Michael Monnerie <michael.monnerie <at> is.it-management.at> writes:
> > [crosspost postfix-users and spamassassin-users] > > Am Sonntag, 18. November 2012, 14:08:08 schrieb Michael Monnerie: > > How should we report those IPs, is there a "anti botnet unit" > > somewhere? > > Lets concentrate back on the subject, I got this answer: > > > normally it makes no sense to report botnets > > And this is what makes me worry. Botnets are todays biggest source of > spam, and nobody has ever started to fight it really? There are tons of > tools for every small issue, but nothing to cope with the biggest shit? > I have been reporting suspected botnets' IPs to ISPs/CERTs for 3 years. I have listed the numbers of bots detected and notified, top 10 countries and networks every day at http://botnet-tracker.blogspot.com/ You won't expect security companies to do this. Their businesses depend on cyber security events taking place. As botnets are cyber criminal's favorite tool, reducing number of infected computers does no good for security companies. Contrary to many posts here, I believe botnet notification is a very effective anti-botnet measures. The scaring power of botnets comes from their staggering number. The reason why they could grow so huge is because the victims have no idea that their computers have been infected, so as time pass, botnets get to attain to their formidable size. Notification help raise victims' security awareness, and motivate them to fix vulnerabilites within their computers. On the contrary, merely taking down C&C servers of botnets will not be effective. Software vulnerabilities remain unfixed, so it's easy for the victims' computers to get re-infected. There is no central botnet reporting site, as far as I know. You have to collect abuse contacts from the WHOIS database, and send your notification to each corresponding contacts. Sometimes you can send aggregated notifications to national CERTs instead. I have to rely on shell scripts to automate this task, as sending each notification manually is not possible for me. Chih-Cherng Chin
