Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Take Down a Spam Botnet

kdawson posted more than 4 years ago | from the chalk-up-one-for-the-good-guys dept.

Spam 207

The Register is reporting on the takedown of a botnet once responsible for 1/3 of the world's spam. The deed was done by researchers from the security firm FireEye, who detailed the action in a series of blog posts. PC World's coverage estimates that lately the botnet has accounted for 4% of spam. From the Register: "After carefully analyzing the machinations of the massive botnet, alternately known as Mega-D and Ozdok, the FireEye employees last week launched a coordinated blitz on dozens of its command and control channels. ... Almost immediately, the spam stopped, according to M86 Security blog. ... The body blow is good news to ISPs that are forced to choke on the torrent of spam sent out by the pesky botnet. But because many email servers already deployed blacklists that filtered emails sent from IP addresses known to be used by Ozdok, end users may not notice much of a change. ... With [the] head chopped off of Ozdok, more than 264,000 IP addresses were found reporting to sinkholes under FireEye's control..."

cancel ×

207 comments

Sorry! There are no comments related to the filter you selected.

good work (1)

HalifaxRage (640242) | more than 4 years ago | (#30053352)

now get going on the other 96%

Re:good work (1)

Romancer (19668) | more than 4 years ago | (#30053436)

So it took them how long between the time it was generating 30% and now when it is generating 4%?

That's a little too late guys.

Re:good work (1)

sanso999 (997008) | more than 4 years ago | (#30053814)

I love how, in the midst of this tech talk, there is comparison being made between 1/3 and 4%. Reminds me of that problem with the space craft and metric.

Re:good work (1)

MadnessASAP (1052274) | more than 4 years ago | (#30053858)

Well 1/3 is hard to express as a percentage.

Re:good work (1)

Falconhell (1289630) | more than 4 years ago | (#30053886)

Approximately 33.3% is SO difficult to write after all!

Re:good work (1)

socceroos (1374367) | more than 4 years ago | (#30053998)

But that's only approximate! Expressed as 1/3 ensures there is no room for error when calculating.

Re:good work (2, Insightful)

Interoperable (1651953) | more than 4 years ago | (#30054108)

Right...because the botnet was measured to be producing precisely 1/3 of the world's spam. I suspect that the original estimate was sufficiently inaccurate that more than one significant figure would not really be justified, let alone an exact value.

Re:good work (1)

socceroos (1374367) | more than 4 years ago | (#30054204)

Check.

I'm going to fall back to my backup argument: writing 1/3 is easier and quicker than writing 33.3%.

Re:good work (0)

Anonymous Coward | more than 4 years ago | (#30054402)

1/3 is 0.3 (30%). Or did you fail college chemistry and the significant digits exercises?

Re:good work (1)

MadnessASAP (1052274) | more than 4 years ago | (#30054888)

Ahhh... touche, at least someone else here is thinking.

Re:good work (1, Interesting)

socceroos (1374367) | more than 4 years ago | (#30053474)

I'd like that too. Although, my IPCOP firewall with CopFilter installed has been killing 99.92% of the spam coming into our network. Really pleased with it.

On a more related note, would this be classed as vigilante justice? Justified?

I think its a cool idea for universities with security classes to study this kind of thing and 'bring it down - safely' as a project. I know I'd enjoy it.

Re:good work (3, Insightful)

calmofthestorm (1344385) | more than 4 years ago | (#30053512)

It'd be a great project, though you do want to be careful, some of these viri are designed to do harm if disabled improperly, and some of these computers could be in situations where their failure could cause the loss of lives.

Again, not saying don't do it...saying do it carefully.

Re:good work (1)

socceroos (1374367) | more than 4 years ago | (#30053572)

I heartily agree. Hence the 'safely' part. =)

Identifying exactly what is infected and where would be a colossal task. Especially when you consider that you have to identify 'mission critical' hardware.

Re:good work (0)

Anonymous Coward | more than 4 years ago | (#30054304)

Identifying exactly what is infected and where would be a colossal task.

Why not take down the source? [microsoft.com]

Re:good work (1)

Kalriath (849904) | more than 4 years ago | (#30055246)

Because, dumbass, then we'd just have more OSX viruses. And we all know how fast Apple is at fixing flaws.

Re:good work (1)

jamesh (87723) | more than 4 years ago | (#30053810)

some of these viri are designed to do harm if disabled improperly, and some of these computers could be in situations where their failure could cause the loss of lives.

