/ We got very, VERY lucky?

This topic has been archived, and won't accept reply postings.
Deadeye - on 13 May 2017
http://www.bbc.co.uk/news/technology-39907049

Guy accidentally stops the malware.

Unbelievable
Dervish on 13 May 2017
In reply to Deadeye:

Phew.

D;)
1
Timmd on 13 May 2017
In reply to Deadeye:
'Jings' as they say in Scotland. That's really sobering.
Post edited at 18:21
DancingOnRock - on 13 May 2017
In reply to Deadeye:

There's thousands of these geeks sitting at their screens tinkering with this stuff while we are out climbing. It's what floats their boat.

I work with one. Worse than train spotters.

If they're not already, MI5 should be actively searching them out and paying them big money just to play all day.
L #4fs - on 13 May 2017
In reply to Deadeye:

Exactly. Unbelievable.
L hermy - on 13 May 2017
In reply to Deadeye:

Cool! But I am really curious how huge corporations are not able to stop the malware and the random person does it. :D
Siward on 13 May 2017
In reply to Deadeye:

There's a lot of money in this, there is no reason for them to stop. It's not much effort for them to change the code and start over."

Not really luck I don't think. He only found the 'killswitch' because he was spending his annual leave investigating the code anyway, his job being fighting malware. I wonder if this is a case of not letting the truth get in the way of a good story?
wercat on 13 May 2017
In reply to Siward:

we see an urban legend in the making!
aln - on 13 May 2017
In reply to Timmd:

> 'Jings' as they say in Scotland.

Apart from Oor Wullie I don't know anyone else who says that. ;-)
Jim C - on 14 May 2017
In reply to aln:

> Apart from Oor Wullie I don't know anyone else who says that. ;-)

JCHMB
You have not read many of my post then!
( can't say I blame you)

mike123 - on 14 May 2017
In reply to Siward:
Agree. How is it lucky that a malware expert stays up all night investigating this and finds an answer . In a sensible world MI5 wil be discussing his terms and conditions right now.
Deadeye - on 14 May 2017
In reply to mike123:

> Agree. How is it lucky that a malware expert stays up all night investigating this and finds an answer . In a sensible world MI5 wil be discussing his terms and conditions right now.

Did you read the article?
He did not "find an answer" - he registered a domain and was rather surprised that this then stopped the further spread. I'd put that in the "lucky" category.
1
mattrm - on 14 May 2017
In reply to hermy:


> Cool! But I am really curious how huge corporations are not able to stop the malware and the random person does it. :D

Most places did stop it (eg my work a large UK university). They were either well patched, so weren't affected by an already patched bug. Or they blocked the malicious links on their firewalls.
mike123 - on 14 May 2017
In reply to Deadeye:
And he registers the domain to sell fidget spinners or purely to track what was happening? Luck ?
Post edited at 12:03
wbo - on 14 May 2017
In reply to Deadeye: Did you read the article?. Not entirely accidental, but a bit lucky

keith-ratcliffe on 14 May 2017
In reply to Deadeye:
I notice that all the news stories refer to attacks on corporate sites - are they also hitting individuals? If so what can we do to protect against it? I just ran Windows update (Better ways to spend 80 minutes) to make sure I am on the latest version of 8.1.
mattrm - on 14 May 2017
In reply to Deadeye:

> Guy accidentally stops the malware. Unbelievable.

His blog post about it all is here:

www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

It's his companys standard operating procedure with such command and control domains. If they can register them they do. He registered several thousand domains in the last year for that purpose.
ads.ukclimbing.com
dread-i - on 14 May 2017
In reply to Deadeye:

In the antivirus world, there are teams that work for companies. There are also ad-hoc teams of geeks that work together, on interesting projects. Think of it like medical research. Someone might spot something that is used as a stepping stone by others, on the way to a cure.

There is a lot of effort put into tracking command and control servers, as well as the other communications channels used by the bad guys. The intention is not just to shut down the attack, but to the track the controllers and to identify them. Also, lots of the viruses and trojans share the same or similar code. In tracking down and stopping one infection, the investigators may have a god start on stopping the next attack earlier.

What this guy did is not uncommon in that field. Command and control networks have been disabled many times before. Victims can be identified, and notified. Money, even though it is bitcoin, can be traced to a degree. The real life identities of the people who run the networks can be found.

What's notable is, at the time of writing this story is the MalwareTech, twitter chap is keeping his real details out of the lime light. Many papers would pay for his story. His bosses, at whatever AV company he works for, would love the publicity. There is good reason for this anonymity. He, his friends, family, company etc will become the target of all sorts of dirty tricks by the virus writers. I don't suppose his anonymity is 100%. People in his field may know his real name and it will leak out. I would guess that in the name of 'truth' some tabloid will unmask him, as a scoop. Whilst many may want to laud him as a hero, I bet he's kinda worried.

If you want an insight into the world of the guys who track and break botnets, this story is quite good. It romps along at a fair pace. In reality there are many more shades of grey involved, dead ends and far less James Bond.

https://www.wired.com/2017/03/russian-hacker-spy-botnet/




This topic has been archived, and won't accept reply postings.