Security threats Toolkit

Story: Symbiot launches DDoS counter-strike tool

• 
• 

Given the article was posted on 10 March, it is unlikely to be an April Fool...

Attacking the "Apparently From" is, as previous commenters have noted, useless as they are just unlucky to be on someone's contact list who has a virus (in my case, two spammers - I don't know anyone in the Phillipines or VA - as well as a friend on broadband whose child clicked on the attachment, a survey provider and a local council officer, and someone at work in an IT role who really ought to have known better and should have had antivirus up to date... That's just the ones I bothered to investigate).

The only way that this would work is to use a parser similar to that used by abuse services such as SpamCop to identifying the originating IP address (avoiding forged lines added by the virus). This could only be reported to the ISP for the IP block - obtainable from lookups such as ARIN - warning them that the IP address appears to be infected with a virus.

Second level, if the infected computer continues to send, i.e. the ISP does not ensure the owner of the infected PC cleans up, is to block the ISP's range of IP addresses (after fair warning has been given). This has worked for spam, automating it (with manual exceptions handling process - who knows what virii writers will come up with next!) may well work with virus creators.

If the software is made freely available, it may even be able to trace back to the virus writer. That would be sweet justice.

• 
• 

• 
• 
• 

Full Talkback thread