If you have a computer that could fail in such a way that lives could be lost, and the computer is in a situation where it has enough connectivity to the internet to form part of a botnet, then all bets are off anyway.

IMHO, the best way to resolve the botnet is to overwrite the bootsector (but not the partition table) and do a hard reboot. Easy to recover from and minimises the further damage that could be done. Also resolves the "lives could be list" problem.

Re:good work (2, Insightful)

Fulcrum of Evil (560260) | more than 4 years ago | (#30053836)

you are suggesting that someone hooked up a life critical system to the public internet? That in itself should be a felony.

Re:good work (1)

calmofthestorm (1344385) | more than 4 years ago | (#30053930)

Oh indeed. But guess what: They are. Maybe in the obvious stupid way, maybe it's a computer that used to be an office machine and got repurposed (intentionally or accidentally) without a reimage. Maybe there's a firewall snafu.

Although loss of life is the obvious example of oh-shit resulting from computer failure, there are many, MANY situations where it could lead to tremendous loss of capital (remember back when the LSE went down for a day due to using MS software a few months ago?

Re:good work (1)

sjames (1099) | more than 4 years ago | (#30054166)

I would argue that if the system is THAT critical, it should have been kept virus free. The fact that it's part of a botnet could be taken to mean the owner doesn't particularly care if it fails somehow. Those of us who actually bother to look in on our servers from time to time are really tired of "OMG the indoor dog potty" and such coming from those who don't.

Re:good work (1)

Ash Vince (602485) | more than 4 years ago | (#30053920)

It'd be a great project, though you do want to be careful, some of these viri are designed to do harm if disabled improperly, and some of these computers could be in situations where their failure could cause the loss of lives.

Well then hopefully harm will be done, and users whos machines have been sending me spem for the past three years will lose a shitload of data and learn to implement better security in future. Sorry, but I really do thing the only way people learn to adopt a more responsible attitude to IT security is when it is thumped into them why they should.

Re:good work (1)

interkin3tic (1469267) | more than 4 years ago | (#30053970)

some of these viri are designed to do harm if disabled improperly, and some of these computers could be in situations where their failure could cause the loss of lives.

Wow. What is the motivation behind this? Hoping that people will be afraid to run cleanup on their infected computers, keeping the botnet from shrinking? Some bullshit like "my victims deserve to be screwed over so I'm going to make sure to do as much damage after I'm done with them?"

Re:good work (1)

socceroos (1374367) | more than 4 years ago | (#30054058)

The motivation? I've heard it described by some friendly 'hackers' as, and I quote, "for the lols".

Re:good work (1)

calmofthestorm (1344385) | more than 4 years ago | (#30054082)

Not always intentionally so designed, though that can be a cause. The crippling effects are just as often a result of the elaborate things viri do to hide themselves and prevent removal.

For example, suppose a virus is designed to patch a system DLL so that it includes a copy of the virus. Now suppose that the patch basis it's using disagrees from thecurrent version of the DLL. GNU Patch would refuse to do the patch if it couldn't be done safely, but the viruses doing binary patches on DLLs may not be so concerned with data integrity.

Similar nastiness in the registry, and you can have a system failure waiting to happen. And with Windows, even modern ones, many failure types are sufficient to crash the system.

Re:good work (4, Interesting)

Lennie (16154) | more than 4 years ago | (#30053710)

You obviously don't work for an ISP, we have to drop SMTP-connections on everything which looks to much like a bot just because of the large number of connection that we get, so we're able to have the legit connections and because scanning all the content would just be to much to handle.

You would be amazed at the volumes of e-mail ISP's get. More then 98% of it is crap you don't want to receive.

Re:good work (1)

socceroos (1374367) | more than 4 years ago | (#30053772)

Yeah, the Australian ISP that we go through (Telstra) actually forces everyone to use their SMTP servers to send email. According to a friend that works there, they do scan all these emails for spam content (can't confirm). I absolutely loath it. Although that doesn't stop anyone outside the country sending spam in.

Re:good work (1)

techno-vampire (666512) | more than 4 years ago | (#30053928)

I have two questions: first, has what they're doing put a significant dent into the load of spam originating in Australia? Second, is the delay caused by scanning small enough not to be an issue? If the answers to both questions are "yes," I see no problem with it. If not, what problems do you find it causing?

Re:good work (1)

socceroos (1374367) | more than 4 years ago | (#30054134)

It has caused email systems to be slower, yes. Emails that would otherwise arrive instantly are actually taking minutes, and on some rare occasions, hours to traverse the tubes to their intended destination. Plus, personally I don't like ISP's grabbing control of my email and 'scanning for spam'. Paranoia? Maybe, but I'd rather be on the safe side.

Re:good work (1)

Tynin (634655) | more than 4 years ago | (#30054414)

Comically, not scanning for spam can cause spammers to recognize your servers are a safe haven, and the amount of spam can rise. As the amount of mail rises, the time it takes to process it goes up and delays occur. Putting in a spam filtering/scanning solution shouldn't increase the time it takes to get through the system by all that much and should decrease the levels of spam you get. Obviously it could have even bigger slow downs in the filtering/scan solution given a large enough amount of spam, but generally these solutions are setup in rather large clusters of servers to handle the load or at least that is my experience.

Having worked at a major hosting provider and a few ISPs, it was simply staggering how much spam would come through. It is hard to make email instant at a company level, it is crazy hard to make email instant when you host hundreds of thousands of domains who use you for their MX. Staggering... is such an understatement.

Anyhow, don't want your ISP's mail server logic screening through your email? Setup your own mail server, and welcome to the world of personally managing your own spam hell.

Re:good work (1)

socceroos (1374367) | more than 4 years ago | (#30054502)

They don't scan incoming mail, only outgoing mail from any client connected to their network.

This is a key point.

They don't actually filter all your incoming mail for you for spam content, they only check all the mail you send from your mail server or any of your mail clients.

I do actually maintain an email server for the company I work for. The ammount of spam that is blocked daily from getting into our network (blocked at the perimeter by IPCop) is truly amazing. And that's only for an average SMB.

Any more? (1)

SatanClauz (741416) | more than 4 years ago | (#30053406)

Are there any more that have been taken down? This is honestly the first i've ever heard of!

Now, part two: I don't know how these things work, but, why does it seem so hard to track these things down and find the source?

Re:Any more? (2, Insightful)

Binder (2829) | more than 4 years ago | (#30053496)

Well... first you have to find their command and control channels. Then you have to figure out how they work. Many times the command and control is both distributed and encrypted so it is very hard to "chop the head off"

Re:Any more? (1)

socceroos (1374367) | more than 4 years ago | (#30053550)

I'm not sure its so much about finding the source as it is figuring a fool-proof way of taking it down legitimately, legally and permanently.

Re:Any more? (1)

Entropius (188861) | more than 4 years ago | (#30053884)

Why does it have to be done legitimately and legally?

When the law is habitually incapable of solving a problem, it should be solved extralegally.

Re:Any more? (1)

socceroos (1374367) | more than 4 years ago | (#30054156)

I tend to agree. But, this still excludes many institutions and agencies from actually being able to devote resources to such things without being fearful of the law.

Re:Any more? (4, Interesting)

Monkeedude1212 (1560403) | more than 4 years ago | (#30053614)

Eh, depends what you're looking at. Other Botnets have been taken down, usually by physically arresting the hacker who started it. I'm sure that they've tried to stop other Spam Botnets before. They didn't actually STOP Ozdok, they just dented it a bit.

It's difficult to track how these things start because essentially you've got about a million breadcrumbs to go through.

Lets say you've got 3 computers, A, B, and C. A infects B, B infects C. There is no direct correlation between A and C, so you have to work your way all the way up the chain. Now imagine you've got a million infected PC's. Who infected who? How do you work your way backwards? There's lots of ways to do this, most simple of which is to look at the contacts and determine which of the contacts is infected. Then determine the time and date of which the infection occured (Date Modified/Date Created on the file). Whoever was first was who infected the others.

The problem with killing it is that it has a "multi layered fallback mechanism" - which is a fancy way of saying it replicates itself. It can do this by either having a secondary program or script copy itself back onto the infected PC when it detects the original infection is gone, or it can do this by RE-infecting any of the computers it was sent to infect in the first place.

I hope thats enough to make you stagger and wonder exactly how much damage they could have possibly done to this botnet.

Patches? (1)

l0perb0y (324046) | more than 4 years ago | (#30053422)

I hope they'll patch these machines. Otherwise, how long will it be before the bot wrangler just takes his net back?

