)

Obviously some people do want spam, or at least buy things from spammers. If they didn't, no one would send out spam. His comparison does make sense, spam is big business. As long as it's profitable, it will exist. When it ceases to be so, it will go away.

So what's YOUR solution? (2, Interesting)

SIGBUS (8236) | more than 5 years ago | (#25810557)

Just let the spammers, malware pushers, and con artists clog up the net?

The real question is, who's protecting these scumbags and why? Why has it taken so long to do anything about them?

Re:So what's YOUR solution? (1, Troll)

girlintraining (1395911) | more than 5 years ago | (#25810659)

1. I don't have a solution, I'm just considering the ethical aspect.

2. I'd rather deal with spam, malware, and con artists clogging the internet than vigilantes blowing holes in it.

3. As to who's protecting them -- it's not a question of who but what. In this case, economics.

4. It has taken this long because until now people were restrained by ethical considerations prevalent within the community. However, a certain moral flexibility seems to be developing now out of frustration. This can only end badly.

Re:So what's YOUR solution? (1, Informative)

Anonymous Coward | more than 5 years ago | (#25810727)

1. We guessed that.

2. I would not

3. Not any longer

4.This is not the first ISP to be cut off for spamming.

5. you have no point.

6. When you finish your training, god knowa you might have clue.

Re:So what's YOUR solution? (5, Insightful)

st0rmshad0w (412661) | more than 5 years ago | (#25810811)

1. I don't have a solution, I'm just considering the ethical aspect.

What is unethical about pointing out MASSIVE violation of terms of service by an ISP to their provider? The ISP has a duty to obey the terms they agreed to, and if it can't or won't it gets cut off. Just like you or I would get cut off by our upstream for violating whatever agreement we may have in place.

2. I'd rather deal with spam, malware, and con artists clogging the internet than vigilantes blowing holes in it.

Considering the sheer cost of cleaning up this bullshit, I doubt many share the same opinion. And the intenet was designed to route around holes in it. Theoretically at least.

3. As to who's protecting them -- it's not a question of who but what. In this case, economics.

No. There are definately quite a few "who"s in this mix. Like the greedy bastards who look the other way while their customers commit felonies. They are accessories to the crimes of their clients if they don't cut them off for their criminal bullshit.

4. It has taken this long because until now people were restrained by ethical considerations prevalent within the community. However, a certain moral flexibility seems to be developing now out of frustration. This can only end badly.

Are you kidding? People have been black-holed for decades on the internet for stuff like this.

WHERE IS THE ETHICAL ISSUE WITH TELLING A PROVIDER THAT THEIR CLIENTS ARE IN GROSS VIOLATION OF THEIR ACCEPTABLE USE POLICY????

Or worse.

Either they need to act on it when its pointed out or they will find themselves having to screen their traffic for content because of some cockamamy law passed because they were KNOWINGLY looking the other way while the sold space to kiddy-porn traders after numerous people pointed it out.

Re:So what's YOUR solution? (2, Interesting)

girlintraining (1395911) | more than 5 years ago | (#25811205)

> What is unethical about pointing out MASSIVE violation of terms of service by an ISP to their provider?

Nothing at all. The problem comes when the upstream provider violated their contract with the customers that may have been using the service in accordance with the TOS but lost their service due to being in the wrong place at the wrong time. Which, if you want to split hairs, is principally the fault of the provider and possibly to a lesser extent the person reporting the problem because they provided false information. I say possibly because I don't know what information was provided.

> Considering the sheer cost of cleaning up this bullshit, I doubt many share the same opinion. And the intenet was designed to route around holes in it. Theoretically at least.

I am glad, then, that the decision is not theirs to make. Besides, most people think they're above average drivers too...

> No. There are definately quite a few "who"s in this mix. Like the greedy bastards who look the other way while their customers commit felonies. They are accessories to the crimes of their clients if they don't cut them off for their criminal bullshit.

You can't say they shouldn't help RIAA enforce their copyright by booting you off your connection for P2P, then turn around and say they should police people for spam. They're common carriers; It means they're not responsible, nor should they be. If we start down this road, the internet as we know it ends.

> Are you kidding? People have been black-holed for decades on the internet for stuff like this.

Citation needed.

Look, the solution here is laws not vigilantism... Because the simple truth is no matter how good you are sooner or later you're going to fuck it up. The law ensures that when this happens, there's recourse. A vigilante will just disappear into the night with the words "I'm sorry" on his/her lips. And not only that, but the entire tone of your response rather underscores the need to get emotion out of this situation and the justice system is far better suited to this than your "Let's get a posse together and ride" solution.

Re:So what's YOUR solution? (0, Troll)

rhizome (115711) | more than 5 years ago | (#25811029)

"Girl" is not the only thing you're in training for, apparently. What are the ethical aspects of making scattershot assertions without citations or even replies to people who point out weaknesses in your argument?

Re:So what's YOUR solution? (2, Funny)

Cajun Hell (725246) | more than 5 years ago | (#25810689)

The real question is, who's protecting these scumbags and why? Why has it taken so long to do anything about them?

As long as people keep opting-in to running botnet nodes, we'll have this problem. Don't like it? Stop participating in the botnet.

Re:Epic Fail. (0)

Anonymous Coward | more than 5 years ago | (#25810565)

At some point it de-evolves to the Judge Dredd scenario... People driving around metting out instant 'justice', with no review or appeals process to speak of.

...but he IS the law.

Re:Epic Fail. (4, Insightful)

Seakip18 (1106315) | more than 5 years ago | (#25810575)

If you have "malware" on your computer, your private data is already being exposed. It could just as well be a bot net operator whose combing through your data. Who'd you rather have digging through your infected computer?

Besides, the guys used possibly ill-gotten information that was true to convince the upstream provider to shut down the ISP. The experts didn't run into the data center, pulling plugs in a rage...though that might make a neat comic book. In truth, you should blame the upstream providers. Seriously, this isn't Governments running around meting out justice. This is companies listening to private organizations.

Re:Epic Fail. (0, Troll)

girlintraining (1395911) | more than 5 years ago | (#25810957)

Yeah, that's really ethical -- since everybody else is robbing the store, I suppose I can help myself too.

Re:Epic Fail. (1)

Seakip18 (1106315) | more than 5 years ago | (#25811117)

You didn't answer the question. By you being careless/clueless enough to become infected, your data is already exposed for anyone who cares to pay. Who would you rather have digging through your data?

And, by your poorly chosen analogy, researchers studying the malware generated traffic of your data back to the operators are "robbing the store".

Just because they're in a store, doesn't mean they're stealing. Hell, they may be trying to stock up on TP. I know I would.

Anyways, you're new here. Welcome to /.

Re:Epic Fail. (2, Insightful)

girlintraining (1395911) | more than 5 years ago | (#25811229)

I think you missed the point -- often times, a system can become infected without the user taking any action. It can't be the user's fault 100% of the time unless the technology is perfect, flawless, and that isn't true. Neither of which addresses the issue of whether it's okay for someone to enter my system just because they flashed a "researcher" badge.

Re:Epic Fail. (5, Insightful)

Microlith (54737) | more than 5 years ago | (#25810577)

What are you smoking? Or rather, are you someone arguing a point without a clue.

I wonder how all those security researchers feel after destroying a legitimate commercial enterprise and affecting a lot of people who weren't spammers.

Whether they had any legit customers is suspect. If they did, I'm sure they would have come to light very quickly.

Will my internet connection go down because someone uses my ISP for spam?

No, your ISP will be notified about spam originating from its networks and they'll either deal with the user who is undoubtedly violating their TOS or the ISP's IP range will be entered into mail blackhole lists. Nothing new there.

If my computer becomes infected with malware, how long before I have 'researchers' digging through my private data?

Unlikely, and sadly you probably won't get punted off the net like you should. Instead, your computer will continue to be abused for the purposes of these criminals.

Your efforts to compare this to the drug war are completely irrational, as their causes and symptoms are wildly different. On top of that, there was no government involvement here.

Re:Epic Fail. (1)

girlintraining (1395911) | more than 5 years ago | (#25811083)

> Whether they had any legit customers is suspect. If they did, I'm sure they would have come to light very quickly.

You're making an assumption, just like they did.

> No, your ISP will be notified about spam originating from its networks and they'll either deal with the user who is undoubtedly violating their TOS or the ISP's IP range will be entered into mail blackhole lists.

That isn't what happened here, sir.

> Unlikely, and sadly you probably won't get punted off the net like you should. Instead, your computer will continue to be abused for the purposes of these criminals.

> Your efforts to compare this to the drug war are completely irrational, as their causes and symptoms are wildly different. On top of that, there was no government involvement here.

