Cable Forum - View Single Post - 'Two weeks' to block cyber-attack

Ignitionnet · 03-06-2014, 12:06

Right I think I get the idea, they've probably done a takeover in a similar manner to how Torpig was taken over, except given it's law enforcement they seized the domains the botnet was chatting to rather than spotting a window in the malware where domains weren't registered.

I look forward to reading the reports. Usually there's the malware itself, the bot, and a downloader. When Torpig was taken over they managed to take over the botnet however the downloader was still under the control of the miscreants who pushed a new version of the malware with updated domains.

If they don't have control of both the botnet C+C and the downloader C+C this may be a rather short 2 weeks but that's probably where the 2 weeks comes from, the period before the botnet moves onto a different domain that the authorities don't have control over.

03-06-2014, 12:06	#9
Ignitionnet Inactive Join Date: Jun 2008 Location: Leeds, West Yorkshire Age: 47 Posts: 13,995	Re: 'Two weeks' to block cyber-attack Right I think I get the idea, they've probably done a takeover in a similar manner to how Torpig was taken over, except given it's law enforcement they seized the domains the botnet was chatting to rather than spotting a window in the malware where domains weren't registered. I look forward to reading the reports. Usually there's the malware itself, the bot, and a downloader. When Torpig was taken over they managed to take over the botnet however the downloader was still under the control of the miscreants who pushed a new version of the malware with updated domains. If they don't have control of both the botnet C+C and the downloader C+C this may be a rather short 2 weeks but that's probably where the 2 weeks comes from, the period before the botnet moves onto a different domain that the authorities don't have control over.