Better yet, just wipe the hard drives. The users might think harder about security if something other than their net connection gets abused.

Re:Patches? (1)

socceroos (1374367) | more than 4 years ago | (#30053510)

Wiping their computers would slow things down, but it certainly wouldn't change anything. They'd be at it again as soon as they were back up and running with an OS.

Re:Patches? (2, Interesting)

somersault (912633) | more than 4 years ago | (#30053584)

Not to mention a lot of people would be seriously PISSED and you'd be in deep legal shit for messing with other people's computers.. I'm sure these guys could still face possible trouble even for just admitting they've brought down the head of the botnets, but IMO they're pretty justified to do that. Wiping people's machines, while tempting, is just a no-no. If we want vigilante justice to become more acceptable in these situations, then it's best to be 'nice' about it.

Re:Patches? (1)

SydShamino (547793) | more than 4 years ago | (#30053882)

I'm sure these guys could still face possible trouble even for just admitting they've brought down the head of the botnets

And what exactly have they done that's illegal? They registered some domain names. They reported domain names used by spammers to their registrars, with documentation, and those registrars cut off the domains. They reported IP addresses used by spammers to their hosts, and those hosts cut off the IP addresses. They have received botnet requests at their sinkhole, but they are merely logging IP addresses, not returning commands to the botnet. They'll use the IP addresses to one-by-one have the ISPs notify their customers.

There's no law that says you can't do any of the above things. If the botnet was written so that lack of command from a control server resulted in destruction, then the botnet creators are solely responsible. If you stopped a robber and, as a result, the robber's hostage at home died from dehydration, do you get charged with murder? No, they do.

Re:Patches? (1)

nneonneo (911150) | more than 4 years ago | (#30054438)

In all likelihood, they couldn't send commands even if they wanted to: modern botnets typically check incoming data against an internally held digital signature, and so forging commands is extremely difficult (basically impossible) without the private key which corresponds to the signature.

Re:Patches? (1)

Nefarious Wheel (628136) | more than 4 years ago | (#30054898)

Not to mention a lot of people would be seriously PISSED and you'd be in deep legal shit for messing with other people's computers.. I'm sure these guys could still face possible trouble even for just admitting they've brought down the head of the botnets, but IMO they're pretty justified to do that. Wiping people's machines, while tempting, is just a no-no. If we want vigilante justice to become more acceptable in these situations, then it's best to be 'nice' about it.

I was about to post a "yes, take the bots down, destroy them" comment -- then thought, hey - that sword cuts two ways. If one group gets away with vigilante destruction of targeted systems, then what's the difference if a group we don't agree with - say, the RIAA or MPAA - starts using this precedent as justification and starts taking down systems themselves? Slippery slope doesn't *begin* to describe it.

The problem is - once you start bypassing the justice system for good reasons, it becomes easier to do it for bad ones. Take it to the courts with a winning strategy and let them take them down. That way at least you might get public funding for bringing the bastards under the gun.

Good! (0)

Anonymous Coward | more than 4 years ago | (#30053428)

Now I don't have to worry about throttled torrent downloads.

Re:Good! (4, Funny)

amicusNYCL (1538833) | more than 4 years ago | (#30053470)

Now I don't have to worry about throttled torrent downloads.

Uh right, problem solved there. In other news, once you get an oil change in your car you no longer have to rotate the tires.

Re:Good! (1)

Yvan256 (722131) | more than 4 years ago | (#30053490)

I learned about that just in time! I'm calling right away to cancel that tire rotation appointment I had for tomorrow!

Re:Good! (1)

MrNaz (730548) | more than 4 years ago | (#30053570)

Yea I made that mistake. My car just stopped on the freeway, and when I called the roadside assist service for a jump start, they tried to upsell me a tank of gas.

Damn salespeople.

Re:Good! (1)

tacarat (696339) | more than 4 years ago | (#30053756)

I'll be happy when they start upselling items from their fully stocked mini-bar.

Re:Good! (1)

value_added (719364) | more than 4 years ago | (#30053780)

Uh right, problem solved there. In other news, once you get an oil change in your car you no longer have to rotate the tires.

Obviously you've never worked with Windows users.

Re:Good! (0)

Anonymous Coward | more than 4 years ago | (#30053944)

Now I don't have to worry about throttled torrent downloads.

Uh right, problem solved there.

