There's a thread about botnets in the spiders forum that led me to a potential'y great idea:
[
webmasterworld.com...]
Perhaps a way to stop the botnets is to MOCK the botnets and reverse attack them.
When email comes in with file attachments that in theory would infect our machines, we should write a friendly version of the command and control that we're in control of but it pretends to respond to the bot herder.
Imagine if you would, thousands, maybe tens of thousands or more machines pretending to be in a botnet.
When the bot herder issues commands we attempt to "execute" them but our fake botnet attacks the bot herder and sends along the commands to their destination with [BOTNET] prefix and details of who sent it attached.
Just like the botnet, this would be completely decentralized and have no vulnerability for the actual botnet to attack. Using TOR proxies we could enlist every machine the botnet attempts to infect to attack the bot herder and the fake-infected machines would be undetectable.
Basically, it would use stealth to attack the attackers, instead of the intended victim(s), and alert the intended victims of the attack details and where it originates.
We could fake them out and take them out all in one shot.
Instead of fearing the botnet we could bend it right back at them as what goes around, comes around.
To implement such a strategy would require a simple program to analyze incoming email for worms and viruses and then feed information to our fake-botnet routine found in these files to make it look seamless to the botnet herder like everything it working like it's supposed to work.
Little would the bot herder know the more machines he tried to infect that ran, I'll tentatively call it "BotLash" for bot backlash, that he/she/it would be instead of expanding their network, expanding a growing attack aimed at the origin.
Why nobody ever thought of this I'll never know.
If it were an embedded feature of Norton's, it would rock.
