Noa Bar-Yosef, Imperva's Senior Security Strategist comments, "A new way to dismantle a botnet: for the first time, US federal prosecutors obtained a court order allowing them to build an alternate C&C server to the Coreflood botnet C&C server. As a result, zombie machines in the Coreflood network are being re-routed to communicate with the server controlled by law enforcement agencies. The "good" server can then issue commands to stop the malware execution on the compromised machines."
In a rather thoughtful move, this server is also logging IPs of the machines communicating with it - i.e. the victims. Agencies can then work with the ISPs so that they can accordingly inform the victims. What this means is to have ISPs actually inform the victim, provide information on the removal of malware and increase security awareness.
This is the correct move. ISPs should not play cop - by removing suspected infected machines from the internet. Rather, they should know how to deal with infected machines and provide them with the tools to deal with threats.
For more on the Coreflood Stops Flooding story visit: http://www.theregister.co.uk/...
For more on Imperva visit www.imperva.com
In a rather thoughtful move, this server is also logging IPs of the machines communicating with it - i.e. the victims. Agencies can then work with the ISPs so that they can accordingly inform the victims. What this means is to have ISPs actually inform the victim, provide information on the removal of malware and increase security awareness.
This is the correct move. ISPs should not play cop - by removing suspected infected machines from the internet. Rather, they should know how to deal with infected machines and provide them with the tools to deal with threats.
For more on the Coreflood Stops Flooding story visit: http://www.theregister.co.uk/...
For more on Imperva visit www.imperva.com
