(August 8, 2008)
Dutch police have notified people whose computers were infected with malware that made them part of a botnet comprising more than 100,000 PCs. People were redirected to a web page containing directions on disabling the malware and a link to an online virus scanner. The police were able to automatically forward the infected users to the help page because they have taken control of the botnet. A 19-year old man was arrested last week when he tried to sell the botnet to someone in Brazil for GBP 25,000 (US $47,839).
Computer World UK
[Editor's Note (Ullrich): An interesting tactic that should probably be investigated more. In the past, investigators of botnets (law
enforcement or not) have been careful not to use the botnet functions themselves. Most of the time, the exact effects of these actions are not well understood. Other methods have however not been very successful in notifying users.]
I believe that the larger ISP's in South Africa can do something like this. If they can detect Bot type traffic on their network, they can modify the routing rules so that all web traffic from infected networks is routed to a page notifying the user of the problem, and whom the user can contact for help (note that they already redirect international web traffic to their transparent proxies).
Of course the cynic in me notes that as these ISPs charge per MB they might not be too keen to do anything that reduces traffic.
0 comments:
Post a Comment