Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
2 Men Arrested After Teen Was Run Over For His iPad
Security geeks bring down a network responsible for 12% of worldwide spam
A botnet, if you're not down with script-kiddie hax0r lingo, is a 'bot network'. A bot is a robot -- though 'zombie' or 'compromised machine' is more accurate. In the olden days these networks usually took the form of unpatched Windows machines, but today they rely on user error.
It's all about those files you download, or email attachments that you open. Even web-based Javascript injection can do it -- you really should try to surf safely! Once you run the executable or get infected some other way, it turns your computer into a spam robot. The rest, as they say, is history.
The Mega-D botnet consisted of some 250,000 computers. Consider how many computers it takes to account for the remaining 88% of worldwide spam: well over two million computers, always on, unwittingly generating the trash that fills our inboxes.
The attack, organised by Atif Mushtaq, involved going after the master controllers -- the machines that control those 250,000 zombie robots. You can read the full story of the take-down over on PC World, but in essence it was quite simple: a quick, coordinated shutdown of all their servers, by collaborating with the ISPs hosting the servers... behind Mega-D's back!
Comments
4
Subscribe to commentshmmDec 29th 2009 7:31AM
Huh, as far as I know it, he succeeded in eradicating the mega-D botnet but just for about 2 weeks.
From MessageLabs Intelligence: 2009 Annual Security Report "Almost eradicated on 4 November 2009 as the result of community action to disrupt the botnet, spam from Mega-D fell to approximately 1% of all spam. Mega-D returned on 13 November using a different collection of bots, sending between 4-5% of spam."
Sebastian AnthonyDec 29th 2009 8:07AM
I think, from the PC World article, that they handed over the work to another group -- because as you say, botnets never really DIE.
Still, it must take some time to rebuild a network of 250,000 computers!
You can't really ever win such a war... just build a good defence, and occasionally strike back :)
hmmDec 29th 2009 8:51AM
Since only the servers controlling the botnets(and not the infected computers) were affected , I guess the network would be fully back up as soon as another server comes up to take back the control . I wonder what would happen when the spammers would adopt true p2p techniques to send out spam, instead of a centralised command server.
Sebastian AnthonyDec 29th 2009 8:59AM
Ah, very true!
I guess they could rollout a fix from the control servers to all the infected zombies... but that might be a little too cool :P