back to article Botnet takedowns 'don't hurt crooks enough'

The takedowns of the Mariposa and Waladec botnets last week were victories for the good guys, but security experts warn that although cybercrooks suffered a bloody nose they collectively retain the upper hand in their ongoing conflict with law enforcement and its security industry allies. "We have had significant victories …


This topic is closed for new posts.
  1. Oninoshiko

    Crimes must be illegal to be crimes.

    "countries where it isn't illegal to engage in online criminal activities"

    If it isn't illegal, then how is it a crimanal activity? I suppose i know what he ment, but still, isnt there a common "stop trying to force your laws on us, US" meme? Isn't whats good for the goose, good for the gander?

  2. Anonymous Coward
    Anonymous Coward

    Surely the solution lies with cleaning the infected computers?

    Perhaps it needs a 'choice window ' in a similar fashion to the browser choice window for those who are not running AV or whose subscription has expired?

    1. henrydddd

      cleaning the infected computers? → #

      It take more than an anti virus package to keep a computer clean. How can the little guy who has little resources and inadequate knowledge fight viruses when it is obvious that large corporations, with unlimited resources and a high level of technical skill, cannot fight these viruses and bot-nets.


      1. Anonymous Coward
        Gates Horns

        RE: cleaning the infected computers?

        "it is obvious that large corporations, with unlimited resources and a high level of technical skill, cannot fight these viruses and bot-nets."

        What's more, one of these companies makes an operating system so bad that a 3-year old is almost capable of writing a botnet for it...

  3. TeeCee Gold badge

    Well DUH!

    So the rewards for building a huge botnet are potentially in the millions and the risk is "having to go to all that effort again if it's taken down".

    Losing the battle? Not even bloody fighting it might be more accurate. IIRC the only reason they caught the bloke behind Mariposa was 'cos he was too greedy to just walk away when it went obviously pear-shaped on him.

  4. Nerd King

    f*cking title

    Get windows off people's computers, educate them, give them the penguin. Once done, no more botnets. Simple.

    1. Anonymous Coward
      Anonymous Coward

      @Nerd King

      It's not so much that they need the pengiun - they just need to ditch the monstrosity that is windows.

  5. Neal 5


    In parts you are right, yes, greed caught the "butterfly" botnet admin, but you are so wron, or lack so little knowledge of Bots or how their networks operate it's beyond belief or comment.

    It isn't for the networks to wipe your arse, try buying some toilet paper for yourself, or at least research some of the Bots, at least the technological side of them, learn the files they use/manipulate, learn the command prompt and it's instructions and get yourself cleansed. It ain't hard and only needs maybe 30 mins of active participation to cleanse yourself.

    People like you, are their own worst enemies. I feel sure you have at least a nuance of computer savvy, or are you just punch (card) drunk.

  6. Anonymous Coward
    Anonymous Coward


    I have turned a good 30 million + boxes into "bots" over the past 12 years (netbios kid) and it's easy as pie ;-) Eventually I did of course get caught and I am still awaiting some court cases over the matter.

    If you infect 1 million PC's and lose contact, which does happen, you go and infect another 1 million PC's and through organising the hosts you soon notice that many are THE SAME idiots getting infected over and over.

    By disabling ANY botnet all you are doing is temp stopping access whilst the botnet owner spends a week reinfecting the same bunch as they infected before.

    The ONLY way to stop people like me, is to prosecute. This brings the realities of what you are doing home, fast. There is always a route, botnet admins are lazy and do not always proxy into everything and even when they do they often use the same proxies over and over, meaning if you monitor the proxy then you can find the source.

    My advice is to never do takedowns but to monitor the nets until a way is found of identifying the owner. If more owners are prosecuted the realities soon drive home that a jail sentence is VERY possible and we would soon see a sharp drop in infections which will see a corresponding drop in SPAM. Bad news for AV and Anti-spam companies but good news for the average internet user.

    1. Dunhill

      education ?

      The majority of the people who get infected refuse to understand/read anything about their pc/operating system, they just click on buttons till something happens, they disable/uninstall anti-virus programs if they cannot get access to their infected documents or external devices.

      Those will never, AND I REPEAT NEVER, accept anything that changes they way they (mis)use their pc out, of free will.

      Maybe the only solution is to confiscate the infected pc's (will be difficult in companies) till the user(s) went to school/training after paying a fine for the cost of their unwillingness to be a "good" computeruser.

      Till than , bringing down botnets is just bringing water to the sea.

      And the source of all of this is the stupid idea of some software companies to create software that does everything automatically by default, because that is a better computer experience.

