Re: Spam King arrested

[Nick FitzGerald <nick () virus-l demon co uk>]

Åke Nordin to Steve Manzuik to ferg (if memory serves):

> > > Anybody know if the malware Soloway used to build his spambot networks
> > > is subject to fairly easy takeover by somebody else?
> >
> > Not sure but if a copy of the malware is available it wouldn't be too
> > hard for one to take a peek and figure out how to gain control of the
> > botnet.
>
> The least of the problems involved with that scenario are probably
> the technological ones. I assume one puts h{im|er}self in a rather
> delicate legal position in most western countries if one would hijack
> such a botnet (and thus implicitly the systems under it's control),
> since there would be a rather high probability that a few of the
> affected systems were owned and/or operated by legal bodies in
> the same jurisdiction. I reckon only LEAs operating under unusually
> permissive legal restrictions would have any chance to get away with it.

Or other spammers, etc.

I'd be very surprised if that was not the concern behind ferg's 
original question.

It's all well-and-good, as much of the mainstream media has, to herald 
this arrest, and it's understandable that those NOT well-versed in the 
workings of modern spam and other Email-based shenanigans might further 
herald such an arrest as "likely to result in a reduction in spam", as 
most of the mainstream media has, but folk like ferg know all too well 
that simply taking out one of those big operators will have pretty much 
exactly no effect on the problem, as the slime "advertising" through 
spam will simply move to other spammers, and the spammers (or at least, 
their botherders) may engage in a turf war trying to wrest control of 
the eliminated operator's botnets.


Regards,

Nick FitzGerald


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.