Forgot your password?
typodupeerror
Security Spam The Internet

Storm Worm Botnet "Cracked Wide Open" 301

Posted by timothy
from the after-honeynets-let's-try-bugzappers dept.
Heise Security reports that a 'team of researchers from Bonn University and RWTH Aachen University have analysed the notorious Storm Worm botnet, and concluded it certainly isn't as invulnerable as it once seemed. Quite the reverse, for in theory it can be rapidly eliminated using software developed and at least partially disclosed by Georg Wicherski, Tillmann Werner, Felix Leder and Mark Schlösser. However it seems in practice the elimination process would fall foul of the law.'
This discussion has been archived. No new comments can be posted.

Storm Worm Botnet "Cracked Wide Open"

Comments Filter:
  • so what? (Score:5, Insightful)

    by derfy (172944) * on Sunday January 11, 2009 @04:28PM (#26409379) Homepage Journal

    However it seems in practice the elimination process would fall foul of the law.

    I'm sure I'm not alone when I say, "So?"

    • by khasim (1285) <brandioch.conner@gmail.com> on Sunday January 11, 2009 @04:44PM (#26409533)

      That's the problem.

      The criminals do not care because they were criminals to begin with. This affects the people who are not criminals but who want to clean up the mess made by the criminals.

      Now, if the various governments could/would authorize their law enforcement agencies to use this method ...

      • by ushering05401 (1086795) on Sunday January 11, 2009 @04:55PM (#26409633) Journal

        "Now, if the various governments could/would authorize their law enforcement agencies to use this method ..."

        That is the worst idea I have heard all week.

        • by maxume (22995) on Sunday January 11, 2009 @05:14PM (#26409801)

          Just require a warrant from some level of federal judge.

          Things might not work great at first, but the whole warrant system works pretty well, and it would provide a framework for preventing abuse and overuse.

          • by aurispector (530273) on Sunday January 11, 2009 @05:33PM (#26409955)

            Yeah, but it's an international problem. A guy from F-secure in Finland has been calling for the formation of an "internetpol" for exactly these reasons. I think he's right because otherwise international net crime will continue unabated, since nobody is in charge of combating it. An international body designed to coordinate .crime policing efforts is sorely needed.

          • by peragrin (659227) on Sunday January 11, 2009 @05:34PM (#26409967)

            up until it crosses national borders then yes it does. But if the guy running the show is in a country without extradition then it is useless. Warrants assume everyone is following similar laws and there is an agency that can police all affected areas equally.

            however If an American warrant was being served against a French botnet controller, even with a treaty they still would let him stay free if he didn't harm any french computer users.

            Governments are like children, no one else can play in their sandbox, or with their toys.

        • by owlnation (858981) on Sunday January 11, 2009 @05:28PM (#26409923)

          "Now, if the various governments could/would authorize their law enforcement agencies to use this method ..."

          That is the worst idea I have heard all week.

          No Kidding! The problem with such laws (any laws) in most countries, is that they are open to interpretation. This is why we have courts. Which means, that allowing any government agency the right to access 3rd party computers for any reason sets a very, very dangerous precedent which can be exploited by the more fascist politicians in the world.

          We've already seen the UK Governing Regime try to find ways of accessing the public's computers whenever they see fit, and without any court warrant. There is no sane way to allow this kind of exception, without running the risk of opening the door to further Government inspection of your computer, if they decide to exploit precedent.

          Be very careful with vigilantism. Especially when a government agency is the vigilante. It WILL be exploited for other reasons.

        • Re: (Score:3, Funny)

          by Anonymous Coward
          That is the worst idea I have heard all week.

          Just curious. What was the one of the previous week??
      • by Merusdraconis (730732) on Sunday January 11, 2009 @06:23PM (#26410377) Homepage

        Following the rules is what makes them the good guys, though.

    • I'd have to agree, similar to Blaster [wikipedia.org] I think it was, where someone/people developed a counter-blaster worm, that went around patching peoples systems using the same hole that Blaster used to fuck up peoples systems.

      Seems sort of logical to me, sort of like how our immune system works, and once the "good guys" have won, they just naturally die out, and the system goes back to normal (usually).

    • Re:so what? (Score:5, Insightful)

      by txoof (553270) on Sunday January 11, 2009 @04:59PM (#26409671) Homepage

      Not only is it a problem of breaking the law, but there's the problem of "cleaning gone wrong". What if the cleaning program fouls a hospital's computers? Or fouls up some other important infrastructure. Do you want to be the guy standing next to the enter key in that event?

