Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: phranque
To be confident that the bot could not be quickly shifted to new infrastructure, we sought and obtained a court order allowing us to work with the U.S. Marshals Service to physically capture evidence onsite and, in some cases, take the affected servers from hosting providers for analysis.
Specifically, servers were seized from five hosting providers operating in seven cities in the U.S., including Kansas City, Scranton, Denver, Dallas, Chicago, Seattle, Columbus and, with help from the upstream providers, we successfully severed the IP addresses that controlled the botnet, cutting off communication and disabling it.
This case and this operation are ongoing and our investigators are now inspecting the evidence gathered from the seizures to learn what we can about the botnetís operations.
With the Rustock takedown -- the first of several that are now in the works -- the Internet community has polished a technique for getting rid of complex global networks of malicious computers, said Barry Greene, president of the Internet Software Consortium, makers of the BIND Domain Name System (DNS) software. It all started months ago, as a large group of Internet researchers observed Rustock and developed techniques to destroy it. Then a much smaller trusted group was deputized and given the job of managing the takedown with law enforcement...
Because infected Rustock machines have a Plan B to connect to their controllers on specific Internet domains when the regular command and control servers are taken offline, Microsoft also had to work with Chinese authorities to prevent Rustock's operators from setting up new domains.
An Internet service provider associated with online crime and child #*$!ography briefly came back online over the weekend before being cut off again, according to security vendors.
McColo, whose servers are in San Jose, California, was cut off from the Internet last week by its upstream providers after an investigation by computer security analysts and the Washington Post.
But McColo came back online on Saturday after connecting with Swedish ISP (Internet service provider) TeliaSonera, which has a router in San Jose, according to Ross Thomas, writing on the blog for security vendor Sophos.
After complaints, TeliaSonera quickly moved to cut off McColo again, Thomas wrote. But the brief renewal in connectivity did allow cybercriminals running botnets out of McColo's networks to take steps to preserve their operations.
By far the worst that I can think of are DDOS attacks which are not dependent on hosting.
Windows PowerShell 2.0 and WinRM 2.0 for Windows Vista (KB968930)
MS has been strongly suggesting this be installed for a few weeks now (some correlation?).
And you won't because they might be trying to trick you or something?TMS Wow! What a rant from a mistaken inference.
If I was a Windows userSince you're not a windows user; Microsoft rates their updates; Critical, Important, Recommended, Optional, and in some cases even Risky (My Term).
Finally, I can't wait till the IPhone botnet takes down the cell phone system with a Denial of Service attack.