Antivirus firms discover Bots

Sean_Donelan · May 15, 2004, 11:45pm

I'm glad that anti-virus firms are noticing the growth of Bots.
Unfortunately, their guestimating ability is still woefully inadequate.

Even frequent updates to anti-virus software won't help. Many
bots disable automatic updates and block access to the antivirus
sites. By the time anti-virus software detects somethings wrong,
its already too late. The solution is to make certain your computer is
not compromised, instead of relying on anti-virus to clean it up later.

Antivirus firms warn of growing 'Bot' Networks
http://www.informationweek.com/story/showArticle.jhtml?articleID=20300880

Stephen_J_Wilcox1 · May 16, 2004, 3:24pm

Hmm, so if the AV discovers an active bot is it possible to take this a step
further and locate the C&C and forward that info to relevant network operators?

Steve

Petri_Helenius · May 16, 2004, 3:29pm

Stephen J. Wilcox wrote:

Hmm, so if the AV discovers an active bot is it possible to take this a step further and locate the C&C and forward that info to relevant network operators?

With some operators specializing hosting these, what good would that do until the "big guys" start cutting them off at their borders?

Pete

Joel_Jaeggli1 · May 16, 2004, 3:36pm

Hmm, so if the AV discovers an active bot is it possible to take this a step
further and locate the C&C and forward that info to relevant network operators?

at the point the av software itself is spyware.

joelja

Stephen_J_Wilcox1 · May 16, 2004, 3:38pm

I mean fwd to some central location to be shared with various operators rather
than spamcop style org lookup ..

Steve

Stephen_J_Wilcox1 · May 16, 2004, 3:39pm

>
> Hmm, so if the AV discovers an active bot is it possible to take this a step
> further and locate the C&C and forward that info to relevant network operators?

at the point the av software itself is spyware.

no its not providing you state on the packaging what you do.

Steve

Petri_Helenius · May 16, 2004, 5:21pm

Stephen J. Wilcox wrote:

I mean fwd to some central location to be shared with various operators rather than spamcop style org lookup ..

My statement holds even in this case. What good would this do beyond honeypots which can be used to collect this information in less than a week?
If somebody would be interested and have the means in hunting down and closing the zombie/spam commanders it could be done today. Getting their whereabouts is not the issue.

Pete

Gregh · May 16, 2004, 9:59pm

Please note the "removal tool" from Mcafee, called Stinger, has also been
targeted by some. Just attempting to run it off a floppy or CD will not work
nor will it be allowed, by some of them, to be copied to HD. The simple
answer is to download it and rename it to something else before introducing
it to the new machine AND booting safe mode for Windows machines to get it
going, anyway.

I have also noted that permissions on XP machines have been altered but so
far have not noticed the Admin account being changed at all unless the user
is actually using the setup Admin account as the only account on the
machine.

Greg.