That's funny, I read the OP as the poster joking about getting his outbound bandwidth back now that his machine isn't sending spam anymore. Don't know if he was being funny, but it didn't quite come across that way.

Re:Good! (1)

socceroos (1374367) | more than 4 years ago | (#30053518)

You forgot to include your closing sarcasm tag.

Re:Good! (1)

nneonneo (911150) | more than 4 years ago | (#30054456)

That is, until botnet operators start using BitTorrent (or a derivative of it) to transmit commands and Comcast gets a new excuse to throttle torrents.

All your SPAMbot are belong to us (0)

MountainLogic (92466) | more than 4 years ago | (#30053456)

Had to be said

Re:All your SPAMbot are belong to us (2, Funny)

socceroos (1374367) | more than 4 years ago | (#30053602)

What would you do with your newly acquired SPAMbot network? Would the power go to your head?

Since the bots all deserve to be botted, I might set up a beowulf cluster with them and distributed render Big Buck Bunny for the fun of it. =)

Re:All your SPAMbot are belong to us (1)

Interoperable (1651953) | more than 4 years ago | (#30054176)

I think all hijacked botnets should be made to run BOINC distributed computing projects. The users who can't keep their machines secure and contribute a huge volume of spam to the internet should be sentenced to community service. In form of having their machines dedicate most clock cycles to the advancement of esoteric scientific pursuits.

True heroes (1)

ManlySpork (1542827) | more than 4 years ago | (#30053458)

These researchers are true heroes saving the internet from impending doom.

Mega-D 2.0 (1)

tacarat (696339) | more than 4 years ago | (#30053460)

1) Counter-attack researchers
2) Analysis and evaluation
3) Rebuild and redeploy
4) Profit

Hopefully those hacked machines get addressed quickly. While the botnet itself is down, there's probably a few ways to grab the zombies and make a new system.

Re:Mega-D 2.0 (1)

socceroos (1374367) | more than 4 years ago | (#30053634)

No way! All this time, the three question marks was referring to Rebuild and redeploy?

Re:Mega-D 2.0 (1)

tacarat (696339) | more than 4 years ago | (#30053776)

Yep. Just make sure you uncheck the "hide answer" option. Tools > Options > ROFLCOPTOR Config

Wrong title, not 'taken down' (5, Interesting)

RichardDeVries (961583) | more than 4 years ago | (#30053486)

From TFA:

Only two command server were found to be located outside the USA. So does it mean that shutting these servers down would result in a complete botnet shut down? Keeping in view Ozdok's multi layered fallback mechanism the answer here is 'no'.

and

After seeing all these fallback mechanisms, it doesn't look very easy to kill Ozdok in one go but hurting this beast might not be that difficult.

Re:Wrong title, not 'taken down' (1)

Meshach (578918) | more than 4 years ago | (#30053566)

I guess that the important this is that this process will make a dent in the spammers processes.

Until now attempts to actually trace and shut down have not been fruitful. I think the face that something was done is very positive.

Re:Wrong title, not 'taken down' (5, Funny)

RichardDeVries (961583) | more than 4 years ago | (#30053684)

I agree, of course. However, I was pointing out that the claim the title makes is false. A spam botnet has been taken down when it is permanently disabled. (And the spammers themselves at the least publicly taunted by John Cleese, but that is my personal opinion).

Re:Wrong title, not 'taken down' (0)

Anonymous Coward | more than 4 years ago | (#30054984)

SHUT UP FART BOY

What OS? (1, Interesting)

Yvan256 (722131) | more than 4 years ago | (#30053504)

What's the Windows OS percentage of that botnet?

Re:What OS? (0)

Anonymous Coward | more than 4 years ago | (#30053712)

> What's the Windows OS percentage of that botnet?

Didn't you know? Windows has 100% market share in botnet zombie machines.

Re:What OS? (1)

socceroos (1374367) | more than 4 years ago | (#30053868)

As the clients they do. But as always, Linux servers hog the bot controller market share.

Re:What OS? (2, Funny)

bigredradio (631970) | more than 4 years ago | (#30054284)

See, Bill Gates wants a monopoly everywhere! Anti-trust! Anti-trust, help help I'm being repressed.

Re:What OS? (0)

Anonymous Coward | more than 4 years ago | (#30054398)

Yeah, I even heard he has a monopoly on sexual interactions with his wife. This has just got to stop.

