massive botnet controlling some 1.9 million zombie comp

[Jacee]

Do you know what your computer is doing tonight? :shock:

Finjan Reveals 1.9 Million-Strong Botnet at RSA

The size of the network would make it possibly the largest botnet under the control of cyber-thieves. Some 45 percent of the IP addresses under the control of the network are located in the U.S., compared to six percent in the U.K., three percent in France and four percent in Canada and Germany. The geo-location of 38 percent of the IP addresses could not be determined.

 

[jfar]

Thanks for the news.

 

[weh]

We are Borg; resistance is futile.

 

[Mark]

Thanks Jacee, that's a huge number of infected machines. :shock:

 

[Jacee]

We are Borg; resistance is futile

ermmm?

 

[baarod]

That's all those folks installing 7106...

You know, I'm really only half joking. Seems there are quite a few folks posting 7106 torrents and trying to convince people they're unadulterated even in the face of stark proof of the opposite. Why? What's it to them if someone they don't know uses it or not? Why the vested interest? There's no point system that I know of. Or is there? Has anyone grabbed these builds and tested them for outbound IRC traffic?

Were the world working as it should, the researchers would deliver a list of infected MAC addresses to the listed domain contacts along with a list of affected ports. This filter list would be loaded into the border routers as a BGP update immediately for maximum protection to the rest of the Internet and email sent to the affected customers in case of ISP or InfoSec depts in the case of corporations. Filters could then be put in place as fast as possible to protect the domain internally. But at least it wouldn't leak crap outside the domain in the short term.

But instead of doing something like this to contain the issue, they write a paper and wait to attend a trade show and brag about how cool they are that they found this big botnet while it continues to exist and do whatever it is it wants unfettered. Makes no bloody sense to me -- obviously this security expert is out to make a buck and a name for himself and has no interest in protecting the Internet at all or they'd at least be TRYING to mitigate the risk and affect with the networking tools and skills at their disposal. I'd think I'd get a better name at the trade show for presenting how I discovered and SHUT DOWN the botnet. While prominently listing any domains that failed to co-operate. Hopefully you'd get a few government agencies and fortune 500s that you could spread all over the new and shame the rest into action.

 

[Jacee]

We have quite an extensive list of IP#'s and Domains, but there is a problem with some webhosts ... they will take paymment over security. Some are really responsible about shutting these sites down... others rely on thier monthly income and don't give a whit (or whatever)

So, as your post goes baarod, all we can do is try to warn and protect peback's

That's why I posted this article.

 

[weh]

I read the article to which Jacee's post linked. It stated that the authors had reported details of the botnet to appropriate security and law enforcement agencies. While they may well be out to make a name for themselves, my impression was that they had done the right thing.

 

[baarod]

Security and law enforcement -- who exactly? I don't know of any outfit in the government that handles this. It's really up to Sprint, et. el. who operate the backbones and that's not quite how it ought to be. When a domain refuses to filter their traffic for the good of the net, then it ought to be done for them. There are border routers on both sides of a leased line. If the domain owner won't add the filtering then the carrier should be required by law to do so.

NEWSFLASH:

Looks like cybersecurity's going to be under direct presidential control!

http://www.crn.com/government/217100034;jsessionid=55VP02WADXRZUQSNDLPSKH0CJUNN2JVN