      Obviously, infrastructure should be configured and secured against such problems, but it's pretty clear that that assumption is false and dangerous. Just a few months ago a trio of London hospitals [theregister.co.uk] went down because of an infection. Granted it was mostly the administrative side that went down, but that still costs a crap load. And what if it's not just the administrative side of say a power distribution grid that shits its self because of some unforeseeable problem with the cleaning worm?

      I sure wouldn't want to be the guy responsible for that. There's also the threat that the cleaning will go wrong in completely unexpected ways causing even worse network disruption. If this option is pursued, those that have the magic bullet would probably want to get some sort of pledge of amnesty from their governments to protect them from prosecution in the event that they cause damage.

      • Re: (Score:3, Insightful)

        by Tanktalus (794810)

        Just wondering why they don't just post the cleaning executables, and then talk to the local media about their fix for the botnet, and include the URL to the cleaning executable? Invite the public to run it for free. Then convince the media to post their story as a video on their own website (not youtube or anywhere that can be faked).

        It won't get everyone, but it'll start. And then users can pass the story around by word of mouth to extend it to others. Hopefully they'll get media in other countries/la

        • Re: (Score:3, Insightful)

          by redxxx (1194349)

          I'm pretty sure the cleaning executable you are talking about is the Microsoft Malicious Software Removal Tool, and consumers smart enough to use it have already done so. Maybe more of and ad campaign, but it's not like tool isn't there and wouldn't being automatically used if these people ran updates.

      • Re:so what? (Score:5, Interesting)

        by Vellmont (569020) on Sunday January 11, 2009 @06:11PM (#26410303)


        What if the cleaning program fouls a hospital's computers? Or fouls up some other important infrastructure. Do you want to be the guy standing next to the enter key in that event?

        It seems to me that a computer participating in a botnet is already a threat to the public. If "cleaning gone wrong" fouls a computer that's already infected, that's really just 'collateral damage'. If it happens to be a hospitals computers, well, I'd say the real problem was the hospital trusting critical infra-structure to software that's insecure. If a hospital is really dumb enough to put infra-structure that could harm someones life on a network connected to the internet, I'd say that's criminal negligence.

        I really do think we've hit the point where the people with the vulnerable computers need to start taking SOME of the blame here and stop acting as if they're all just innocent bystanders. There's certainly plenty of blame to go around. (Oh, and the software producers can sure take some of the blame as well).

        • by txoof (553270)

          It seems to me that a computer participating in a botnet is already a threat to the public. If "cleaning gone wrong" fouls a computer that's already infected, that's really just 'collateral damage'.

          While an infected computer is a threat to the health of the network, it is a minor problem. It's not unlike the difference between say a poorly tuned fire truck and a car-bomb. The poorly tuned fire truck is a threat to public health as it is spewing out more pollution than it should and is indeed harming everyone in the community. The single fire truck is a problem and should be dealt with, but it is a small problem. The overall health and welfare of the community in the form of fire protection trump t

          • Re:so what? (Score:5, Insightful)

            by Kent Recal (714863) on Sunday January 11, 2009 @07:41PM (#26411079)

            Your post is not unlike the difference between, say, a clueless person using inappropiate analogies, and the proof that car analogies hardly ever make any sense.

            Seriously, all this crap is blown way out of proportion. Firetrucks. Car-Bombs. My ass...

            If they have a tool to eliminate a large botnet then, by all means, do it. Stop crying for attention in the press, just run the damn counter-worm or release the source-code so the scriptkiddies can fragment the worm into insignificance.

            If that wipes out the worm: Great!
            If that bricks all infected machines: Well, still better than what we had before.

            There's no need to worry about collateral damage. Critical, life-supporting systems are not participating in storm. The worst that can happen is that a lot of computer illiterate people will have a "broken PC" over night and will have to ask their "PC guy" to fix it. This is a "risk" that we should be willing to take...

            • Re: (Score:3, Funny)

              I'd rather propose that they brick the machines in the first place instead of cleaning it. Cleaning a worm will eliminate the effect only and that for a very short time. Bricking a PC might eliminate the cause -- the clueless user.
              We now have home PCs that are faster than supercomputers from 15 years ago. Operated by users who have no idea of basic computer security, these PCs pose a real threat to individuals and businesses on the net.
              Computing power and bandwidth are so great these days that most users wo

            • Re:so what? (Score:5, Insightful)

              by Nazlfrag (1035012) on Sunday January 11, 2009 @11:27PM (#26412933) Journal

              If it screws up uninfected machines and networks, oh well, umm whoops?
              If there are actually critical, life-supporting systems affected, damn, I guess we can't say sorry to the dead, perhaps send a nice e-mail to their grieving families?