They're both caused by socially disadvantaged people who are desperate for a solution to their problems. The symptoms are a proliferation of product that the majority of people don't want. And the solutions thus far have both been aggressive prosecution, vaguely defined law enforcement actions, public denunciation, etc. It's not irrational to compare them -- they're both unwanted, and they both have unintended consequences.

Right, because the operator should be punished for the manufacturer's failings.

Re:Epic Fail (2, Insightful)

Falconhell (1289630) | more than 5 years ago | (#25810587)

Yes, yes you did epic fail.

"legitimate commercial enterprise"

If you are so keen on this "enterprise", post your email address and we will see how you feel about getting a thousand spam emails a day.

Frankly, it is time that Russia was pulled into line on this matter. An international incident might be just the thing to do this.

If you allow your PC to be infected by trojans, your privacy just went out the door anyway. Why would you care if researchers looked at your stuff when criminals already can????

Re:Epic Fail. (0)

Anonymous Coward | more than 5 years ago | (#25810603)

Oh suck it.

You sound like a spammer trying to make his business looks good and honest. At the end of the day, it's still unsolicited garbage thrown at you about scams, possibly dangerous medication and viruses leading to botnets and DDoS attacks. There's absolutely no redeeming quality about this kind of activity. At least for drugs you can be sympathetic to the scarface type of drug overlords, the poor farmers trying to make ends meet and the employment of thousands of people...right? right?!

ITT: Spammers BAAAAAWWWWING (1)

slyborg (524607) | more than 5 years ago | (#25810615)

I assume this is a troll. The takedown was hardcore and more or less triple-damage win. Props to the guy from the Post are what is in order.

Re:Epic Fail. (5, Insightful)

TheRealMindChild (743925) | more than 5 years ago | (#25810621)

wonder how all those security researchers feel after destroying a legitimate commercial enterprise and affecting a lot of people who weren't spammers. Must have been pretty righteous. Of course, now it looks like they're going to have to play a game of whack-a-mole. What ISP shall die next at the hands of vigilante justice? Will my internet connection go down because someone uses my ISP for spam?

Well, frankly, yes. An ISP that turns a blind eye to such activities as accused, is just as good as helping the bad guys. And guess what... this is a war where almost anyone is willing to take casualties to end it. Now the innocent bystanders know they were dealing with shit for an ISP and have a big sign in front of their face to move to someone more reputable. It is a win for everyone, except the nefarious spammers/botnet operators that were put out by it. There is no sympathy for these folks.

Re:Epic Fail. (1)

Aladrin (926209) | more than 5 years ago | (#25810809)

I believe the phrase is:

If you aren't part of a the solution, you're part of the problem.

Re:Epic Fail. (1)

girlintraining (1395911) | more than 5 years ago | (#25810999)

The innocent bystanders with perfect knowledge of the situation defense... I can't believe you got a +5 for trying to tell people they should know better. "My car exploded because of defective fuel lines!" "Well you should have expected that since everybody knows the manufacturer was poor quality."

Re:Epic Fail. (0)

Anonymous Coward | more than 5 years ago | (#25811289)

More like "You now have no reason to acknowledge that your car is going to blow up in your face. Any putting off getting a new car only gets you what you deserve"

Re:Epic Fail. (3, Insightful)

Zak3056 (69287) | more than 5 years ago | (#25810639)

I wonder how all those security researchers feel after destroying a legitimate commercial enterprise and affecting a lot of people who weren't spammers.

Wait, are we talking about the same "legitimate commercial enterprise" mentioned in this story, the one that apparently came back from the dead just long enough to pass off control of a botnet? If anything, this followup story proves that McColo's death wasn't just justified, it was long overdue.

Re:Epic Fail. (3, Insightful)

imneverwrong (1303895) | more than 5 years ago | (#25810663)

I wonder how all those security researchers feel after destroying a legitimate commercial enterprise and affecting a lot of people who weren't spammers.

RTFA. They reported TOS violations to upstream providers. It's not like they firebombed the data center. Furthermore, the presence of legitimate clients isn't that great a defense - lots of criminal enterprises have "fronts" that do legit business to mask the illegal activities.

Re:Epic Fail. (1)

Plugh (27537) | more than 5 years ago | (#25810905)

The Epic Fail is simply describable as "Government - always slow, expensive, stupid, and with perverse unintended consequences"

That may sound glib, but in a nutshell that's what economists like Milton Friedman [wikipedia.org] and Murray Rothbard [wikipedia.org] based their life's work upon.

