> > ============= > The only permanent solution is advocating to politicians for more > international legislation and laws to be passed for more involvement > between cyber security professionals and federal law-enforcement agencies. > Sinkholing is a temporary solution but finding the groups behind the > botnets and allowing law enforcement to apprehend them is the only > permanent solution to the problem. New regulations will give more > jurisdiction to execute the following countermeasures: > > Carrying out mass remediation via a botnet > Using the expertise and research of private companies, providing them > with warrants for immunity against cybercrime laws in particular > investigation > Using the resources of any compromised system during an investigation > Obtaining a warrant for remote system exploitation when no other > alternative is available > > After the taking down the old Hlux we asked your readers on securelist.comhow > Kaspersky should proceed with the botnet: The answer was quite clear: > Only 4% voted for “Leave the botnet alone.”. 9% agreed with “Keep the > sinkholing up and provide IP address logs to the appropriate contacts so > they can take actions.” and 85% voted for “Push a cleanup tool that removes > the infections.”. In this poll 8539 votes were counted. > =========== > I actually really like this advice. I'd even take it a step further, remove all cybercrime laws. Crazy? Maybe. But I'd really love the Internet to turn back to the wild west it once was. Sure people will get robbed and it'll act as a catalyst to horrible people. But it'll always enable everyone at least as much as the horrible people. Subsequently the people can safeguard the others. We could, by necessity, create *actually secure* systems. Crazy, I know. The researchers said that security companies are informing Internet service providers about the infections, but cannot legally take direct action to clean up the machines. ....
.... But "there is one other theoretical option to ultimately get rid of > Hlux," Ortloff wrote. "We know how the bot's update process works. We could > use this knowledge and issue our own update that removes the infections and > terminates itself. However, this would be illegal in most countries." Once again proving cybercrime-laws are the only real cybercrime. The security company people told the Ars Technica reporter that they >> were surprised that the Botnet operators didn't try to recover control >> of the bots. > > (If I was them, I'd be worried about backtracking. Once I knew I was > under attack, I would prefer to cut & run rather than reveal.) And given that the botnet's low size and thus low profit. Good observations and calculations. So, let's say you wanted a botnet to > do mining. What could you do to improve that? Get a bigger network! Targeting gamers would also help, given their hardware. In short: 1) Virality. Make it spread like the worst wildfire you can imagine. No remorse, no half measures. 2) Stealth. Be hard to notice (don't use all resources). Evade antivirus software in rigorous manners. Anything goes. Fake drivers, emulated OS, intermix with legitimate services (protip: stolen opensource games, fake/infected scene releases), anything. Don't forget that most users don't care, and couldn't even if they tried. They will run, with admin rights, anything they think is trustworthy, and they're pretty trusting. Intermix with legitimate (but stolen and rebranded) would be fairly good. That'd even allow advertisements to be bought for them. Performance is nodes*avg_node_performance. Either target better nodes, or more of them.
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