              There are plenty of scenarios in which the cure is far more catastrophic than the botnet. We should not be reckless or rash in implementing a solution. When taking on something that utilises the worlds stupidity I think we should keep Murphys law foremost in mind.

              • Re: (Score:3, Insightful)

                by HungryHobo (1314109)

                keep in mind that every time the botnet herder patches the botnet he runs a risk of bricking those machines, he doesn't care, he has a hundred thousand others.

              • Re: (Score:3, Insightful)

                by Kent Recal (714863)

                If it screws up uninfected machines and networks, oh well, umm whoops?

                Nonsense. If the counter-worm manages to interfere with machines or networks that are not infected by the original worm then these machines and networks were not properly secured and/or isolated in first place. Their admins should be glad that the counter-worm sheds light on the flaws before a malicious operator of the original worm does.

                If there are actually critical, life-supporting systems affected, damn, I guess we can't say sorry to

    • However it seems in practice the elimination process would fall foul of the law.

      I'm sure I'm not alone when I say, "So?"

      <sarcasm>But don't you know, all those people with zombie machines will suddenly start complaining when their computers start running faster and they have better internet connection speeds.</sarcasm>

      I do have to agree, so what if it runs foul of the law. If the relevant laws were effective, we wouldn't have the botnet problem in the first place.

      Just how many people will complain once they get better performance from their machines that are no longer owned.

    • Re: (Score:3, Insightful)

      by drolli (522659)

      Yes, you are not alone - sadly. I dont like people intentionally meddling around with my computer without giving them my permission, in the same way as I do not appreciate that somebody breaks into my flat to fix damage that somebody else has done when breaking in.

      The only way to handle this correctly is that a law is passwd which allows such things under well-defined circumstances (however i have no idea to to set the boundaries).

  • Law? (Score:5, Funny)

    by Opportunist (166417) on Sunday January 11, 2009 @04:28PM (#26409383)

    Who cares about laws? I mean, the criminals don't, the government doesn't care, is anyone still clinging to this outdated model of a coexistance standard?

    • Re:Law? (Score:5, Insightful)

      by ScrewMaster (602015) * on Sunday January 11, 2009 @04:36PM (#26409471)

      Who cares about laws? I mean, the criminals don't, the government doesn't care, is anyone still clinging to this outdated model of a coexistance standard?

      Yes. Governments.

      • Re:Law? (Score:5, Interesting)

        by v1 (525388) on Sunday January 11, 2009 @05:01PM (#26409691) Homepage Journal

        Vigilantism is the result of when the government cannot protect the citizen from something that it's reasonable to believe they should be protected from. It's usually due to the problem of balance between making things illegal and restricting reasonable fredom.

        But in this case it's more toward the issue of the problem not being within the government's charter, or that the government simply does not have the structure (laws, with teeth) required to protect the citizen.

        I'm not a fan of vigilantism in general, but there are times when I approve of it. I'd personally love it if someone would infiltrate the botnets and inject a command to brick (but not erase) every computer that's infected, as a measure to protect millions of innocent people.

        Imagine the city you live in, where 15% of the cars parked on the curbs have the keys in the ignition. And there's a growing problem in the city of kids going on joy rides and trashing cars and property and even killing people. But the car owners don't want to bother with the problem and don't care unless their car gets trashed, and don't wany anyone telling them what to do with their car. I'd lead the effort to walk the blocks, looking for cars with keys in the ignition, and hiding them somewhere in their car. Don't like it? Quit leaving your keys in the ignition. yes, it may violate a right of yours, but by your extending your liberty it's violating the rights of others to a larger degree.

      • Really? Gee, some of the actions or our politicians could have fooled me.

        Oh! Oh, it's one of those "do as I say, don't do as I do" things?

    • Re:Law? (Score:4, Interesting)

      by 99BottlesOfBeerInMyF (813746) on Sunday January 11, 2009 @05:21PM (#26409873)

      Who cares about laws? I mean, the criminals don't, the government doesn't care, is anyone still clinging to this outdated model of a coexistance standard?

