Michael Monnerie wrote: >> > normally it makes no sense to report botnets >> >> And this is what makes me worry. Botnets are todays biggest source of >> spam, and nobody has ever started to fight it really? There are tons of >> tools for every small issue, but nothing to cope with the biggest shit?
A botnet is, first of all, a large collection of independent computers, often from all over the world. Many will be home machines, and a large proportion of these will have changing IP addresses. Now, if you get access to the bot herder, you could probably have that one disconnected, and there is a vague change that - as a last job - that system could try to inform all of the affected machines that they have been hacked. Normally, you would have to deal with this issue on a per-provider basis, that is collect all evidence that many customers of, e.g. aon.at are affected and try to convince their abuse department to inform their clients about the problem. Now consider real-life providers: one local tv cable company obviously sends all abuse mail to /dev/null (according to their chief security person they cannot find out who got a specific ip ... although it was still the same machine after 3 months), and former german telecom monopoly does send out messages after they receive repeated complaints .... in plain words you notify them, allow 4 or 5 days for them to act, repeat and again, and after a minimum of 2 or 3 weeks a notice might reach the victim. BTW: the cable tv company I mentioned takes part into an anti-malware initiative sponsored by providers and the government - not sure what they are actually doing there. Wolfgang Hamann
