To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
I agree with Gadi. In the majority of incidents that I have been involved
with, the systems have been infected with multiple backdoors and would
reinitiate upon reboot of the system.
I am sure my lawyer would not want me performing any actions on a system
without a signed authorization from the owner of the system.
Original Message:
-----------------
From: Gadi Evron [EMAIL PROTECTED]
Date: Fri, 03 Mar 2006 19:21:07 +0200
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [botnets] is there a list of botnet hostnames somewhere ?
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Dan wrote:
> Yanno, Most bot code I've seen has a 'kill' or uninstall feature built
> in.
>
> It might be an idea to built a "counter" botnet, that will act in our
> favor when a botnet is found. We could have a bot infiltrate the
> existing net, and attempt to issue a number of kill/uninstall commands,
> so the net will eat itself.
>
> *shrug*
Hi Dan. :)
That depends significantly on several issues:
1. Is that command remote? (I.e. requiring a remote connection and a
remove?)
If so, I'd hesitate to do so. Even if it was not illegal, it is indeed
unethical to connect to the remote machine uninvited. Further, your
actions can result in damage to the remote machine.
2. Is this done with a remote kill command?
Same as above, but the bot will re-surface on next re-boot.
3. Is this done by uploading a cleaner?
If that is the case, you may potentially also cause the machine to die. :)
4. Is this done via IRC commands at the C&C?
I have little problem with that, except that it may put you at risk.
All that said, here are a few items to think of:
1. If the remote machine in indeed compromised and insecure, it will
just get re-infected shortly.
2. If that is the case, it is also already probably infected by QUITE A
FEW other beasties and is already a part of other botnets (many other!)
Before I go on with wisdom of old, though, I'd like to hear some
thoughts from fresh people here. :)
I am very much in favor of actively mitigating risks, but there are
costs to any benefits and sometimes the benefits are not worth it, are
extremely short lived or just an illusion.
Gadi.
--
http://blogs.securiteam.com/
"Out of the box is where I live".
-- Cara "Starbuck" Thrace, Battlestar Galactica.
_______________________________________________
botnets mailing list
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
_______________________________________________
botnets mailing list
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
