Researchers Hijack Mebroot Botnet, Study Drive-By Downloads 130
TechReviewAl writes "Researchers at the University of California at Santa Barbara hijacked the Mebroot botnet for about a month and used it to study drive-by downloading. The researchers managed to intercept Mebroot communications by reverse-engineering the algorithm used to select domains to connect to. Mebroot infects legitimate websites and uses them to redirect users to malicious sites that attempt to install malware on a victim's machine. The team, who previously infiltrated the Torpig botnet, found that at least 13.3 percent of systems that were redirected by Mebroot were already infected and 70 percent were vulnerable to about 40 common attacks."
70% (Score:3, Funny)
Re:arrest them (Score:4, Funny)
It's the principle of the thing. Botnet creators are entitled to a reasonable expectation of privacy, under the law, right? Besides, if it were YOUR botnet they were infiltrating, you would be pissed, too.
Re:Great idea, narrowly averted (Score:4, Funny)
What if that vulnerable system was responsible for something critical and hadn't been patched because the patch broke the application, for instance?
Ah, I've seen you've read the Admin Handbook: "Even if your critical system has been compromized and is a zombie in some malicious botnet, do not patch the vulnerability if the patch might compromise your critical system."
/sarcasm
yes, if it's not broken, don't fix it... then again, your definition of broken appears to be broken
Re:70% (Score:5, Funny)
((vi is better))
Re:70% (Score:3, Funny)
Now, vi vs. emacs is a legitimate jihad. ((vi is better))
Sure, that's because you haven't figured out elisp. It should be
(setq vi better)
or
(setq is-vi-better (better vi emacs))
Re:This could be avoided. (Score:3, Funny)