Call of Duty - Modern Warfare 2 (1)

Jetrel (514839) | more than 4 years ago | (#30053520)

Great work! I would of done it but I was at home sick... *Cough*

Re:Call of Duty - Modern Warfare 2 (0)

Anonymous Coward | more than 4 years ago | (#30054142)

This isn't that hard [wsu.edu] . Come on, dude.

And meanwhile... (3, Insightful)

damn_registrars (1103043) | more than 4 years ago | (#30053524)

Another botnet is on the verge of picking up a good number of those systems. Within a very short while we'll see the spam levels right back where they were before. Anti-botnet activities are good when done in the name of anti-botnet activity, but they are weak efforts in the name of stopping spam. The way to stop spam is to fight it as the economic problem that it is; if people continue to go after the symptoms of spam like this they will continue to find themselves quickly thwarted.

Stop talking sense man! (1)

hellfire (86129) | more than 4 years ago | (#30053582)

Next thing you know we'll take the same approach to murder, theft, gangs, drugs, etc and soon we'll end up with a utopia... then how will the billionaires get $100 bills to light their $500 cigars???

Re:Stop talking sense man! (1)

secolactico (519805) | more than 4 years ago | (#30053774)

Come on, it's not that hard to get one hundred pesos [wikipedia.org] .

Re:And meanwhile... (4, Interesting)

somersault (912633) | more than 4 years ago | (#30053638)

Spam isn't so much an economics problem as a "some people are just dicks" problem. A lot of the problem with spam is the current system we use for email. It was never intended for such widespread use and has little-to-none in the way of authentication or security measures. You can encrypt emails for security sure, but it doesn't help get around the problem of spam..

Re:And meanwhile... (5, Insightful)

damn_registrars (1103043) | more than 4 years ago | (#30054854)

Spam isn't so much an economics problem as a "some people are just dicks" problem

That statement is accurate only for those who believe that spam is sent out to piss you off. Perhaps the spam you receive is somehow different from the spam that is sent to me? The spam that is sent to my addresses is sent to sell various products or services. And why is the spam sent to sell products? Because someone is paying the spammer to send it.

Spam is a product that people are willing to pay for.

Hence spam is a economic problem, because there is economic incentive to send it. Billions or trillions of spam messages can be sent at nearly no cost to the spammer; very little business needs to come from those spam messages to make them incredibly profitable.

A lot of the problem with spam is the current system we use for email. It was never intended for such widespread use and has little-to-none in the way of authentication or security measures.

I have yet to see a proposed replacement for the existing email system that actually suggests anything that would make a bit of meaningful difference for spam issues.

You can encrypt emails for security sure, but it doesn't help get around the problem of spam..

I agree with you on that. Encryption isn't worth squat in regards to spam.

Re:And meanwhile... (1)

Capt.DrumkenBum (1173011) | more than 4 years ago | (#30053896)

Another botnet is on the verge of picking up a good number of those systems.

I wouldn't be so sure about that. I seem to remember a year or so ago reading about someones honeypot experiment. One of the first things done to the machine after the hacker got access was to close several common vulnerabilities.
I don't know about this botnet, but if I were an evil bastard who managed to take over your computer, the first thing I would do would be to make sure your computer stayed mine.
In fact from time to time I have considered the possibilities of a virus that would turn on automatic updates, turn on the firewall, and install an anti-virus product.

Re:And meanwhile... (1)

iris-n (1276146) | more than 4 years ago | (#30053992)

In fact from time to time I have considered the possibilities of a virus that would format the hard disk.

As a time bomb, you see.

But I always think about the grannies losing the family photos and I give up.

Or it could be distributed only through porn.

Nothing against porn. But that would select out (most) grannies, leaving the stupid fucks who hunt for porn in IE6.

Humm. I'm getting bitter. Better stop with the porn and get sex.

Re:And meanwhile... (1)

popo (107611) | more than 4 years ago | (#30053968)

How exactly does one fight the economic problem? And does it involve giving everyone a pony?

Re:And meanwhile... (4, Insightful)

mcrbids (148650) | more than 4 years ago | (#30053982)

The way to stop spam is to fight it as the economic problem that it is; if people continue to go after the symptoms of spam like this they will continue to find themselves quickly thwarted.

Sure. Let's educate every farking idiot on the face of the earth. Just like we did with consumers the world over in every single city across the fruited plain. It's worked well for hundreds of years! "Buyer beware" and Heaven help you if you should get defrauded...

