The takedown of 100 servers used to control Zeus-related botnets may be a short-lived victory, security researchers said after discovering that about a third of the orphaned channels were able to regain connectivity in less than 48 hours. The resurrection of at least 30 command and control channels came after their internet …
De-Peering Russia and Ukraine ?
Why don't we just "de-peer" Russia and Ukraine as a Whole ? Apparently the botnet criminals have free reign in these countries.
That kind of pressure might compel the authorities to lock up their international computer criminals. And we don't need Russian or Ukrainian web sites anyway.
You know that the US are number one, right?
Apparently the US are the number one origin of computers attacks through the internet... and we don't need american websites anyway: all the good pr0n is hosted in Russia and Ukraine.
And along with former Eastern Bloc nations generally...
...most of the worthwhile antivirus vendors too!
But we do want...
... their Gas so lets not cheese them off to much eh?
You should probably start with China and Turkey then
The subject of limiting by geography is actually fairly old and well discussed. There are a couple of bugtraq threads on the subject. On the balance of things however Russia and ex-CIS is probably not the worst offender.
If you want to depeer by country you should probably start with Turkey (email spam), China (relentless brute-force cracking of ssh, pop, imap and other password based services), etc. The sole reason C&Cs are not in China for example is the great firewall of China. With the chinese attitude to security and AUPs (and law and order in general) we are lucky that incoming connections into China are subject to "government inspection". If they were not...
When I first read about this my immediate thought was, what is the point? You either block access to *all* of the C&C machines, or you may as well not bother. Botnets are *designed* so that they can cope with C&C machines going offline. It's *expected* that they will.
Kick those providers to the curb
Why is there not an international mandate to excommunicate computers and networks involved with cybercrime? How do legitimate providers get away with habouring malware control servers? It seems pretty crazy when goverments go on big spiels about stamping out spam when their command and control servers go untouched.
You are just now noticing that governments tend to be bigger on rhetoric than action? Talk is a lot cheaper and easier than action and it's not just limited to internet security.
De-peer both US and Russia
Since Russia controls the US botnets, de-peer both of them and everybody wins. Right?
A while back I ran a honeypot on my Verizon connection. I found between 500 to over 1200 attacks per day, with most of the attacks originating from other Verizon IP addresses. Every country with a network connection tried to connect to my IP. Since the majority of attacks came from my virtual neighborhood, that means that Verizon and other providers should chopped. No network connection means no botnet, so problem solved.