Cyber security firm frees PCs from 'botnet'
By Jim Finkle, Reuters


(Shutterstock)

SAN FRANCISCO - A computer security firm said it had freed tens of thousands of infected PCs from a “botnet” that forced enslaved machines to send out spam pharmaceutical ads during a cyber crime-fighting demonstration to top industry executives on Tuesday.

Tillmann Werner, a senior research scientist with a startup known as CrowdStrike, attacked the Kelihos botnet on stage in a rare live demonstration of techniques used to attack cyber crime operations.

He manipulated the messaging system used to control machines enslaved in the botnet, a term used in the security world to describe groups of infected computers that are enslaved in large networks by “herders” who use the machines for tasks including sending spam and attacking corporate networks.

He instructed machines to stop communicating with the servers that had enslaved them and start checking in with a new “command and control” server that he set up to protect the PCs.

For good measure he provided a “black list” of servers controlled by the Kelihos gang, which essentially blocks those computers from ever visiting those sites.

As infected machines visited his command and control server, red dots showed up on a map on a video screen at the front of a conference room at the RSA security conference in San Francisco, winning Werner a round of applause for a rare victory in the fight against cyber crime.

A few hours later, he said that tens of thousands of infected machines had checked into the server of CrowdStrike, which this week unveiled products to help businesses fight sophisticated cyber attacks.

Werner has been using his keyboard to fight cyber crime for nearly 10 years.

“It’s a passion,” he said. “I’m interested in botnets that are technically challenging.”

That passion has kept him persevering in his battle with botnet “herders,” or the criminals who control infected machines, despite constant setbacks.

He previously worked with parties including Microsoft Corp and Kaspersky Lab on other efforts to shut down Kelihos and a related botnet known as Waledac, only to see them quickly re-emerge.

“It’s an industry,” he said. “There is some gang pulling the strings.”

More Tech News









Latest blog posts

Greg Gazin

Say the Same Thing App Store’s 50 Billionth Download

Brandon Ashmore from Mentor, Ohio, got more than he bargained for on Wednesday, when he downloaded Say the Same Thing by Space Inch, a free... Read More

Adam Swimmer

New ‘Batman: Arkham Origins’ teaser trailer

A teaser trailer was released today for Warner Bros. Games’ Batman: Arkham Origins – the third in the popular Arkham game... Read More

Greg Gazin

Dyson DC51 Animal a small yet mighty vacuum

Okay, saying your vacuum cleaner sucks sounds cliché, but at the end of the day that’s what you really want it to do. For me, a... Read More