Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security IT

Researchers Hijack Mebroot Botnet, Study Drive-By Downloads 130

Posted by ScuttleMonkey from the hijack-and-inject-vaccine dept.
TechReviewAl writes "Researchers at the University of California at Santa Barbara hijacked the Mebroot botnet for about a month and used it to study drive-by downloading. The researchers managed to intercept Mebroot communications by reverse-engineering the algorithm used to select domains to connect to. Mebroot infects legitimate websites and uses them to redirect users to malicious sites that attempt to install malware on a victim's machine. The team, who previously infiltrated the Torpig botnet, found that at least 13.3 percent of systems that were redirected by Mebroot were already infected and 70 percent were vulnerable to about 40 common attacks."
This discussion has been archived. No new comments can be posted.

Researchers Hijack Mebroot Botnet, Study Drive-By Downloads More

Researchers Hijack Mebroot Botnet, Study Drive-By Downloads

Comments Filter:

  • Re:arrest them (Score:5, Insightful)

    by noundi ( 1044080 ) on Monday October 05, 2009 @03:39PM (#29648633)

    so universities can break the law but common criminals can't? remind's me of nazi/japanese experiments on humans in the name of 'science'.

    Really? Intercepting a botnet reminds you of experiments leading to the deaths and suffering of thousands of helpless adults and children? No I see your point, exactly the same thing.

  • Re:Like stealing illicit drugs? (Score:3, Insightful)

    by ground.zero.612 ( 1563557 ) on Monday October 05, 2009 @03:41PM (#29648663)
    You mean colleges and universities are held to a double standard? Blasphemy! Next you'll be trying to tell me that politicians and government officials are held to a double standard...

  • Re:Like stealing illicit drugs? (Score:5, Insightful)

    by noundi ( 1044080 ) on Monday October 05, 2009 @03:43PM (#29648687)

    Strikes me that this is a "crime" somewhat akin to stealing money from a drug dealer. Sure, I guess you are doing something "illegal" since it's not your money, but it's not like the drug dealer is going to report you to the police...

    Announcing this activity publicly doesn't strike me as particularly prudent, even if it is valuable information...

    Not even that. There is absolutely no personal gain for them in this. Even stealing the money has a gain and this experiment neither hurts nor benefits anybody. It's a completely neutral act not to be trolled into some nonsensical paralell about murder or theft.

  • This is more like intercepting and recording the conversations had among a network of criminals, which yields a lot of good insights into how these organizations operate. This can be extremely valuable information if it's forwarded to appropriate law enforcement personnel, which don't always have the technical talent or resources to conduct investigations like this in the first place.

  • Karma at it's finest (Score:2, Insightful)

    by Flowstone ( 1638793 ) on Monday October 05, 2009 @03:45PM (#29648717)
    Leave it to people who exploit pcs to get sloppy enough to leave the kitchen door unlocked. Its more like carjacking a carjacker's own personal vehicle. News or no news, its a ray of sunshine that reminds us that this universe still has a balance. And it's got a sense of humor.

  • Re:arrest them (Score:5, Insightful)

    by clone53421 ( 1310749 ) on Monday October 05, 2009 @03:55PM (#29648819) Journal

    so universities can break the law

    They broke the law? Citation needed.

    Oh wait... you didn't even RTFA.

  • Re:Great idea, narrowly averted (Score:3, Insightful)

    by Zocalo ( 252965 ) on Monday October 05, 2009 @04:12PM (#29649025) Homepage
    I think the same idea came up when this group hijaaked the Torpig net, and quite probably on several other similar occassions. Unfortunately, that opens up a whole new can of worms, if you'll excuse the pun. Specifically, if they issue commands for a botnet to shut itself down, or try to patch a vulnerable system, then they potentially become liable for whatever might go wrong. What if that vulnerable system was responsible for something critical and hadn't been patched because the patch broke the application, for instance? Or if the Botnet's "suicide" command did indeed remove the problem... by completely wiping the hard disk of infected systems?

  • Re:Like stealing illicit drugs? (Score:3, Insightful)

    by kdemetter ( 965669 ) on Monday October 05, 2009 @04:24PM (#29649161)

    It's more like a private investigation of a crime , finding proof and then making it public.
    This is something journalists do all the time.

  • Re:Great idea, narrowly averted (Score:4, Insightful)

    by catmistake ( 814204 ) on Monday October 05, 2009 @04:41PM (#29649469) Journal
    This liability excuse sounds like bullshit. Who is liable for a zombie? Let's do a little metaphor:
    Rob Zombiemaster is robbing a bank. During the robbery, in a failed attempt to stop it, a guard shoots and misses Zombiemaster and hits the bank president in the head, killing him instantly, but also causing him to drop his cigarette into some flammable solvent someone was working with in the vicinity. The bank goes up in flames and burns down the whole block, killing everyone except Rob Zombiemaster and the guard. Zombiemaster escapes clean, with the money, and never killed anyone. The guard tells the authorities the tragic truth about his actions.

    With whom does the liability for this catastrophe lay? With the guard? He did kill his boss and everyone on the block except the robber, so that's a reasonable assumption, though wrong. The liability for the deaths and property destruction still rests squarely on the shoulders of the wily Rob Zombiemaster, who, upon capture, will promptly be charged with multiple counts of murder long before he's charged with mere bank robbery. The guard gets off scott free.

    Those lawyers sound more like lazy CIO's, but with no law degree, and less balls.

  • Re:Great idea, narrowly averted (Score:3, Insightful)

    by Zocalo ( 252965 ) on Monday October 05, 2009 @05:04PM (#29649917) Homepage
    I didn't say "don't fix the issue", just that there are occassions where you can't immediately apply a patch, no matter how desirable it might be. Sadly this scenario does happen from time to time and particularly so with enterprise applications, where "enterprise" is defined as "very expensive software with only a comparatively small number of customers and an even smaller group of developers". It's not just expensive, non-COTS applications either. Case in point Microsoft's DLL Hell v2.0 [slashdot.org] issue. Equally, it's not just a Windows issue; some time ago I had a business critical manufacturing application segfault when attempts were made to run it under an updated version of the Linux Kernel on a test box. Unfortunately said Kernel was released to address a rather trivial exploit and we had to try and mitigate the risk as best as possible while waiting for the vendor to fix the problem.

  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Monday October 05, 2009 @05:34PM (#29650455)
    Comment removed based on user account deletion

  • Re:This could be avoided. (Score:3, Insightful)

    by Judinous ( 1093945 ) on Monday October 05, 2009 @06:50PM (#29651243)
    I'm not sure what planet you're from, but around these parts, pirated copies of Windows pass WGE checks just fine.

  • Re:Like stealing illicit drugs? (Score:2, Insightful)

    by mysidia ( 191772 ) on Monday October 05, 2009 @09:11PM (#29652429)

    Without the details of their research methodology at hand, you have no basis for claiming they might have committed a crime.

    Maybe if/when they publish their paper, you can reasonably assess that, not until then.

Slashdot Top Deals

With your bare hands?!?

Close