      Both companies and universities who have security researchers on their staff care about laws and more than that the risk of lawsuits. When the network security company I worked for had the ability to shut down several botnets we consulted with our primary council and decided it was not worth risking the company to lawsuits from people whose zombies could be shut down or lose data. The publicity would have been nice, but there are always people looking to cash in. Instead, we collaborate with law enforcement a few times and gave them the ability to shut them down if they wanted to (at least one government did hut down a botnet we handed them the keys to).

      A shorter answer would be, the researchers care about laws because they want to keep their jobs and not go broke or go to prison.

      • That's basically what made me post this snide and cynic comment. I'm in the same boat. Care to tell me what government actually cared enough to send a reply that wasn't a winded and wordy version of "meh"?

        • Care to tell me what government actually cared enough to send a reply that wasn't a winded and wordy version of "meh"?

          It was either Denmark or Norway, I forget which. I'm not implying, by the way, that most governments do nothing, just that most don't have the manpower, expertise, or purview to go after botnets in ways that could potentially affect computers that have become bots in many jurisdictions.

  • Partially disclosed? (Score:5, Interesting)

    by Urkki (668283) on Sunday January 11, 2009 @04:28PM (#26409385)

    They should just publish their code. Let the individual hackers decide what to do with it...

    • by neo8750 (566137) <{zepski} {at} {zepski.net}> on Sunday January 11, 2009 @04:32PM (#26409425) Homepage
      Yeah and let the botnet owners see it and then write a patch for the botnets...
      • by Sentry21 (8183)

        It would be a shame if someone broke into their unprotected servers and found the code sitting in a hidden directory that they thought only they knew about, and then used it to cleanse the world. Like, tragic.

    • But instead of individual hackers cleaning up the mess, why not have the government of a country pass a law that machines within its jurisdiction may be cleaned if found to be a zombie?

      Then their law enforcement agencies can use the code that the hackers wrote to clean up the machines in their country.

      A simple process of identifying the infected boxes, notifying the ISP of those boxes, the ISP notifies the customer in writing and if not cleaned within 30 days then the cops clean it remotely.

      The only real pr

    • by ymgve (457563) on Sunday January 11, 2009 @04:54PM (#26409627) Homepage

      They should just publish their code.

      They did.

      The Full Disclosure link contains the source code of their program.

      • by Urkki (668283)

        Well, excuse me for not having RTFA... Summary talks about partial disclosure.

        Anyway, it'll be interesting to see what happens with this botnet next...

    • by Nikker (749551)
      And how many will use this exploit to introduce their own back doors? I guess you could always attempt to regulate hackers...
  • Depends ... (Score:4, Insightful)

    by ScrewMaster (602015) * on Sunday January 11, 2009 @04:35PM (#26409453)

    However it seems in practice the elimination process would fall foul of the law.

    Whose law?

    • Re:Depends ... (Score:4, Interesting)

      by Anonymous Coward on Sunday January 11, 2009 @04:45PM (#26409547)
      The process looks like this:

      Using this background knowledge, they were able to develop their own client, which links itself into the peer-to-peer structure of a Storm Worm network in such a way that queries from other drones, looking for new command servers, can be reliably routed to it. That enables it to divert drones to a new server. The second step was to analyse the protocol for passing commands. The researchers were astonished to find that the server doesn't have to authenticate itself to clients, so using their knowledge they were able to direct drones to a simple server. The latter could then issue commands to the test Storm worm drones in the laboratory so that, for example, they downloaded a specific program from a server, perhaps a special cleaning program, and ran it. The students then went on to write such a program.

      Seems like the method involves the server communicating with the client - which could be considered "hacking" and thus be problematic.

      Especially here in Germany where even possessing nmap is a crime.

    • by Nasajin (967925)
      From the article:

      From a legal point of view, that could involve many problems. Any unauthorised access to third-party computers could be regarded as tampering with data, which is punishable under paragraph  303a of the German Penal Code.

      So, in response to your query, Germany's laws.

      • by Nursie (632944)

        It seems to me to be a very grey area. All you would need to do is get yourself (or a test VM) infected and hooked up to Storm and then inject the "change server" message into your own drone machine. Then everything else is autonomous - the other drones ask your drone for instructions and then voluntarily download a cleaner.....

        • Re: (Score:2, Informative)

          by Anonymous Coward

          No, German law is very clear at this point.
          Unauthorised data manipulation is illegal.
          And you will not get around the judge with: "I just inserted that in the bot in my machine and it spread through the botnet, lulz. Dunno why."

