Plusnet
Wednesday 20th August 2008Login | Register | Help
Home » Forum » Service Discussion » Community Support » Kraken Botnet
Pages: [1] 2

Kraken Botnet

« on 30/04/2008, 18:28 »
An article on The Register lists a story about reverse engineering a botnet, the Kraken one, which ended up with lots of people who are affected by the botnet's IP addresses being listed.  Having a look on the list (to see if I was there) I noticed at least 2 Force9 IP's (212.159.x.x), I don't really know what other PN/F9 IP ranges are used so have no idea how many of these are also users of PN/F9/Metronet etc..

Now that the story is in the wild, and a list of infected IP's is available, will PN be taking any action?  For instance, will they look at the list of IP's, find which are using their network and then send them a quick email "hi there, you are infected with a virus/botnet called kraken, you can remove it by...."?
Logged
  • Strat
  • Posts: 2276
  • AKA fcel
  • View Profile
« Reply #1 on 30/04/2008, 18:41 »
There are a couple of 80.229.xxx.xxx addresses in this list.
I still believe I voted wisely in the December 2007 Community Site Moderator Elections
Regards Dick...Proud American Deluxe Stratocaster Owner
Useful Links: New Glossary Index or Home Phone Tariffs or Exchange Info or Member Rankings
Logged
« Reply #2 on 30/04/2008, 20:46 »
Thanks for the heads up on this one - We definitely will want to help those guys out. I've been off today, but if someone isn't already on it I will raise this tomorrow.

Ian
Plusnet Product Team
The UserGroup Forums
Free Broadband - So Where's the Catch
Logged
« Reply #3 on 30/04/2008, 21:10 »
My view is a bit extreme on this:  infected botnets should be automatically have their OS partition formated.  That's that.  It's similar to having your car impounded if it polutes, or if it spills oil everywhere.  It is a danger to others and should be taken out of circulation.  Since MS are not keen to design a safer OS (for reasons discussed elsewhere UAC does not count) such owned machines should be wiped clean.  Anyway, don't want to provoke flames, but feel better for venting now.   Tongue
Regards,
Mick
Logged
« Reply #4 on 30/04/2008, 22:51 »
Lol. As much as I might share that opinion, I also like customers and I think if we can solve the problem while being a little nicer than that, we probably should.   Smiley

Ian
Plusnet Product Team
The UserGroup Forums
Free Broadband - So Where's the Catch
Logged
« Reply #5 on 30/04/2008, 23:06 »
I agree with Ian, being nicer to the customer (along with the potential issues that will arise from helping them) is the better way to go.  The fact that Ian is going to raise this and try to help is a bonus for the people infected, most ISP's would just ignore it, so its a good thing. 

p.s. my IP wasn't on the list.
Logged
« Reply #6 on 30/04/2008, 23:35 »
Quote from: dgwebb on 30/04/2008, 23:06
The fact that Ian is going to raise this and try to help is a bonus for the people infected, most ISP's would just ignore it, so its a good thing. 
  <aheam!>  Did I mention that ISPs that ignore it should also be formated clean?!   Grin
Regards,
Mick
Logged
  • Bob
  • Plusnet Staff
  • *
  • Posts: 3724
  • View Profile WWW
« Reply #7 on 01/05/2008, 13:04 »
Should be able to write a script pretty easily that pulls out our IPs using reverse DNS lookups or cross-referencing the list with our IP Map. My scripting ability is on par with that of a Technophobe though, so I'd need to get some resource from somewhere unless we've a scripting aficionado in the Community who'd fancy giving it a bash?
Bob Pullen
Plusnet Comms Team
Service Status :: RSS :: Email
Free broadband - so where's the catch?
Logged
  • Strat
  • Posts: 2276
  • AKA fcel
  • View Profile
« Reply #8 on 01/05/2008, 13:13 »
Personally I would have thought an email to the affected with an advisory that their access could be blocked if they took no corrective action would be in order as they are putting many others at risk.

