Twitter transformed into botnet command channel For the past couple weeks, Twitter has come under attacks that besieged it with more traffic than it could handle. Now comes evidence that the microblogging website is being used to feed the very types of infected machines that took it out of commission. That's the conclusion of Jose Nazario, the manager of security research …
leave the control channels in place and get the AV vendors to monitor it. The AV vendors could then subscribe to the same feeds and get realtime updates on the malware being pushed out, giving them a leg up on detecting new malware. On top of this they could try and track down the controllers of the botnet and maybe even send details of the zombie PCs to the relevant ISPs.
Cutting of a single control channel is slightly inconvenient for the bad guys, but I bet they have fallback channels to enable them to regain control of their botnets. A bit like a hydra, the channels are quickly replaced and we never really get anywhere against the bad guys.
But then it's not in the interest of AV vendors to solve the problem now is it. They stand to gain a hell of a lot more by just bandaiding the situation.
While I personally profit from helping people get rid of viruses and other malware from their home computers, it is tedious and boring work and I would much rather spend my time on something more interesting.
Why give the AV vendors a free ride?
Seriously the law enforcement (in whatever guise that maybe) had a duty to stop these botnets as quick as possible, stopping many people falling victim to its attacks and other dubious uses.
Allowing the control channels to stay open, provided the AV vendors with revenue streams.
IF the AV vendors are as good as they say they are, they should be working to provide solutions without having the control channels open - ergo they should be monitoring them way before the law closes them down.
To provide another analogy, its like police allowing a money-counterfeiting gang to keep operating just so that the companies that detect the fake notes can keep protecting the customers who buy their products. - What about the customers who DO NOT buy their products?
Nah, Im fully in favour of killing it at source.
But this just goes to show that AV vendors are running out of steam and can't provide solutions that dont run your system at 90% cpu and max ram just to compare files against a database all the time.
/paris because word is she doesnt run out of steam.
If they (Twitter) had left it in place, Twitter would likely have had some legal responsibility for subsequent victims and any losses they suffered.
It is interesting that some of the malware included apparently uses a website at bancobrasil to store stolen information. I wouldn't be comfortable being a customer of said bank if I knew someone was using their servers for nefarious purposes, apparently without the bank having any knowledge of such activity.
If twitter has complete control over all the channels, why don't they just publish a false update that would remove the bot software, essentially killing the entire botnet. Rather than just force the botnet owner to go to their backup channels, they would shut down the entire botnet at once...
Of course you'd probably need to do quite a lot of reverse engineering to work out what kind of format the patches are in, and I would imagine the botnet creator signs their patches in order to stop rogue software installations.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
