cancel
Showing results for 
Search instead for 
Did you mean: 

Kraken Botnet

David_W
Rising Star
Posts: 2,305
Thanks: 33
Registered: ‎19-07-2007

Kraken Botnet

An article on The Register lists a story about reverse engineering a botnet, the Kraken one, which ended up with lots of people who are affected by the botnet's IP addresses being listed.  Having a look on the list (to see if I was there) I noticed at least 2 Force9 IP's (212.159.x.x), I don't really know what other PN/F9 IP ranges are used so have no idea how many of these are also users of PN/F9/Metronet etc..
Now that the story is in the wild, and a list of infected IP's is available, will PN be taking any action?  For instance, will they look at the list of IP's, find which are using their network and then send them a quick email "hi there, you are infected with a virus/botnet called kraken, you can remove it by...."?
28 REPLIES 28
Strat
Community Veteran
Posts: 31,320
Thanks: 1,609
Fixes: 565
Registered: ‎14-04-2007

Re: Kraken Botnet

There are a couple of 80.229.xxx.xxx addresses in this list.
Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
Ianwild
Grafter
Posts: 3,835
Registered: ‎05-04-2007

Re: Kraken Botnet

Thanks for the heads up on this one - We definitely will want to help those guys out. I've been off today, but if someone isn't already on it I will raise this tomorrow.
Ian
MickKi
Grafter
Posts: 543
Registered: ‎30-09-2007

Re: Kraken Botnet

My view is a bit extreme on this:  infected botnets should be automatically have their OS partition formated.  That's that.  It's similar to having your car impounded if it polutes, or if it spills oil everywhere.  It is a danger to others and should be taken out of circulation.  Since MS are not keen to design a safer OS (for reasons discussed elsewhere UAC does not count) such owned machines should be wiped clean.  Anyway, don't want to provoke flames, but feel better for venting now.  Tongue
Ianwild
Grafter
Posts: 3,835
Registered: ‎05-04-2007

Re: Kraken Botnet

Lol. As much as I might share that opinion, I also like customers and I think if we can solve the problem while being a little nicer than that, we probably should.  Smiley
Ian
David_W
Rising Star
Posts: 2,305
Thanks: 33
Registered: ‎19-07-2007

Re: Kraken Botnet

I agree with Ian, being nicer to the customer (along with the potential issues that will arise from helping them) is the better way to go.  The fact that Ian is going to raise this and try to help is a bonus for the people infected, most ISP's would just ignore it, so its a good thing. 
p.s. my IP wasn't on the list.
MickKi
Grafter
Posts: 543
Registered: ‎30-09-2007

Re: Kraken Botnet

Quote from: dgwebb
The fact that Ian is going to raise this and try to help is a bonus for the people infected, most ISP's would just ignore it, so its a good thing. 
  <aheam!>  Did I mention that ISPs that ignore it should also be formated clean?!  Grin
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Kraken Botnet

Should be able to write a script pretty easily that pulls out our IPs using reverse DNS lookups or cross-referencing the list with our IP Map. My scripting ability is on par with that of a Technophobe though, so I'd need to get some resource from somewhere unless we've a scripting aficionado in the Community who'd fancy giving it a bash?

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Strat
Community Veteran
Posts: 31,320
Thanks: 1,609
Fixes: 565
Registered: ‎14-04-2007

Re: Kraken Botnet

Personally I would have thought an email to the affected with an advisory that their access could be blocked if they took no corrective action would be in order as they are putting many others at risk.
My IP is not on the list Smiley
Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
geewizz
Grafter
Posts: 1,125
Registered: ‎01-08-2007

Re: Kraken Botnet

Woioohooo! My number is on that list! Where do I go to collect my prize?
Strat
Community Veteran
Posts: 31,320
Thanks: 1,609
Fixes: 565
Registered: ‎14-04-2007

Re: Kraken Botnet

Cool
Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Kraken Botnet

Quote from: Strat
Personally I would have thought an email to the affected with an advisory that their access could be blocked if they took no corrective action would be in order as they are putting many others at risk.

That's the idea, but I'm not manually trawling through god knows how many IPs to pull out the ones that are ours Wink

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Strat
Community Veteran
Posts: 31,320
Thanks: 1,609
Fixes: 565
Registered: ‎14-04-2007

Re: Kraken Botnet

As you said...volunteers please email Bob at.... Smiley
Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
God
Grafter
Posts: 1,112
Registered: ‎30-07-2007

Re: Kraken Botnet

Quote from: geewizz
Woioohooo! My number is on that list! Where do I go to collect my prize?

Geewizz if your machine is infected your avatar will change to a blank grey square....  Shocked
zubel
Community Veteran
Posts: 3,793
Thanks: 4
Registered: ‎08-06-2007

Re: Kraken Botnet

Bob - what sort of format would your IP map be in? Smiley
B.