Re:Epic Fail. (2, Insightful)

aproposofwhat (1019098) | more than 5 years ago | (#25811001)

They obviously aren't a legitimate commercial enterprise, though - their actions in attempting to transfer control of the botnet on Saturday prove this.

To use your 'war on drugs' analogy, they are like a bunch of dealers operating under cover of a pizza delivery service.

They get shut down, and people like you whinge because you liked their pizza, even though you never bought their drugs.

Get over it and choose a different pizza joint.

Re:Epic Fail. (1)

dammy (131759) | more than 5 years ago | (#25811185)

Question is why wasn't the ISP watching it's customers for this obvious violation of ToS? If they just wanted the money from the bot netters, they deserve whatever happens to their company.

Re:Epic Fail. (1)

smoker2 (750216) | more than 5 years ago | (#25811227)

Where do you get "vigilantes" from ? Vigilantes are traditionally people who operate outside the law. Nothing done by either the Post or Security Fix was outside the law. They did nothing more than I do when I notice one IP address has been hammering my SSH port for a few hours. I copy the relevant logs and show it to the abuse admin at the owner of that IP block. They even ask you to do that* ! Maybe you don't include running a botnet in "abuse" but the rest of us do.

I repeat, how do you get "vigilantes" out of that ? I could understand it if the researchers cut the fibre leading to the building, but reporting the malicious activity to the persons who were carrying it ? I also would prefer it if you used the term IPP (internet presence provider) rather than ISP, as ISPs usually provide connectivity whereas IPPs provide hosting. They are not always the same (type of) organisation. No ISPs suffered through this action as they were the ones taking action, in fact their "tubes" were probably a bit less clogged as a result.

Get a grip !
Anyway, if you were unlucky enough to be using McColo for hosting, then I wouldn't suggest you trust the integrity of your own sites or machines. Better off moving hosts and using verified backups.

]$ whois 86.128.88.75

[Querying whois.ripe.net] [whois.ripe.net] This is the RIPE Whois query server #1. The objects are in RPSL format.

Rights restricted by copyright.
See http://www.ripe.net/db/copyright.html [ripe.net]

Note: This output has been filtered.
To receive output for a database update, use the "-B" flag.

Information related to '86.128.0.0 - 86.135.255.255'

inetnum: 86.128.0.0 - 86.135.255.255
remarks:
remarks: * Please send abuse reports to abuse@btbroadband.com *
remarks:
netname: BT-CENTRAL-PLUS
descr: IP pools
country: GB
admin-c: BTCP1-RIPE
tech-c: BTCP1-RIPE
status: ASSIGNED PA
remarks: Please send abuse notification to abuse@btbroadband.com
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
source: RIPE # Filtered

role: BT CENTRAL PLUS - OPERATIONAL SUPPORT
remarks:
remarks: * Please send abuse reports to abuse@btbroadband.com *
remarks:
address: BT
address: Wholesale
address: UK
abuse-mailbox: abuse@btbroadband.com
admin-c: PC487-RIPE
tech-c: SR401-RIPE
nic-hdl: BTCP1-RIPE
mnt-by: BTNET-MNT
source: RIPE # Filtered

Information related to '86.128.0.0/10AS2856'

route: 86.128.0.0/10
descr: BT Public Internet Service
origin: AS2856
mnt-by: BTNET-MNT
source: RIPE # Filtered

Information related to '86.128.0.0/12AS2856'

route: 86.128.0.0/12
descr: BT Public Internet Service
origin: AS2856
mnt-by: BTNET-MNT
source: RIPE # Filtered

Re:Epic Fail. (1)

tylerni7 (944579) | more than 5 years ago | (#25811323)

I think a better analogy to this would be if your landlord rented out a special space where people could sell things (kind of like a mall) and many of the tenants used their rented space to sell drugs, or child pornography, or guns, or other illegal things.
Now for some reason, it turns out that the people renting out space to do illegal things are foreign ambassadors, and the government can't directly touch them.
I don't know about you, but I think it makes sense for the government to go after who they can, and take down the landlord, even with the legitimate tenants.

On a more direct note, I don't think that a lot of commercial enterprises were using McColo. I am quite sure that McColo's unique stance on legal matters made the cost of it far more than a normal provider, and there certainly is no lack of commercial hosting providers. Further, McColo was very well known for questionably legal activities. If you were using their hosting services, even if it was for legal things, chances are you were well aware what everyone else was doing.

