On Aug 7, 8:20 pm, Chad Etzel <c...@twitter.com> wrote:
> Here is the state of things as we know them:
> - The DDoS attack is still ongoing, and the intensity has not
> decreased at all....

Has anyone had a close enough look at the botnet infection to deduce
the command channel traffic?  For better or worse (time will tell)
there are plenty of government grey hats with wiretap-ready Narus
access who may not be able to contact you directly, but who would sure
know what to do and would be willing to do it if you could describe
the botnet command channel characteristics.

I remember not very long ago a botnet was described, by one of
Felton's students if I remember right, on some blog post, and then a
week later someone else who had captured an infection in a vm debugger
got to watch as it received a very nicely crafted command to unlink
from the host boot sequence and exit.  If you want that kind of help
from the shadows, you gotta help the spooks figure out the control
channel behind the attack.  Good luck, and remember it won't be long
after it passes before you can look back and laugh, so keep your chins

Reply via email to