The botnet formerly known as Mega-D has been put down this thanks to the work of some intrepid security experts who took it into their own hands to have it knocked down.
The man responsible, Atif Mushtaq, working for security firm FireEye, blogged about his ongoing attempts to take down the botnet, having this week succeeded in effectively wiping it out. Mushtaq’s initial interaction with the botnet came when he was attempting to prevent infection of clients’ machines, during which he learned an awful lot about just how it ran.
According to the Inquirer the method that Mushtaq and two of FireEye’s other researchers used was relatively straightforward; first they contacted the Internet Service Providers hosting the Mega-D command and control servers. In most cases, just calling the ISP and informing it of just what it was hosting seemed to be enough to achieve movement against the botnet.
Eventually, the team managed to soak up the various backup domains that infected machines would be likely be dialling back to once the initial servers went down. It’s all relatively simple, but the fact that it’s been done so quickly and so very elegantly by just three people is particularly impressive. Mega-D has gone from a 250,000 machine strong botnet to a memory very quickly indeed.
Of course, for those of us who haven’t interacted too much with botnets or don’t have an irrational fear of them, the biggest change will likely be the drop in worldwide spam. Mega-D was, apparently, among the top ten biggest spam bots for a full year, so it having effectively died should leave a hole… at least until some other nastiness can seep in to replace it.