Johannes Ullrich wrote Friday, March 14, 2003 12:56 > > It's another mIRC based DDoS trojan that scans for NT-Password and IIS > > unicode exploits. > > So the next questions is... How do we go about apprehending the culprits? > > Can we somehow get wxmail.net revoked? > IRC bots are a common plague. We do play 'whack the bot' once in a while > if we find out about it. So far, I have yet to see a case successfully > prosecuted. One ray of hope: The "TK worm" botnet was hit in a cooperation between U.S. and British authorities. They arrested at least some of those responsible. The botnet was not shut down by the arrests, but there was some forward progress. TK worm was responsible for the ww.tk.gov queries that were common late last year. Like most botnets, it did not make a lot of news but it owned at least 18K computers and caused millions in damages. TK worm is a classic botnet, but it does use a worm component for unattended propagation. Here's the news story of the bust: http://www.theregister.co.uk/content/56/29221.html ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Fri Mar 14 2003 - 12:41:47 PST