Researchers Hijack Mebroot Botnet, Study Drive-By Downloads - Slashdot

Catch up on stories from the past week (and beyond) at the Slashdot story archive

×

Researchers Hijack Mebroot Botnet, Study Drive-By Downloads 130

Posted by ScuttleMonkey on Monday October 05, 2009 @03:30PM from the hijack-and-inject-vaccine dept.

TechReviewAl writes "Researchers at the University of California at Santa Barbara hijacked the Mebroot botnet for about a month and used it to study drive-by downloading. The researchers managed to intercept Mebroot communications by reverse-engineering the algorithm used to select domains to connect to. Mebroot infects legitimate websites and uses them to redirect users to malicious sites that attempt to install malware on a victim's machine. The team, who previously infiltrated the Torpig botnet, found that at least 13.3 percent of systems that were redirected by Mebroot were already infected and 70 percent were vulnerable to about 40 common attacks."

This discussion has been archived. No new comments can be posted.

Researchers Hijack Mebroot Botnet, Study Drive-By Downloads

Search 130 Comments Log In/Create an Account

Comments Filter:

70% (Score:3, Funny)

by matt4077 ( 581118 ) writes: on Monday October 05, 2009 @03:37PM (#29648595) Homepage

Isn't IE marketshare about 70%? What a coincidence!

Share
twitter facebook
Re:arrest them (Score:4, Funny)

by jdgeorge ( 18767 ) writes: on Monday October 05, 2009 @04:23PM (#29649157)

It's the principle of the thing. Botnet creators are entitled to a reasonable expectation of privacy, under the law, right? Besides, if it were YOUR botnet they were infiltrating, you would be pissed, too.

Parent Share
twitter facebook
Re:Great idea, narrowly averted (Score:4, Funny)

by catmistake ( 814204 ) writes: on Monday October 05, 2009 @04:24PM (#29649165) Journal

What if that vulnerable system was responsible for something critical and hadn't been patched because the patch broke the application, for instance?
Ah, I've seen you've read the Admin Handbook: "Even if your critical system has been compromized and is a zombie in some malicious botnet, do not patch the vulnerability if the patch might compromise your critical system."

/sarcasm yes, if it's not broken, don't fix it... then again, your definition of broken appears to be broken

Parent Share
twitter facebook
Re:70% (Score:5, Funny)

by tsm_sf ( 545316 ) writes: on Monday October 05, 2009 @04:38PM (#29649407) Journal

I've never really understood the whole Mac vs. WIndows debate, and it's even more pointless now that you can have Mac, Win, and Linux running on the same box at the same time. Now, vi vs. emacs is a legitimate jihad.

((vi is better))

Parent Share
twitter facebook
Re:70% (Score:3, Funny)

by chiguy ( 522222 ) writes: on Monday October 05, 2009 @06:32PM (#29651045) Homepage

Now, vi vs. emacs is a legitimate jihad. ((vi is better))
Sure, that's because you haven't figured out elisp. It should be

(setq vi better)
or
(setq is-vi-better (better vi emacs))

Parent Share
twitter facebook
Re:This could be avoided. (Score:3, Funny)

by theArtificial ( 613980 ) writes: on Monday October 05, 2009 @07:59PM (#29651883)

Windows Genuine Exploits?

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

A morsel of genuine history is a thing so rare as to be always valuable. -- Thomas Jefferson