Check Website
Inclusion Status
It is currently Sat Sep 21, 2019 5:06 am

All times are UTC




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Smashing the Mega-d/Ozdok botnet in 24 hours
PostPosted: Fri Nov 06, 2009 3:04 pm 
Offline
Site Admin

Joined: Thu May 28, 2009 10:25 am
Posts: 6018
Smashing the Mega-d/Ozdok botnet in 24 hours

Quote:
In my previous article, I talked about the Ozdok command and control architecture and its fallback mechanisms in great detail. That article was an attempt to highlight different approaches to take down this botnet theoretically. But when it comes to the actual shutdown, it's far more complex than just finding out the command and control server coordinates and fallback mechanisms. An actual shut down attempt requires someone to take the initiative and start a combined effort involving third parties like ISPs, registries, registrars, etc.

Instead of playing a passive role, this time FireEye decided to come forward and start working with these groups to make this happen. The good news is that at the time of writing this article, all the major Ozdok command and control servers (as mentioned in my last post) have been taken down. As it turns out, no matter how many fallback mechanisms are in place, if they aren't all implemented properly, the botnet is vulnerable.

FireEye's formal effort to shutdown this botnet stared last night. The research team here worked in multiple directions simultaneously. The purpose was to work against all the fallback mechanisms so fast that bot herders wouldn't get a chance to counter react.

The first step was to prepare all the evidence against the rogue domains and hosts in the form of pcaps and actual Ozdok malware samples. Once the evidence package was ready, these were the steps taken by our research team:


Read more
http://blog.fireeye.com/research/2009/1 ... ozdok.html

_________________
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!



IP:
top
Top
 Profile  
Reply with quote  
 Post subject: Re: Smashing the Mega-d/Ozdok botnet in 24 hours
PostPosted: Fri Nov 06, 2009 3:58 pm 
Offline
User avatar

Joined: Mon Oct 05, 2009 1:57 pm
Posts: 497
Location: Kent, UK
Thanks for this MysteryFCM, it's welcoming news :)



IP:
top
Top
 Profile  
Reply with quote  
 Post subject: Re: Smashing the Mega-d/Ozdok botnet in 24 hours
PostPosted: Tue Nov 10, 2009 2:20 pm 
Offline

Joined: Fri May 29, 2009 2:44 pm
Posts: 429
Location: Ontario, Canada
The Register noticed it:
http://www.theregister.co.uk/2009/11/10 ... _out_ozdok

_________________
E5200 2.5GHZ, 4GB RAM, 160GB HD, Windows 7 64bit, avast! V8.0 Free, IE9
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3, avast! V8.0 Free
with IE8, hpHosts, MVPS HOSTS files, MBAM, SpeedFan, WinPatrol PLUS



IP:
top
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
hpHosts and hpHosts Online are copyright © Malwarebytes Corp - All Rights Reserved

Powered by phpBB © 2000-2009 phpBB Group