cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Champion

Taking apart a botnet ...

The FBI is messing with Joanap, a botnet run by a major North Korean blackhat group.

 

Joanap itself is fairly complicated, with infections being started by an SMB worm, which then installs the Joanap RAT (Remote Access Trojan).  Command and control is done via a peer-to-peer distributed network.

 

Which is where the FBI comes in.  A court in the US granted them permission to set up fake servers pretending to be controllers on Joanap.  As such, they could spy on individual machines, collect information, or even install software (possibly to remove the infections and patch vulnerabilities).

 

In examining the ethics of active defence, I find this fascinating.

 

I'm pretty sure than in Canadian law the FBI action would actually be illegal, which is possibly why they are contacting host governments in the cases of non-US victims.

 

(Oh, and remember to patch your systems, which is the only reason the blackhats were able to build Joanap in the first place ...)


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468