Bot Posse
Gregory D Hough
mr6re9-mI4xJ4qlgtBiLUuM0BA3LQ at public.gmane.org
Sat Sep 2 12:14:38 UTC 2006
Hello LUG,
I noticed the term "Bot Posse" in an article from August 2006 Linux
Magazine, but first there is a write up today over at
http://isc.sans.org/diary.php touching on what McAfee calls
W32/SDbot.worm, Sophos calls W32/Vanebot-A and Symantec calls
W32.Randex.GEL. It has amassed exploits from the last two years
including MS04-007, MS05-017, MS05-039 and MS06-040. Also that it has
been out for a couple of days now. I submit that it has never gone away.
Further down the diary's page is this statement:
"Now, since cleaning botnets, is... pretty much impossible, prevention
is the key. If you DO get hit with a botnet infection running throughout
your network, my general recomendation is.. rebuild the box." The
Internet Storm Center's handler Joel goes on to say, "Now, I know that
sounds drastic to some of you, but it gets rid of the worm, gets rid of
the botnet, and plus you have a brand new box!" Joel concludes the
statement with "So, maintain those images, keep your antivirus up to
date, patch your boxes, and make sure your IDS/IPS is up to date."
So on the one hand we have "cleaning botnets, is... impossible" and on
the other "rebuild... gets rid of the botnet."
Is it impossible to tear down botnets and why?
greg
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list