Feeds

Whitehats tackle The Great Botnet Dilemma

Remove Kraken? Or leave it be?

The essential guide to IT transformation

After infiltrating one of the biggest and most abusive known botnets, security researchers are wrestling with a thorny ethical dilemma: should they exorcise tens of thousands of possessed machines or simply leave them be?

Pedram Amini and Cody Pierce, of security provider TippingPoint, reverse engineered the executable behind the notorious Kraken botnet, a feat that allowed them to build a fake server that receives connections from zombie machines looking for instructions about who and what to spam. Over the course of a week, an estimated 25,000 machines, most belonging to home broadband users, reported for duty. That's as much as 14 percent of the entire Kraken population, according to some estimates.

"This is where we entered into a moral dilemma and ethical discussion," Amini wrote in an entry on the TippingPoint DVLabs blog. "We have the ability to successfully redirect infected systems. We have the ability to provide an 'update' through the existing Kraken protocol that can simply remove the Kraken zombie. Is it wrong to do so?"

For the moment, there appears to be an internal difference of opinion at TippingPoint. Amini and Pierce are both in favor of removing the bots, a move that in a single keystroke would likely make the machines run better and, more importantly, would rid the internet of 25,000 spam-barfing machines.

But TippingPoint boss Dave Endler sees things differently. What if the deed has the unintended consequence of bringing down a machine, and what if said machine is responsible for someone's life support? The hypothetical is a bit extreme (is anyone foolhardy enough to rely on a Windows PC for life support?), but it still captures the essence of why intervention may not be a good idea. No matter how good their intention, the researchers could find themselves in trouble should anything go wrong.

So for the time being, the company, which provides intrusion prevention products for large companies, will simply allow these demonic machines to go about their business. That's a shame, because as we reported earlier, the Kraken architects have gone to great lengths to cloak infected machines and make them hard to disinfect. Now that they've learned that their brainchild has been reverse engineered, who knows when such a chance will come around again? ®

5 things you didn’t know about cloud backup

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.