It is fascinating.  I am surprised the US is the number one place, especially given the publicity of the current "regimes" take down of Mega Upload.

Yes, Dr Guy... I think the botnet picture is very complex and dynamic... shifting from servers here and/or there to entirely different ones at defferent frequencies for different botnets.

I'm pretty sure also that public announcement of location serves to warn the criminals on one hand, but it serves another purpose as well... when they have to duck and move, a command must be given to do so, and perhaps that's what the LEOs are looking for: The path to the source of that order... perhaps not. Very hard to know.

Certainly, the FBI, Defense establishment and NSA are very interested, as DDoS attacks (not just financially related criminal activity) are real threats to our military, industrial and infrastructure and these (and other servers) might well be involved in these.

Speaking of Mega Upload. The dude has started another website and already has a slew of followers. How can one already indicted, and I use the term loosely, be allowed to go at it again? As for Botnets....they have one failing.....no matter who creates them.......they can't think outside the box. There are some folks who can't do that either but that's another story.

Well, part of his defense is that the government (here) refused to let him remove the bad stuff. Also, that his arrest was illegal.

I'm not sure I understand that... the whole point of a botnet is to use infected computers separately or in concert... so what would "outside the box" comprise/entail?

When you send a PM down on the bottom are letters/numbers to enter, the captcha thingy. I've seen this on other sites......put there to frustrate botnets. There is a background designed I believe to do just that. A botnet sees it and can't distinguish between the two....can't think or see the letters or numbers because of it. Maybe outside the box is the wrong term.....try intuitive. Its a bot after all and can only do what they're told i.e. programmed to do. If the botnet is so easily frustrated by the background so then must the creator because the variables are infinite. Can't think of everything.

A botnet used to disseminate malware or to be used in a DDoS attack wouldn't require such a mechanism. The botnet simply sends and then either it, or another botnet/server receives the info collected. Not understanding how a "Captcha" would apply in that setting, Uvah.

Botnets consist of a group of computers known as "zombie" computers that have been compromised by drive-by-downloads of software that can be controlled by hackers with malicious intent. They are 'controlled' by a C&C server. The ways to defeat them are full fledged security systems, disabling unused ports, isolation and education of users as to the ways they become infected and how to prevent/avoid them (like url sniffers, not opening email from unknown sources, verifying urls) but none of them are perfect.

Not perfect just about covers it. They can't open a locked door or bypass a security system because it knows what to look for. Botnets have been around a long time and in some cases are easily recognized but they are still limited to doing just one thing and that's their downfall. Like the Japanese during WWII, incapable of improvising because the leash on them was too tight.  

Doh!

Zombies?!!!

What is the purpose of these Zombies?

Identity theft?

Banking Info theft?

Email contacts theft in order to send those tricky emails supposedly from a familiar, somewhat trusted source (ie. email from "Mom" but really a hi-jacked email from some twit in Nigeria)

Obviously, knowing a little about the Nature of Man, these Zombies want to get sensitive, exploitable information to be used for nefarious purposes {ie. monetary gain where no work has been done...much like Wall Street Investing Advisors {sry had to do that}}

Cool posts, thanks.

SS

My solution has always been to turn off/disable ANYTHING that allows a download to my PC w/o my interaction...Windows Updates, Jave Updates, Adobe Updates, Driver updates, DirectX, any C++ updates, any PhysX updates, and never even click on images,etc. in emails I am not 99% certain is okay.

I run a relatively "open" PC for Overclocking/gaming reasons, but have not had an issue in years {no AV/all control done via windows FW}. Is this a reasonable strategy for a home-user?

When, in the past, I have had a virus or something really bad happened that I just could not "Fix", it usually resulted in a last resort reformat of HDD(s), which as you know, can be a nightmare...But, after doing this 2 or 3 times, backups on sterile HDD {in storage} allows fairly quick repairs.

SS