  • WWBD? (Score:5, Funny)

    by retech (1228598) on Sunday January 11, 2009 @04:36PM (#26409467)
    This falls into that whole super-hero vigilante category. Just ask yourself, what would batman do?
    • Re: (Score:3, Funny)

      by Anonymous Coward

      Forget Batman! What would Yagami Light do?

  • by merrickm (1192625) on Sunday January 11, 2009 @04:37PM (#26409479)
    Why not just give the code to the FBI and let them turn it on? I'm sure they'd be more than happy to. Or ask them for immunity on this point. It's not like the Feds don't want this thing gone as much as anyone.
    • by OverlordQ (264228)
      <tinfoilhat>Maybe it's the FBIs Botnet! OHMYGOOSES!</tinfoilhat>
  • You know, if I had suddenly discovered a way to take down a botnet, I wouldn't have said S*** and just dismantled it.
    • by geekmux (1040042)

      You know, if I had suddenly discovered a way to take down a botnet, I wouldn't have said S*** and just dismantled it.

      Awww, c'mon, it's only Slashdot. Just a small band of merry geeks here, nothing to see...

      If it makes you feel better, I won't tell.

    • Re:Pfft... (Score:5, Funny)

      by gzipped_tar (1151931) on Sunday January 11, 2009 @05:00PM (#26409683) Journal

      The guys found the "cure" of Storm Worm are university students. They did the research using the university's facilities. They have to follow the university's regulations and everything they do is pretty open to the public. Should they just triggered the switch and take over, the university may find itself in legal trouble.

      Unless one of them happens to be Batman.

  • Question (Score:4, Insightful)

    by vawarayer (1035638) on Sunday January 11, 2009 @04:49PM (#26409589)

    Some people run some botnet ops from some countries with some loose laws to gain some protection.

    Is it not as easy to dismantle a freaking botnet from there?

  • by damn_registrars (1103043) <damn.registrars@gmail.com> on Sunday January 11, 2009 @04:56PM (#26409639) Homepage Journal
    If you manage to disable the storm botnet, someone will just great better botnet software. The end result is just a better botnet.

    If you want to stop the botnet, you need to remove its incentive. The botnet operates not for someones jollies, but because it is profitable to have a botnet. If you remove the profit motive the botnet will self-disassemble over time.
    • by DaveV1.0 (203135)

      Of course, if the writers of the storm botnet software read slashdot, they may be busy writing a better botnet to neutralize the vulnerability found and published.

    • by eln (21727) on Sunday January 11, 2009 @05:10PM (#26409773) Homepage

      If you want to stop the botnet, you need to remove its incentive. The botnet operates not for someones jollies, but because it is profitable to have a botnet. If you remove the profit motive the botnet will self-disassemble over time.

      And how do you propose we do that? Spam is profitable even when only one in 10,000 people respond to them, so how do you stop something like that? People have been building better and better spam filters for years, and more and more effort has been spent on educating people about the various scams, and yet spam is STILL profitable enough to illegally hack thousands of computers in order to send it out.

      Saying all we have to do to stop botnets forever is remove the profit motive is like saying all we have to do to stop drug smuggling or illegal immigration or home burglaries is to stop the profit motive. Sounds simple, but virtually impossible in practice.

      • by damn_registrars (1103043) <damn.registrars@gmail.com> on Sunday January 11, 2009 @05:24PM (#26409891) Homepage Journal

        Spam is profitable even when only one in 10,000 people respond to them

        Spam makes for an excellent case study in the problem, more on that in a moment.

        People have been building better and better spam filters for years

        Filters will never solve the spam problem. I have said that before, and I will continue to say it until people start to realize the reality of the situation.

        Build better filters, and spammers will send better spam.

        You have to remove the profit motive.

        And a fair portion of botnet activity is spam-driven or spam-propagating. So if we work on the spam problem, the botnet problem will diminish.

        And there is one angle in particular that is available for stopping spam:

        • The damned registrars

        If you look at spam messages, you'll see that the vast majority of them ask you to go to domains that are on the order of days old, and seldom remain up for more than a few weeks. This is because registration of domains is too easy, with too little liability anywhere along the way.

        Spamming and spamvertised domains are registered at a bewildering rate 24/7. And most of them are registered with bogus information to boot. We need a few things to hinder this

        • Registrars need to sell domains only to valid registration data
        • Registrars that willingly sell domains to spammers need to be punished swiftly and severely
        • ISPs that willingly offer services repeatedly to spammers need to face the same

        If the virtual storefronts selling the v!@gr@ are shut down promptly, and proper impediments are put in place to hinder their creation, spam will become less profitable. The owners of the spamvertised domains can only afford to pay the spammers for their services as long as they are still selling products.