What's that you say? We didn't do that? Instead, we instituted "consumer protection" laws that require vendors to adhere to minimal standards of conduct and safety? Laws that prevent manufacturers from making unsafe cars and selling poisoned food? You mean, I can go into pretty much any restaurant and be confident that I probably won't get some terrible disease from poorly cooked food and un-refrigerated meats?

Yes, on the 'net, it's the wild, wild west, all over again. But now problems "over there" have become problems "over here", and suddenly, things like the sorry legal state of Nigeria and Somalia are in our face. Will we fix it overnight? No, but we will fix it. Sure, we'll never get rid of it completely - the Mafia still exists, and gangs still thrive in areas of the mostly controlled First World. (We can get greatly mitigate the gangs by legalizing their primary revenue stream, the drugs, but while related, that's another post)

The thing is that by legally controlling the terms of commerce, we promote healthy commerce. Outlawing commerce altogether has roughly the same effect of not regulating it at all - fraud and crime sets in, legitimate business moves out. To control spam, we need to control commerce, world wide. And that's a big, big problem that will take at least a generation or two to handle.

Re:And meanwhile... (1)

damn_registrars (1103043) | more than 4 years ago | (#30054666)

Sure. Let's educate every farking idiot on the face of the earth. Just like we did with consumers the world over in every single city across the fruited plain. It's worked well for hundreds of years! "Buyer beware" and Heaven help you if you should get defrauded

If you somehow took what I said to mean that I wanted to do what you are suggesting, then I ask you to go back to read it again.

To control spam, we need to control commerce, world wide. And that's a big, big problem that will take at least a generation or two to handle.

That is a bit closer to what I was suggesting, but going from the opposing side of the same coin.

Jinx... (1)

imaniack (638051) | more than 4 years ago | (#30053540)

I just hope Netcraft does not jinx this by reporting premature death of botnets...

A little known fact about security firm "FireEye" (2, Funny)

turing_m (1030530) | more than 4 years ago | (#30053578)

At company picnics, employees are encouraged to take part in "Whack-a-mole" competitions during summertime, and ice sculpting during the winter.

WTF? (4, Insightful)

MikeURL (890801) | more than 4 years ago | (#30053804)

Why is some obscure security firm doing the job that governments should have done 10 years ago?

Seriously. Can someone please give me a reasonable explanation that rogue CnC servers and registrars are allowed to continue operations?

Re:WTF? (2, Funny)

socceroos (1374367) | more than 4 years ago | (#30053962)

Seriously. Can someone please give me a reasonable explanation that rogue CnC servers and registrars are allowed to continue operations?

Because its actually the government who creates and controls these 'botnets'. They're used to spy on us since they have a computer on each end of each router meaning they can reliably trace data streams in foreign countries to their true original source.

Ok, so that wasn't necessarily accurate. But, I've heard on the low-down that the fellows who were working on Titan Rain are currently trying to map the Chinese governments botnet across the world. Its funny that a growing proportion of our electronics are being sorced from China.

Nothing against the Chinese - great guys and I love mandarin. Just some actions of their leaders seem a bit 'off base' - outside my comfort zone.

Re:WTF? (0)

Anonymous Coward | more than 4 years ago | (#30054242)

First they came for the spammers, and I did not speak out—because I was not a spammer;
Then they came for the crackers, and I did not speak out—because I was not a cracker;
Then they came for the hackers, and I did not speak out—because I was not a hacker;
Then they came for the pirates, and I did not speak out—because I was not a pirate;
Then they came for me—and there was no one left to speak out for me.

Er. (1)

Velorium (1068080) | more than 4 years ago | (#30053854)

Since when does 1/3 equal 4%?

Re:Er. (0)

Anonymous Coward | more than 4 years ago | (#30054064)

Since when does 1/3 equal 4%?

"Once". Read it again. "Once", as in, "in the past". The botnet was *once* responsible for 1/3rd, but more recently is only responsible for about 4%. Meaning, all this hoopla for an organization that went after some spammers who crippled the Internet in their heyday, but are now basically chillin' with umbrella drinks in Florida.

Re:Er. (2, Informative)

Jeian (409916) | more than 4 years ago | (#30054092)

once responsible for an estimated third of the world's spam

lately the botnet has accounted for 4% of spam

Re:Er. (1)

greyhueofdoubt (1159527) | more than 4 years ago | (#30054100)

The 'net used to account for 1/3, but since that time it has either shrunk due to patches or other 'nets have vastly outpaced it. That caught me off guard, too.