My IP is not on the list Smiley
I still believe I voted wisely in the December 2007 Community Site Moderator Elections
Regards Dick...Proud American Deluxe Stratocaster Owner
Useful Links: New Glossary Index or Home Phone Tariffs or Exchange Info or Member Rankings
Logged
  • geewizz
  • Bright Spark
  • *
  • Posts: 521
  • I do all my own stunts
  • View Profile WWW
« Reply #9 on 01/05/2008, 13:17 »
Woioohooo! My number is on that list! Where do I go to collect my prize?
Winner of 3 Legged Race
Logged
  • Strat
  • Posts: 2276
  • AKA fcel
  • View Profile
« Reply #10 on 01/05/2008, 13:20 »
 Cool
I still believe I voted wisely in the December 2007 Community Site Moderator Elections
Regards Dick...Proud American Deluxe Stratocaster Owner
Useful Links: New Glossary Index or Home Phone Tariffs or Exchange Info or Member Rankings
Logged
  • Bob
  • Plusnet Staff
  • *
  • Posts: 3724
  • View Profile WWW
« Reply #11 on 01/05/2008, 13:22 »
Quote from: Strat on 01/05/2008, 13:13
Personally I would have thought an email to the affected with an advisory that their access could be blocked if they took no corrective action would be in order as they are putting many others at risk.

That's the idea, but I'm not manually trawling through god knows how many IPs to pull out the ones that are ours Wink
Bob Pullen
Plusnet Comms Team
Service Status :: RSS :: Email
Free broadband - so where's the catch?
Logged
  • Strat
  • Posts: 2276
  • AKA fcel
  • View Profile
« Reply #12 on 01/05/2008, 13:24 »
As you said...volunteers please email Bob at.... Smiley
I still believe I voted wisely in the December 2007 Community Site Moderator Elections
Regards Dick...Proud American Deluxe Stratocaster Owner
Useful Links: New Glossary Index or Home Phone Tariffs or Exchange Info or Member Rankings
Logged
  • God
  • Posts: 768
  • View Profile WWW
« Reply #13 on 01/05/2008, 13:26 »
Quote from: geewizz on 01/05/2008, 13:17
Woioohooo! My number is on that list! Where do I go to collect my prize?

Geewizz if your machine is infected your avatar will change to a blank grey square....  Shocked
God... Moving in mysterious ways.

Bad Boys Darts Club
Logged
« Reply #14 on 01/05/2008, 13:27 »
Bob - what sort of format would your IP map be in? Smiley

B.
plusnet Community Site Forum Moderator
I'm a customer, not an employee

^C^C^X^X^X^XquitqQ!qQxxXXx[esc]qwertyuiopasdfghjklxxZZxX - Everyone's first vi session.
Logged
  • geewizz
  • Bright Spark
  • *
  • Posts: 521
  • I do all my own stunts
  • View Profile WWW
« Reply #15 on 01/05/2008, 13:37 »
Quote from: God on 01/05/2008, 13:26

Geewizz if your machine is infected your avatar will change to a blank grey square....  Shocked

The real giveaway was the discoloured, sticky discharge from my hard drive.
Winner of 3 Legged Race
Logged
Pages: [1] 2
Home » Forum » Service Discussion » Community Support » Kraken Botnet
Jump to:  

Related Sites

Community Apps

Here at Plusnet we're always trying to use clever open source things to make our lives easier. Sometimes we write our own and make other people's lives easier too!

View the Plusnet Open Source applications page

About Plusnet

We sell broadband, phone, VoIP and more to homes and businesses in the UK. Winner of 9 out of 11 Categories in the 2008 USwitch survey. Winner of "Best Consumer ISP" at 2008 ISPA awards. Voted number 1 in the Broadband Choices 2008 survey.

© Plusnet plc All Rights Reserved. E&OE

Powered by SMF | SMF © 2006-2008, Simple Machines LLC

Add to Technorati Favourites