Botnet Gets Put Down

by

The botnet formerly known as Mega-D has been put down this thanks to the work of some intrepid security experts who took it into their own hands to have it knocked down.

Among the best 'security' pictures I've ever seen 😉

The man responsible, Atif Mushtaq, working for security firm FireEye, blogged about his ongoing attempts to take down the botnet, having this week succeeded in effectively wiping it out. Mushtaq’s initial interaction with the botnet came when he was attempting to prevent infection of clients’ machines, during which he learned an awful lot about just how it ran.

According to the Inquirer the method that Mushtaq and two of FireEye’s other researchers used was relatively straightforward; first they contacted the Internet Service Providers hosting the Mega-D command and control servers. In most cases, just calling the ISP and informing it of just what it was hosting seemed to be enough to achieve movement against the botnet.

Eventually, the team managed to soak up the various backup domains that infected machines would be likely be dialling back to once the initial servers went down. It’s all relatively simple, but the fact that it’s been done so quickly and so very elegantly by just three people is particularly impressive. Mega-D has gone from a 250,000 machine strong botnet to a memory very quickly indeed.

Of course, for those of us who haven’t interacted too much with botnets or don’t have an irrational fear of them, the biggest change will likely be the drop in worldwide spam. Mega-D was, apparently, among the top ten biggest spam bots for a full year, so it having effectively died should leave a hole… at least until some other nastiness can seep in to replace it.

Advertisements

Tags: , , , , , , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: