back to article KmsdBot botnet is down after operator sends typo in command

Somewhere out there, a botnet operator is kicking themselves and probably hoping no one noticed the typo they transmitted in a command that crashed their whole operation.  Unfortunately for the typographically-challenged botnetter, it happened on the internet, so someone knows: Akamai, in this case, had been watching for some …

  1. Disgusted Of Tunbridge Wells Silver badge
    Facepalm

    Too cool for error handling

    1. Claptrap314 Silver badge
      Trollface

      That's go for you...

      1. Michael Wojcik Silver badge

        I'm not a huge fan of go, but I don't see it as responsible here. It correctly detected an index-out-of-range and raised an exception. That's a good feature.

        The problem is the developer, who didn't catch the exception and handle it properly (i.e. by aborting the operation and returning to a known state).

  2. b0llchit Silver badge
    Mushroom

    This is one of those rare times when the correct response is(*):

    Ha ha!

    It does open a new avenue for research. Fuzzing botnets with syntax errors. There are no more deserving targets to go down, discounting the botnet creators.

    (*) Thank you, Nelson

    1. Victor Ludorum
      Pint

      I was going to say

      Ha Ha Ha Ha Ha Ha...

      But you basically beat me to it.

    2. KarMann Silver badge
      Trollface

      Ha ha!

      Me too three. Just before I opened the comments link, I went to tell my wife about this story, opening with a consciously Nelson-esque 'ha ha!' I guess it's the only righteous response to this.

  3. Natalie Gritpants Jr

    Let's hope they don't have a list of hosts they had installed the botnet on so they don't just install it again.

    1. doublelayer Silver badge

      I'm sure they will, but they'll need to go back to the old infection vectors and there may have been many different ones used which they'll have to disentangle from logs (probably there are logs, but not necessarily in a convenient place). Also, any infected machine that hardened their SSH config or passwords but didn't scan for infection may not be infectable using the old methods. Not perfect, but it is a setback.

  4. Julian 8

    Who me ?

    One for Who Me ? in a couple of years

  5. Wally Dug
    Alert

    Puhlease!

    Akamai vulnerability researcher Larry Cashdollar

    Really? No, Shirley not?!?

    1. Claptrap314 Silver badge
      Pint

      Re: Puhlease!

      If I were in that part of the business, I would almost certainly fake my name. Don't think for a minute that security researchers avoid _special_ attention by the scum.

      -------> for the good guys.

    2. Anonymous Coward
      Anonymous Coward

      Re: Puhlease!

      Must be Bixby Snyders great great grandad.

    3. Michael Wojcik Silver badge

      Re: Puhlease!

      It's not that uncommon a surname in the US. I've run into it before.

  6. fidodogbreath

    Input validation FTW

    1. Orv Silver badge

      Input validation and, you know, maybe segment your botnet into a test net and a production net?

      1. breakfast

        Botnet devops is not yet a mature field, it seems.

  7. Will Godfrey Silver badge
    Black Helicopters

    Coudn't happen to 'nicer' peole

    BWAAAAAA ha ha HA

  8. elregidente

    Phobos 1

    "Phobos 1 was an uncrewed Soviet space probe of the Phobos Program launched from the Baikonour launch facility on 7 July 1988. Its intended mission was to explore Mars and its moons Phobos and Deimos. The mission failed on 2 September 1988 when a computer malfunction caused the end-of-mission order to be transmitted to the spacecraft. At the time of launch it was the heaviest interplanetary spacecraft ever launched, weighing 6200 kg."

    https://en.wikipedia.org/wiki/Phobos_1

    1. that one in the corner Silver badge

      Re: Phobos 1

      > computer malfunction caused the end-of-mission order to be transmitted to the spacecraft

      The malfunction was fully described by Comrade Chief Programmer Hank T. Picklehammerovitch The Third, shortly before his disappearance during a tour of the local borscht factory. "His departure was a mysterious as his arrival" a colleague was reported to say.

  9. T. F. M. Reader

    One word:

    scriptkiddies

  10. Potemkine! Silver badge
    Trollface

    Agile development. Ship now, test later.

    Testing inputs is for wimps.

    == Bring us Dabbsy back! ==

    1. sabroni Silver badge
      Facepalm

      re: Agile development.

      Yeah, if your "definition of done" is "it started".

      This is classic waterfall.....

      1. doublelayer Silver badge

        Re: re: Agile development.

        Does waterfall exist? As far as I can tell, waterfall is a word meaning "Something the Agile people don't want to be associated with Agile". In fairness to Agile, I'm not sure it exists either. I think most places that claim to use Agile do whatever they want with some of the words used. Still, it's weird to see so many people arguing how great Agile is while telling me that everyone I've seen calling themselves Agile while getting bad results is not actually doing it and defending any part of the manifesto that suggests negative things as not meaning what it says.

    2. Anonymous Coward
      Anonymous Coward

      Move fast

      Break things

      Money money money lovely jubbly money

      frAgile

  11. ChoHag Silver badge

    Stellar

    > Cashdollar: 'It’s not often we get this kind of story in security'

    It's every other week now. It's just usually the fuckup is on the other side of the fence.

    You think all these security breaches come from carefully following the procedures and triple-checking what you type?

  12. Brewster's Angle Grinder Silver badge

    No Go

    I'd chalk this up as a win for strong typing.

    1. doublelayer Silver badge

      Re: No Go

      It's not about types. Unless you strong type to the extent that array types have their length hardcoded, you can have an out of range error, and even if you do, you can still have the parse error that led to the problem in the first place. No compiler can fix "There were fewer spaces in this string than I expected", but an if statement can.

    2. Anonymous Coward
      Anonymous Coward

      Re: No Go

      Downvoters: The above post is a pun.

  13. WanderingHaggis
    Alien

    Don't work have you turn it on and off?

    Just wondering if a reboot would enable the bot again? Is this just a temporary "fix"

    1. doublelayer Silver badge

      Re: Don't work have you turn it on and off?

      I would think so, but as it was attacking Linux boxes, probably many of them are servers that people don't reboot very often unless they're broken. The authors of the bot don't get to reboot them themselves, so they'd have to hope that operators will coincidentally reboot sometime soon unless they're willing to be active and go re-infect each one.

  14. Wilco

    They don't like it up 'em

    Mildly ironic, in that go has better support for fuzzing in its test framework than many languages. Still, eff the skiddies

  15. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like