Good Guys Bring Down the Mega-D Botnet
Posted: Wed 30 Dec 2009, 13:40
Here’s how a trio of security researchers used a three-step attack to defeat a 50,000-pronged botnet.
MessageLabs, a Symantec e-mail security subsidiary, reports that Mega-D had "consistently been in the top 10 spam bots" for the previous year (find.pcworld.com/64165). The botnet's output fluctuated from day to day, but on November 1 Mega-D accounted for 11.8 percent of all spam that MessageLabs saw.
Three days later, FireEye's action had reduced Mega-D's market share of Internet spam to less than 0.1 percent, MessageLabs says...
...........
"It takes time and resources and money to do this day after day," Stewart says. Other, under-the-radar strikes at various botnets and criminal organizations have occurred, he says, but these laudable efforts are "not going to stop the business model of the spammer."
Mushtaq, Stewart, and other security pros agree that federal law enforcement needs to step in with full-time coordination efforts. According to Stewart, regulators haven't begun drawing up serious plans to make that happen, but Mushtaq says that FireEye is sharing its method with domestic and international law enforcement, and he's hopeful. ...