Forgot your password?

Close
typodupeerror
Botnet Crime Security Spam IT

Researchers Cripple Pushdo Botnet 129

Posted by timothy
from the nothing-wrong-with-the-word-cripple dept.
Trailrunner7 writes with this from ThreatPost: "Researchers have made a huge dent in the Pushdo botnet, virtually crippling the network, by working with hosting providers to take down about two thirds of the command-and-control servers involved in the botnet. Pushdo for years has been one of the major producers of spam and other malicious activity, and researchers have been monitoring the botnet and looking for ways to do some damage to it since at least 2007. Now, researchers at Last Line of Defense, a security intelligence firm, have made some serious progress in crushing the botnet's spam operations. After doing an analysis of Pushdo's command-and-control infrastructure, the researchers identified about 30 servers that were serving as C&C machines for the botnet. Working with the hosting providers who maintained the servers in question, the LLOD researchers were able to get 20 of the C&C servers taken offline, the company said."
This discussion has been archived. No new comments can be posted.

Researchers Cripple Pushdo Botnet More

Researchers Cripple Pushdo Botnet

Comments Filter:

  • Re:I would love to see... (Score:3, Informative)

    by Anonymous Coward on Sunday August 29 2010, @02:23AM (#33407386)

    Read the f**king article:

    Unfortunately, not all providers were responsive and thus several Command & Control servers are still online at this point," researcher Thorsten Holz wrote.

  • Seriously, guys, why does nobody ever link to the original source? ThreatPost [threatpost.com] got it from M86 Security [m86security.com] got it from TLLOD [tllod.com]. Would it kill the submitters to link to the original, or the editors to fix it?

  • Re:Cyberterrorism is ok, huh? (Score:5, Informative)

    by Xiroth (917768) on Sunday August 29 2010, @02:58AM (#33407452)

    If you bother to RTFS, you'll note that they worked with the content providers - they shut the servers down themselves. No hacking involved.

  • Re:"For years..." (Score:5, Informative)

    by rudy_wayne (414635) on Sunday August 29 2010, @03:31AM (#33407530)

    Somebody please remind me what Windows Malicious software remover and all those antivirus programs are supposed to be doing.

    They don't do anything if you don't use them.

  • Re:I would love to see... (Score:5, Informative)

    by rastos1 (601318) on Sunday August 29 2010, @03:59AM (#33407614) Homepage

    So I could switch to those providers, and know they wouldn't be messing with my server without talking to me just because some er "researcher" decided they thought the server might be some sort of C&C

    I assume that the providers were just notified by the researcher and were able to see for themselves whether the server is doing something malicious or not. In addition every ISP I've dealt with, has a contract clause that allows them to cancel the service if you use it to violate the laws of the country - which is often the case when sending SPAM. You are then free to sue them if you believe that terminating the service was not justified.

  • Pretty much (Score:5, Informative)

    by Sycraft-fu (314770) on Sunday August 29 2010, @04:05AM (#33407628)

    I think we need to start having more of a "you play nice or don't play on the net" kind of system going on. Providers are not expected to be perfect, nobody is perfect, just to be responsive to complaints/problems. If you aren't you get warned and if you keep ignoring it you just get shut out by all major networks. You then have to prove you took care of the problem and will play nice before you get let back in.

    That's how we do it at work, actually. I work at a university and we have a lot of research labs, some of which are totally independent of our central control. When a system in there gets infected, we see if we can track someone down who can deal with it, if nobody is there or everyone claims ignorance, we shut down all network access. When that happens people get a hold of us surprisingly fast and the person who needs to deal with the system is found. Once they take it offline to be dealt with and promise to behave, network access is restored.

    I think the big network providers need to work out a system like this, where if a given company is unresponsive, you can file a complaint with them. They then warn the company and if they are still unresponsive, cut access. After all the crap causes them problems as well.

  • Re:Slashdot editors will approve anything... (Score:5, Informative)

    by PatPending (953482) on Sunday August 29 2010, @04:10AM (#33407638)

    NOTHING was "seriously crippled" nor was the botnet affected. This is a perfect example of a non-story about a good attempt that failed.

    "Nothing?" "Attempt that failed?"

    Look at their graph: from a high of 1,400 on 3 Aug to 0 on 26 Aug. -- that ranks as both a "seriously crippled" and "success" in my book.

    So while you chose to belittle their achievements, I for one chose to say a silent "Thank you! Well done!" for their years of persistence in fighting this war.

  • Re:I would love to see... (Score:1, Informative)

    by Anonymous Coward on Sunday August 29 2010, @06:55AM (#33408080)

    They've done that ages ago. In case these researchers actually did had taken down all the C&C servers, the bots would go into rendezvous mode and based on an algorithm, start generating thousands of domain names per day. Now all the people behind the botnet need to do is to register one of those domains and upload their signed update on it with a list of new C&C servers, and the botnet is back up and running.

    These aren't some 90's irc botnets and the people running them aren't stupid. With these methods, it's practically impossible to bring down the big botnets. You may slow it down for a few days or "cripple" it's spam sending while the botnet re-organizes, but I think I have better ways to spend three years.

What soon grows old? Gratitude. -- Aristotle