@AC 12:37
"I don't think for a second that a US-based non-profit would go to the trouble of creating or financing the creation of a worm to infect 100,000 to 10,000,000 PCs (causing who knows how many $ in damage) for the purposes of driving domain sales up by 30% - for only a single day."
Did I misinterpret the quote from the article?
"Up to now, a pseudo random domain name generator produced 250 addresses that infected machines reported to each day... The new component ups the ante by increasing the number of domains to 50,000 per day"
I take that to mean that the original strain produced 250 (unique) addresses every day, and that the new variant increases the number of (new) domains to 50,000 every day (not 50,000 domains total). Do I believe that ICANN is the cause of the new variant? No, I don't. But if they get 50,000 new domain registrations every day (or even a fraction of that), it's hard to ignore the boost to their profit, and hence a possible link.
As for your non-profit comment, don't be so naive. A *LOT* of non-profits are in the business of making money. They just make sure to stay just on the right side of the law. How do you make sure you don't have any money left at the end of the year? That's easy. Pay your execs outrageous salaries and bonuses, just like in private industry. Please don't misinterpret "non-profit" to mean "altruistic". I made that mistake once, but have since been shown how wrong I was.
@ David Wilkinson:
Nooooooo!! That would be just what we need, even greater powers legitimately given to the government organizations. Hey, let's make it legal for the Department of Homeland Security to hack into our computers when they've proven time and time again that they can't even protect themselves. Yes, I know you specifically said "FBI", but with such a law, all government organizations would be given the power.
No, we don't need to legally allow people to hack into systems in order to clean infections. That would make the "good guys" no better than the "bad guys". What *WOULD* be helpful, however, is to set up a framework which would allow researchers (and others) to notify ISPs if the ISPs customers were infected. The ISP could then search* for the identifying traffic and alert the customer that they may be infected. If the customer continues to exhibit signs of infection, allow the ISP to sandbox the customer, either cutting them off completely, or only allowing them access to specific sections internal to the ISP where customers can find information regarding their infection and how to clean it. That, however, would require input and cooperation of ISPs who may not want to go along with it.
* By "search for the identifying traffic", I'm speaking real-time searching, not logging of any data.
Biting the hand that feeds IT
