To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Dan, Be real careful of the legal ramifcations of taking stuff offline, even if it is acting in a malicious manner.
--- Thanks for the list. You guys continue to impress me with where you are going. I assume you guys (Gadi + Nicholas) have "real" jobs?? ----- On 3/3/06, Gadi Evron <[EMAIL PROTECTED]> wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > Dan wrote: > > Yanno, Most bot code I've seen has a 'kill' or uninstall feature built > > in. > > > > It might be an idea to built a "counter" botnet, that will act in our > > favor when a botnet is found. We could have a bot infiltrate the > > existing net, and attempt to issue a number of kill/uninstall commands, > > so the net will eat itself. > > > > *shrug* > > Hi Dan. :) > > That depends significantly on several issues: > 1. Is that command remote? (I.e. requiring a remote connection and a > remove?) > > If so, I'd hesitate to do so. Even if it was not illegal, it is indeed > unethical to connect to the remote machine uninvited. Further, your > actions can result in damage to the remote machine. > > 2. Is this done with a remote kill command? > > Same as above, but the bot will re-surface on next re-boot. > > 3. Is this done by uploading a cleaner? > > If that is the case, you may potentially also cause the machine to die. :) > > 4. Is this done via IRC commands at the C&C? > > I have little problem with that, except that it may put you at risk. > > All that said, here are a few items to think of: > > 1. If the remote machine in indeed compromised and insecure, it will > just get re-infected shortly. > > 2. If that is the case, it is also already probably infected by QUITE A > FEW other beasties and is already a part of other botnets (many other!) > > Before I go on with wisdom of old, though, I'd like to hear some > thoughts from fresh people here. :) > > I am very much in favor of actively mitigating risks, but there are > costs to any benefits and sometimes the benefits are not worth it, are > extremely short lived or just an illusion. > > Gadi. > > -- > http://blogs.securiteam.com/ > > "Out of the box is where I live". > -- Cara "Starbuck" Thrace, Battlestar Galactica. > _______________________________________________ > botnets mailing list > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > _______________________________________________ botnets mailing list To report a botnet PRIVATELY please email: [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
