Spam-Bot Intrusion Caught — Now What? 76
An anonymous reader wonders: "I've recently detected and halted an intrusion on my home computer, taken some actions to prevent further intrusions, and located the software that was running a bot agent. Cursory examination showed that the bot software is intended for acting as an agent for spamming. Configuration files distinctly point at the user/host/domain of several bot-herders — damning evidence. Nothing would please me more than to see this botnet to be caught and disassembled, I'm sure much of the internet-using community would support this. Thanks in advance for your suggestions. So, to whom should I disclose this information for appropriate investigation, follow up, and countermeasures? "
Re:Places to report to... (Score:5, Interesting)
The spirited attack on and destruction of Blue Security [securitylandlives.com] and the spam flood that followed, does not support that assertion. Somebody wanted them gone badly, for a reason.
Name and shame (Score:3, Interesting)
contact the ISP/registrar (Score:4, Interesting)
Whois is your friend.
Re:Places to report to... (Score:4, Interesting)
This is a far cry from when botnets were controlled "in the open" on public IRC networks - the kiddies are clearly learning something with each iteration, and they are sharing that knowledge amongst themselves. Also of note is more use of packers, executable encryption and anti-debugger routines, which were completely absent from early botnet executables. Use of rootkits, as well as secondary backdoors (to regain access after the system owner detects the intrusion) are also on the rise.