One Botnet Down, Many More To Go

Glad to see the "big boys" are finally getting serious.

http://news.yahoo.com/exclusive-sof...er-ring-halt-searches-201207523--finance.html

 

I wonder why ISPs, search engines, Microsoft etc don't warn users more often about malware infections. Google readily warns me when I use "bad" VPN exits

Does detecting botnet infections depend on first taking the botnet down?

 

It's a grey area. it's also a slippery slope because where do you stop?

Remove the malware from infected machines without the consent of the user?

It's illegal to modify files on another computer or network in most western countries so there is red tape everywhere. As there should be when your talking about modifying files without consent/notice/permission.

On Botnets it's usually discovering the C&C servers from there you can sinkhole it. Though they are getting smarter with using encrypted reverse proxies to hide the main C&C.

 

Well, the last paragraph in the quote ...

... just says that users will be notified.

Why are they notifying about just this botnet? Is it that other botnets, which are still working properly, can't be so readily detected?

 

Criminal botnets are getting smarter, in the way they hide their C&C servers often using multiple C&C's, encrypted reverse proxies (this is how the huge torrent sites, private ones work) and more P2P technologies to keep them alive.

Government Botnets which I really do believe there a few out there will never be shut down.