-b

Re:Er. (1)

Velorium (1068080) | more than 4 years ago | (#30054126)

Ah, thank you.

Re:Er. (1)

Urza9814 (883915) | more than 4 years ago | (#30054116)

It was _once_ responsible for 1/3 of the spam. By the time the researchers got to it and took it out it had already dropped to only 4% for other reasons.

In the words of Riddick... (2, Interesting)

popo (107611) | more than 4 years ago | (#30053974)

"You keep what you kill."

Now... what to do with this enormous botnet?

Yeah, but... (0)

Anonymous Coward | more than 4 years ago | (#30054222)

My wife just called from home. Apparently my server just melted.

Legality? (1, Interesting)

Hurricane78 (562437) | more than 4 years ago | (#30054300)

I'm not against taking down a botnet. But I still think that basic laws are more important. If we don't apply the same rights on really everybody, those "rights" become meaningless.

FireEye isn't exactly a police or government agency. How exactly can they raid zombie computers of private people? I can't think of any way that this is legal. Which does not make them better than what they are "prosecuting" (A term, that when associated with a private company, usually makes a crime itself.)

Is it like Blackwater? A bunch of criminals who like to legally murder and beat up people? Just that here they like to raid computer systems?

If you take down a botnet, do it in a legal way!!

Re:Legality? (3, Insightful)

JohnFen (1641097) | more than 4 years ago | (#30054672)

From reading all the FireEye blog posts on the operation, I can't find any point where they broke the law or even behaved in a way that violated anybody's rights.

What they did was to coordinate things so that ISPs and domain registrars followed existing procedures to shut down sites and revoke domain names. They also found some domain names that were programmed to be used as fallbacks but had not yet been registered, then registered those.

It looks like at no time did they actually hack anybody or penetrate computers, either innocent bystanders or guilty people, nor did they use the botnet themselves, so there's no legal or ethical problem here -- assuming their reports are complete and correct, obviously.

Re:Legality? (2, Informative)

ProfessionalCookie (673314) | more than 4 years ago | (#30054884)

Zombies aren't people.

Re:Legality? (0)

Anonymous Coward | more than 4 years ago | (#30055008)

They didn't raid or take over zombies. They just killed as many of the C&Cs for Ozdok all at once. This was following the Abuse notification process with Hosting providers and ISPs. See the prior blog post:
http://blog.fireeye.com/research/2009/11/smashing-the-ozdok.html

1. Abuse notifications to all the ISPs involved.
2. Working with registrars to take down all the registered CnC domains.
3. Registration of all unused CnC domains.
4. Registration of all unused CnC domains.

    No zombies were harmed or violated in the process. Clearly that is illegal.

Re:Legality? (1)

cdrguru (88047) | more than 4 years ago | (#30055220)

So what laws do you think are being broken? And how would any government prosecute someone or even collect evidence to be used in a prosecution? They might have an IP address, but we have just spent a few years proving in courts that an IP address cannot be connected to an individual.

In most of the places where the people who are running these things are located it simply isn't against the law to do so. You might be surprised at how many places it is legal to defraud and steal from US citizens when it is not legal to do the same things to their fellow countrymen. End result is, there really isn't any prosecution possible.

I for one.... (1)

countach (534280) | more than 4 years ago | (#30054404)

I for one welcome our new botnet masters.

That's great, but... (3, Interesting)

element-o.p. (939033) | more than 4 years ago | (#30054624)

...the cynic in me wonders whether or not the researchers might be risking legal problems by doing this [informationweek.com] (at least in Illinois, Colorado, Delaware, Michigan, Oregon, Pennsylvania, and Wyoming and possibly Arkansas, Florida, Georgia, Massachusetts, Tennessee, and Texas as well).

sale:jordan 1-25,coach,ed hardy handbags,ugg (-1, Troll)

coolforsale2010 (1675990) | more than 4 years ago | (#30055202)

If you want to have a warm winter,you have to know Ugg boots.Ugg boots are “must have ” nike air max jordan ,shoes, caoch,gucci,lv,dg, ed hardy handbagsin the winter.Now here is an onlinestore , discount 30%-50% off,free shipping, you may take a look, you may find the UGGS you want here.http://www.coolforsale.com thanks...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>