Seems to me that having a known date of attack and known target is an ideal opportunity to log the IP addresses of the actual infected hosts. Since the http request has been identified, the botnet boxen can be singled out from legitimate users. Then the target sends the info to the ISPs with a legal request to stop providing the means of the attack. The ISPs for the botnet hosts should notify the account holders that their computers are now part of the problem -- clean up or be blocked from the 'Net.

Hope I don't offend anyone by implying ISP should actually ACT on this problem, or that -- horrors! -- computer owners be held responsible for their own negligence! One would think that knowingly being part of a botnet would render a party legally responsible just like failing to confine a vicious dog to the backyard.

for ISP's to disconnect infected parties until they clean up their computers. There are a lot of muppets around and they should pay the price by being disconnected.

Why not just send an update that disables the machine e.g. by looping, until the delinquent owner gets it fixed?

I'm afraid that it would be against the law - under the Computer Misuse Act - for us to change the visiting infected computers without the owners' permission.

Not as easy as you might think. The report referenced in a Reg article a mere week ago ( http://www.theregister.co.uk/2009/02/23/conficker_variant/ ) suggests that there's some clever enough encrypted signature verification at work to ensure that only updates by the original virus' authors will be accepted and processed.

First, the updates are "signed" by private key encryption. The public key is in the worm binary itself, but the private key is, well, private and only held by those responsible.

As for identifying infected machines, I was thinking the same thing. This is a perfect opportunity to set up filtering which would identify the estimated 9m+ machines infected with the worm. At the very least, this would seem to provide a fairly accurate head-count. Good opportunity for the Feds, I would think.

Of course, holding individuals and ISPs responsible for this outbreak is pure rubbish. All of us are victims. Follow the trail back far enough and along the way you will find the virus writers' parents are at fault, but only because of a lack of a relationship with their siblings. But that, of course, is the result of an overbearing parental structure, which was, in turn, the result of puritanical views of child-rearing prevalent in the local culture. Go back far enough and you can probably blame God.

Is that it? In our new culture of victimization and self-perpetuating mediocrity, is everything God's fault? Ultimately, are we all victims of God's lack of competency or action against Evil? My word, what will they think of next? (And Holy Carp, I went a long way for that one!)

Paris, I blame God.

This has been debated to death already. It sounds like a good idea, but would be illegal as an act of computer intrusion. They'd also be liable for any and all damage it causes. With millions of infected machines, anything you write is all but guaranteed to screw up on some of them.

mark@beaker:~$ ping wnsux.com

ping: unknown host wnsux.com

mark@beaker:~$ ping www.wnsux.com

ping: unknown host www.wnsux.com

...so I like the idea of identifying infected machines and contacting the owners, perhaps even cutting them off!

Whilst it won't get all of them, and it's only one infection out of many, it might *just* serve as a wake up call to people that "t'internet" is the electronic Wild West, and not a place to meander around unprotected and not expect to get mugged in some way!

Since virtually all of this runs off systems running their software. The sad part if that they COULD actually fix this if they were to have written any version of windoze properly....

(1) you only are allowed to install into your own program files folder

(2) you maynever create hidden files

(3) you may never create rootkits

(4) you may never update anything in widoze folder

(5) you may never update the registry (worst idea, EVER)

(6) you may only execute in your own little sandbox

(7) you may not access the internet without permission of the firewall

I dibs IP on all this

(Insert appropriate pun here)

Just insert some global govt interstitial Ads into said http requests, so that the evil botmaster gets some social reprogramming, all paid for by advertisers.

The software to do this is phucking called "Ph**m" mate, you can get it on torrents :-)

Mines the long coat with unbreakable encryption on the pockets, and a tin-foil hood.

Paris, cos she can lick my .conf anyday.

Where is this list that tells it what to do next?

and why arnt the police kicking its door down????

paris, cos i'm obviously missing something