        • Re: (Score:3, Interesting)

          While your point is valid to a certain extent, there's no reason why spamvertized stuff can't be purchased from http://123.321.456.654/crap [123.321.456.654] instead of http://abcdefghijk.cn/morecrap [abcdefghijk.cn]

          In fact, I'm not sure why spammers go to the trouble of registering domains. If it's just for the ease of transferring the dns record to a new ip address, why bother? Just send out a new batch of garbage with a new ip address instead.

          • there's no reason why spamvertized stuff can't be purchased from http://123.321.456.654/crap [123.321.456.654] [123.321.456.654] instead of http://abcdefghijk.cn/morecrap [abcdefghijk.cn] [abcdefghijk.cn]

            That is a good point.

            In fact, I'm not sure why spammers go to the trouble of registering domains. If it's just for the ease of transferring the dns record to a new ip address, why bother?

            If I were to guess, I would suspect that would be it. If they have evilspammingdomain.com hosted by ISP A, who eventually catches on and stops hosting, they can take the same domain and have it instead hosted by ISP B, and then the spam that was earlier sent out referring potential suckers to go buy crap from evilspammingdomain.com will still get them to the same site.

            In short, I suspect that it was because previously it was easier to get protection from registrars than from ISPs,

        • Re: (Score:3, Interesting)

          by Fumus (1258966)

          It'll be more bothersome, but if DNSes won't be available, they'll just say click here for free viagra! [127.0.0.1]

          What makes you think people buying stuff from spam will notice if it's a domain name, or IP address?

    • by RandomUsername99 (574692) on Sunday January 11, 2009 @05:22PM (#26409877)

      Could you explain what you mean by removing the profit motive? Though I may be missing something, I think that you might be oversimplifying things here.

      I'm not really sure that it's any more realistic to try and make spamming unprofitable than it would be to make any other successful form of marketing unprofitable, let alone one that is almost free.

      We could just as easily say that the solution to stopping welfare abuse would be to remove the financial incentive to doing so... but without actually suggesting anything useful to come to that end, it's a pretty useless comment.

      • Could you explain what you mean by removing the profit motive?

        I explained it in more detail above [slashdot.org]

        But the short answer is the profit motive for the botnet is largely tied in to the profit motive for spamming. The answer therefore is to remove the profitability of spamming, or more so to remove the profitability of the spamvertised businesses (both those directly [merchants] and indirectly [registrars and ISPs] profiting from the spam-generated business). If the spamvertised business is no longer making money then they will no longer pay the spammer (botnet operator

    • by _Sprocket_ (42527) on Sunday January 11, 2009 @05:40PM (#26410025)

      If you want to stop the botnet, you need to remove its incentive. The botnet operates not for someones jollies, but because it is profitable to have a botnet. If you remove the profit motive the botnet will self-disassemble over time.

      By Jove, I think you've got it! All we need to do is remove the incentive and crime just fades away! I wonder why nobody's thought of that before.

  • Question (Score:2, Funny)

    by Anonymous Coward

    After you decode it with base 64 how do you open it? do you just rename it to .c and open it with VS?
    if not then how?

    • Re: (Score:3, Informative)

      by nostrad (879390)
      base64 -d | bzip2 -d | tar -x
  • A law that actively hinders human development and protects criminal activities is immoral.

    Immoral laws should not be followed.

    • Re:Screw the law. (Score:4, Interesting)

      by Todd Knarr (15451) on Sunday January 11, 2009 @06:42PM (#26410535) Homepage

      You don't want to go there. The law is the one that says someone installing software on your computer without your permission is illegal. In your zeal to stop the Storm botnet, do you want to make it legal for the Storm botnet runners to break into your computer and install their software? That's what you'll be doing.

  • by artg (24127) on Monday January 12, 2009 @05:57AM (#26414821)
    Why not get the user's consent first ?
    If a zombie is detected, it should be isolated in the same way as a commercial wifi node : no access to the net, and web access pointed to a login page. That page would then offer the option of continuing to use the machine offline, or having the bot software neutralised.
    No need to worry about knock-on failures from disconnecting a critical machine : any critical system that relies on its net connection is either broken by design or so unusual that it could be handled as a 'do not block' case by the service provider.

Those who can, do; those who can't, write. Those who can't write work for the Bell Labs Record.

Working...