I really don't see what the problem is, it's not like the government did this without warning. You can bet McColo has gotten numerous notices requesting that they stop helping spammers and bot-net controllers, but they simply chose to ignore them. They were knowingly participating in illegal activities, so the government shut them down. Seems pretty simple, really.

this is great news (4, Funny)

Anonymous Coward | more than 5 years ago | (#25810493)

My penis thanks them, my very very large penis which is located in a recently refinanced home, that is.

Now as soon as my good friend MR AUSTINE OWOH is able to complete the transfer of my long lost uncle's estate from probate in Nigeria to my onshore checking account, I will be perfect, perfect with a very very large penis, that is.

Police action? (-1)

Anonymous Coward | more than 5 years ago | (#25810503)

Doesn't the USA control the root dns servers? can't they block all requests to the offending .ru server?

Re:Police action? (1)

CannonballHead (842625) | more than 5 years ago | (#25810579)

No, only about half of them.

Re:Police action? (1)

DiLLeMaN (324946) | more than 5 years ago | (#25810733)

And even if it were possible to get all the root servers to agree on tossing the bad guys out, the bad guys would just switch to using IPs. I don't know if it's possible, given the "route around obstructions" nature of the net, to "remove" routes to the offending servers, but I doubt that. Besides, that'd have to happen in Russia.

On the other hand, given Putin's heroic track record, he just might personally find and snuff the spammers out. Wasn't there a spammer killed in Russia several years ago?

Shit mail filters (0)

Idiomatick (976696) | more than 5 years ago | (#25810515)

I have gotten one item of spam in the 3...4? years i've had gmail and no false positives. I have some bacn because i'm too lazy to unsubscribe. Now my phone on the other hand... i get about 30calls a day for bs i dont want.

Re:Shit mail filters (1)

lysergic.acid (845423) | more than 5 years ago | (#25810729)

you mean your phone doesn't have a "Mark as Telemarketing" button?

EMP to oblivion. (0)

Neanderthal Ninny (1153369) | more than 5 years ago | (#25810535)

Or use a modified HARM missile on them.
We should have removed all of the infrastructure, not only removed the connection to the internet, so they don't start over again from another place.
These female donkey anal orifices are like cancer in which you remove one tumor but it metastasize to another site to grow again. We need to remove this cancer from the internet.

Final Solution: (3, Insightful)

Duncan Blackthorne (1095849) | more than 5 years ago | (#25810539)

Kill them with FIRE. NOW. Before they spread AGAIN.

Re:Final Solution: (1, Funny)

Anonymous Coward | more than 5 years ago | (#25810633)

I say we take off and nuke 'em from orbit. It's the only way to be sure!

Re:Final Solution: (1)

Nimey (114278) | more than 5 years ago | (#25811105)

I'd settle for a Grand Slam-sized bomb casing filled with a fuel-air explosive or cluster bomblets.

Nice use of Godwin, there. ;-)

So who was the smart guy (1)

slashdotlurker (1113853) | more than 5 years ago | (#25810553)

who let them back up ? Contracts be damned.

Maybe is good news (1)

gmuslera (3436) | more than 5 years ago | (#25810669)

If most of internet spam is sent by very few people, and all this movement of information enables to track them better and maybe, finally, get them, the people source of most spam could end offline (and with a bit of luck, in guantanamo/siberia/wherever waterboarded 24/7)

Russian C&C is Actually Less Desirable (4, Insightful)

CodeBuster (516420) | more than 5 years ago | (#25811073)

The use of a server located in Russia for C&C of the botnet is probably not as desirable as a US based host because of the large numbers of companies and ISPs which either black hole China and Russia entirely or subject traffic coming from and going to those parts of the Internet to much greater firewall scrutiny. I can see why they wanted the US server hosting in the first place while keeping the Russian datacenter as the backup plan.

shi7! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25811281)

took Precedence [goat.cx]

C&C server blocked by ISPs? (3, Informative)

LackThereof (916566) | more than 5 years ago | (#25811315)

It appears that the new C&C server listed in the article, 62.176.17.200, has been blackholed by my ISP's routers. I'm on a Qwest "business/office" ADSL line. Any similar reports from other ISP's?

Or is it actually down?

If most American ISPs are blocking it, Rustock is dead, or at least in a coma. TFA implied that the IP address was being distributed to the bot, not the domain name.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>