Srizbi Botnet Re-Emerges Despite Security Firm's Efforts

[David Farber <dave () farber net>]

http://voices.washingtonpost.com/securityfix/

In the fallout resulting from knocking McColo Corp. offline, this past  
week may prove to be a missed opportunity in the prevention of a  
dramatic reappearance of junk e-mail, as a botnet that once controlled  
40 percent of the world's spam apparently has found a new home.

The botnet Srizbi was knocked offline Nov. 11 along with Web-hosting  
firm McColo, which Internet security experts say hosted machines that  
controlled the flow of 75 percent of the world's spam. One security  
firm, FireEye, thought it had found a way to prevent the botnet from  
coming back online by registering domain names it thought Srizbi was  
likely to target. But when that approach became too costly for the  
firm, they had to abandon their efforts.

"This cost us a lot of money. We engaged all the right people. In the  
end, it comes back to the fact that there wasn't a process in place to  
do what we were trying to do," said Alex Lanstein, senior researcher  
at FireEye. "The day after we stopped registering the domains, the bad  
guys started picking them up."

According to FireEye, Srizbi was the only botnet operating through  
McColo that had a backup plan in case their master control servers  
were ever unplugged: The malware contained a mathematical algorithm  
that generates a random but unique Web site domain name that the bots  
would be instructed to check for new instructions and software updates  
from its authors.

snip


-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com