No. 1 Story
ACCC clears Optus to scrap HFC network and use NBN instead
The ACCC has cleared, provisionally, the proposed deal between Optus and NBN Co under which Optus is to be paid around $800m to shut down its HFC network and transfer customers onto the NBN. read moreRelated Articles
Adoption of cloud computing has reached a tipping point - but don’t expect legacy...
In yet another blow to the Facebook IPO this week, following the withdrawal of...
Recruitment technology and social media have played a significant role in growing business in...
Fancy a 4G Windows Phone? Your wait may be over next Tuesday when Telstra...
Microsoft and Nokia are pushing Windows Phone hard in Australia, and Pizza Hut has...
Srizbi down but not quite out
Stephen Withers
Tuesday, 02 December 2008 06:45
Later that month, a statement from MessageLabs attributed to senior anti-spam technologist at Matt Sergeant said "Srizbi, having once been responsible for 50 per cent of all spam, is now completely defunct. Without this botnet, spam levels won't return to what they had been."
That statement appears to have been premature.
It seems that the Srizbi code had been developed with an eye to recovering from such a situation.
If a Srizbi bot loses contact with the server, it uses an algorithm to generate a seemingly random (but time-dependent) domain name, at which it attempts to contact a server.
So all that was necessary was to register one of those names in time for the bots to attempt to contact it.
While security firm FireEye spent at least $1500 registering names that the botnet would attempt to use, "as money is not infinite, soon the new domains will be available for registration by anyone, including the Botnet owner, or someone who wishes to be a Botnet owner."
And that, it appears, is what happened. Someone registered a set of domain names and used them to regain control over the Srizbi botnet.
According to the Washington Post, VeriSign, Microsoft and the US Computer Emergency Readiness Team (US-CERT) had been asked to assist in either buying up (or tying up) the domains ahead of time, with no apparent response.
The new Srizbi servers located in Estonia were subsequently shut down before much spam could be pumped out, according to The Register, although one server located in Germany was still active at the time of the report.
According to FireEye, the most active botnets are currently Pushdo/Cutwail and Bobax/Kraken.
You think you have a disaster recovery plan?
Think again. Most businesses only have PART of a DR plan - and this spells business disaster in the event of an IT disaster.
Download The Seven Sins of Disaster Recovery White Paper now and find out how you can prevent this happening to you.