      And YES it will be difficult to sent "Granny" to school, but than the only solution is to hold the makers of the software she is running , responsible (as well) for all the nasty effects that their programs create. (and than the price of vista 2013 will be around U$8000 or more to cover all the costs :) )

      All and All it will be a very difficult path to follow and with the trend of today it will take a very long time before there is a real solution.

      1. Anonymous Coward
        Gates Horns

        RE: education?

        "And YES it will be difficult to sent "Granny" to school, but than the only solution is to hold the makers of the software she is running , responsible (as well) for all the nasty effects that their programs create. (and than the price of vista 2013 will be around U$8000 or more to cover all the costs :) )"

        It's obvious which computer company you're talking about. What mystifies me is this: why are people still buying thier crap? OK, switching to the pengiun is free, switching to OSX is a pleasant experience - but staying with Windows just because you're boss ordered it for the office...?!?

        It's like wearing a suit and tie in bed just because you're "used to it" because you one at work every day!

  7. Inachu


    In this instance I say give these bot herders Sharia law.

    For each offence they make cut off a finger.

    No more fingers then cut off the hand or foot.

    Keep doing it until they have no more limbs until they learn.

    This would be the best deterrence against spreading virus and malware.

    1. Steve Evans


      I don't think you'd need to move onto hand and foot removal.

      After ten offences I believe mouse and keyboard operation would be impaired to such a level that further transgressions would be prevented!

  8. Charles 9

    So what do you do...

    ...when a country actively doesn't want to play ball? What if some of the botnets are secretly state-run and/or run by countries with unfriendly (or worse outright hostile) sentiments towards western civilization?

    1. Anonymous Coward

      How do you know...

      that some of the bot nets out there aren't secretly sponsored (or at least infiltrated) by western intelligence agencies?

    2. Eddie Johnson

      @Charles 9

      Countries that fail to enforce anti hacking laws get disconnected from the internet. Someone should have disconnected China about 5 years ago. They are already disconnected from my piece of the net, along with .ru, .pl and a few others. Of course when I do it, its a soft disconnect. They need a hard disconnect, as in snipping undersea cables and breaking satellite links.

      As to comments on the same PCs getting infected over and over how about fining them $10 for every spam mail they send. I'll give them a pass the first time, when they use the ignorance defense, but after that its just negligence.

  9. dave 46

    To stop the fire remove the fuel

    The bot net scourge (spam and ddos attacks) won't stop until the zombie clients are dealt with.

    The simplest way to do this is with no law enforcement at all - just corporations working with each other - the ISPs.

    If ISPs in 1st world countries got together and decided to enforce a code of practise to shut down zombies spewing rubbish - and to block incoming traffic from ISPs that are not doing their bit - then it would be impossible to raise an effective botnet.

    Of course ISPs don't care that much - ignoring the problem costs them less than dealing with it (in equipment, time and lost customers).

    So maybe there is one law we need - the law to make ISPs responsible for criminal activity originating from their networks.

    1. Anonymous Coward

      RE: To stop the fire remove the fuel

      Alternatively, ISPs could ask which OS you had and then prevent network access for Windows users!

  10. Dr Christian

    Linux isn't the answer

    If the majority of computers in the world run linux, the majority of botnets would be written to run on linux.

    1. Ross 7

      What he said

      Exactly - the crims (by definition) look for most reward for least effort. There is such a glut of Win installations out there, and a glut of naive/uneducated/carefree users sat in front of them that writing malware for it is easy money.

      If we had a glut of penguin installations with a glut of naive/uneducated/carefree users sat in front of them you'd have the same problem, only with better net APIs.

      Win can easily be made much more resilient to attacks. Users can be taught to pick a random browser that ain't IE and use that. Routers (and ISPs) can block known low-value/high risk net addrs/subnets. None of this is default though and therein lies the issue.

      To be fair it's ppl like el Reg readers that should take it upon themselves to teach ma/pa, the kiddies etc :

      1. If you need to install software right-click, Run as...

      2. Don't use IE

      3. Don't download tat from the web

      4. Ignore emails asking for any info at all.

      Teach 3 ppl, get them to pass it on...

  11. Anonymous Coward
    Anonymous Coward

    The real problem

    To fix this for good we need to stop computers joining botnets. That means stopping them getting infected by malicious code. That means either scrapping mobile code (not really likely) or providing a functional security environment for it to operate in (not that likely either). But we don't even seem to be trying - instead we rely on mobile code more and more, even where it is completely unnecessary, and continue to apply plasters after the fact to gaping wounds in the protocols and code we use. We need people who can think and people who pay attention creating our Internet environment. What we have is dumb people instead. It's a myth that software is so complicated it's impossible to get it right. It's only impossible if you're not competent, and the results of our incompetence are all too apparent.

This topic is closed for new posts.