To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Gadi,
Yeah, I was directly referencing IRC.. But you bring up some good points, some of those bots might have a crippling effect when theyre ripped out. -Dan -----Original Message----- From: Gadi Evron [mailto:[EMAIL PROTECTED] Sent: Friday, March 03, 2006 9:21 AM To: Dan Cc: Thomas Raef; [EMAIL PROTECTED] Subject: Re: [botnets] is there a list of botnet hostnames somewhere ? Dan wrote: > Yanno, Most bot code I've seen has a 'kill' or uninstall feature built > in. > > It might be an idea to built a "counter" botnet, that will act in our > favor when a botnet is found. We could have a bot infiltrate the > existing net, and attempt to issue a number of kill/uninstall > commands, so the net will eat itself. > > *shrug* Hi Dan. :) That depends significantly on several issues: 1. Is that command remote? (I.e. requiring a remote connection and a remove?) If so, I'd hesitate to do so. Even if it was not illegal, it is indeed unethical to connect to the remote machine uninvited. Further, your actions can result in damage to the remote machine. 2. Is this done with a remote kill command? Same as above, but the bot will re-surface on next re-boot. 3. Is this done by uploading a cleaner? If that is the case, you may potentially also cause the machine to die. :) 4. Is this done via IRC commands at the C&C? I have little problem with that, except that it may put you at risk. All that said, here are a few items to think of: 1. If the remote machine in indeed compromised and insecure, it will just get re-infected shortly. 2. If that is the case, it is also already probably infected by QUITE A FEW other beasties and is already a part of other botnets (many other!) Before I go on with wisdom of old, though, I'd like to hear some thoughts from fresh people here. :) I am very much in favor of actively mitigating risks, but there are costs to any benefits and sometimes the benefits are not worth it, are extremely short lived or just an illusion. Gadi. -- http://blogs.securiteam.com/ "Out of the box is where I live". -- Cara "Starbuck" Thrace, Battlestar Galactica. _______________________________________________ botnets mailing list To report a botnet PRIVATELY please email: [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
