DIY satirical Sality takedown posted to Full Disclosure

Powered by SC Magazine
 

Don't try this at home.

An internet user has posted what they say are instructions and exploit code to takedown or hijack the Sality botnet.

The author, writing on the Full Disclosure mailing list under the alias 'Law Abiding Citizen', said it was “easy” to takedown the botnet by exploiting a vulnerable version of the malware using exploit code uploaded and since removed from a file sharing site.

The instructions claimed the botnet could be cleansed by uploading an encrypted version of AVG's Sailty removal tool to a compromised web site. It also provided a Python script claimed to reveal an updated list of compromised machines.

“You should under no circumstance laugh maniacally as you watch a sizeable botnet disintegrate before your eyes,” the post read.

The attack targeted a vulnerable version three of the botnet but this was already superseded with version four, which may not be vulnerable to the attack.

The Sality botnet was considered large in terms of the number of compromised machines but precise infection numbers varied. It was capable of pumping out spam, stealing data and cracking Voice over IP systems.

Attacking the botnet even with the objective to cleanse infected machines was dangerous because such action could have unintended consequences on victims. 

Running the removal tool could potentially destabilise machines operated by enterprises, governments or individuals.

Such action was also widely illegal, meaning efforts to destroy botnets often focused on commandeering command and control servers.

Last year security organisations and law enforcement nabbed command and control severs used in the DNSChanger and Rustock botnets, cutting lines of communication with infected machines.

Internet providers were then tasked with contacting users with machines infected with DNSChanger to help them remove the malware.

The poster acknowledged taking down Sality would be illegal.

“It has come to my attention that it is not only possible but easy to seize control of version three of the botnet, and, more importantly, take it down. Sadly, doing so would require breaking the law.”

“It is unfortunate that I am unable to do so now due to these legal issues, but, as I'm sure you all know, it is more important to respect the law than to fix anything.”

The uploaded files were not malicious, the author claimed.

Copyright © SC Magazine, Australia


DIY satirical Sality takedown posted to Full Disclosure
 
 
 
Top Stories
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
NBN Co to charge developers for fibre
$300 passed on to end-users.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1736

Vote
Do you support the abolition of the Office of the Information Commissioner?