Advertisement
Promo

Security threats Toolkit

Story: Symbiot launches DDoS counter-strike tool

  • Previous comment

Posted by: Mary EF (Friday 2 April 2004, 7:12 AM)

  • Reply

Given the article was posted on 10 March, it is unlikely to be an April Fool...

Attacking the "Apparently From" is, as previous commenters have noted, useless as they are just unlucky to be on someone's contact list who has a virus (in my case, two spammers - I don't know anyone in the Phillipines or VA - as well as a friend on broadband whose child clicked on the attachment, a survey provider and a local council officer, and someone at work in an IT role who really ought to have known better and should have had antivirus up to date... That's just the ones I bothered to investigate).

The only way that this would work is to use a parser similar to that used by abuse services such as SpamCop to identifying the originating IP address (avoiding forged lines added by the virus). This could only be reported to the ISP for the IP block - obtainable from lookups such as ARIN - warning them that the IP address appears to be infected with a virus.

Second level, if the infected computer continues to send, i.e. the ISP does not ensure the owner of the infected PC cleans up, is to block the ISP's range of IP addresses (after fair warning has been given). This has worked for spam, automating it (with manual exceptions handling process - who knows what virii writers will come up with next!) may well work with virus creators.

If the software is made freely available, it may even be able to trace back to the virus writer. That would be sweet justice.

  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters