Plusnet
Saturday 20th March 2010Login | Register | Help
Home » Forum » Products and Services Discussion » Community Support » Kraken Botnet
Pages: [1] 2

Kraken Botnet

« on 30/04/2008, 18:28 »
An article on The Register lists a story about reverse engineering a botnet, the Kraken one, which ended up with lots of people who are affected by the botnet's IP addresses being listed.  Having a look on the list (to see if I was there) I noticed at least 2 Force9 IP's (212.159.x.x), I don't really know what other PN/F9 IP ranges are used so have no idea how many of these are also users of PN/F9/Metronet etc..

Now that the story is in the wild, and a list of infected IP's is available, will PN be taking any action?  For instance, will they look at the list of IP's, find which are using their network and then send them a quick email "hi there, you are infected with a virus/botnet called kraken, you can remove it by...."?
Logged
  • Strat
  • Forum Moderator
  • Posts: 6391
  • AKA fcel
  • View Profile
« Reply #1 on 30/04/2008, 18:41 »
There are a couple of 80.229.xxx.xxx addresses in this list.
Customer and Forum Moderator  Which gateway am I on and How is it Performing (Scroll down to your Gateway Graph)
BBYW 3
Stratospheric on PSN.....MW2......please don't shoot me Smiley...and I won't shoot you.....honest Roll Eyes
Logged
« Reply #2 on 30/04/2008, 20:46 »
Thanks for the heads up on this one - We definitely will want to help those guys out. I've been off today, but if someone isn't already on it I will raise this tomorrow.

Ian
Logged
  • MickKi
  • Bright Spark
  • *
  • Posts: 541
  • View Profile
« Reply #3 on 30/04/2008, 21:10 »
My view is a bit extreme on this:  infected botnets should be automatically have their OS partition formated.  That's that.  It's similar to having your car impounded if it polutes, or if it spills oil everywhere.  It is a danger to others and should be taken out of circulation.  Since MS are not keen to design a safer OS (for reasons discussed elsewhere UAC does not count) such owned machines should be wiped clean.  Anyway, don't want to provoke flames, but feel better for venting now.   Tongue
Regards,
Mick
Logged
« Reply #4 on 30/04/2008, 22:51 »
Lol. As much as I might share that opinion, I also like customers and I think if we can solve the problem while being a little nicer than that, we probably should.   Smiley

Ian
Logged
« Reply #5 on 30/04/2008, 23:06 »
I agree with Ian, being nicer to the customer (along with the potential issues that will arise from helping them) is the better way to go.  The fact that Ian is going to raise this and try to help is a bonus for the people infected, most ISP's would just ignore it, so its a good thing. 

p.s. my IP wasn't on the list.
Logged
  • MickKi
  • Bright Spark
  • *
  • Posts: 541
  • View Profile
« Reply #6 on 30/04/2008, 23:35 »
Quote from: dgwebb on 30/04/2008, 23:06
The fact that Ian is going to raise this and try to help is a bonus for the people infected, most ISP's would just ignore it, so its a good thing. 
  <aheam!>  Did I mention that ISPs that ignore it should also be formated clean?!   Grin
Regards,
Mick
Logged
« Reply #7 on 01/05/2008, 13:04 »
Should be able to write a script pretty easily that pulls out our IPs using reverse DNS lookups or cross-referencing the list with our IP Map. My scripting ability is on par with that of a Technophobe though, so I'd need to get some resource from somewhere unless we've a scripting aficionado in the Community who'd fancy giving it a bash?
Bob Pullen
Plusnet Support Team
Service Status :: RSS :: Email
twitter / plusnet
Logged
  • Strat
  • Forum Moderator
  • Posts: 6391
  • AKA fcel
  • View Profile
« Reply #8 on 01/05/2008, 13:13 »
Personally I would have thought an email to the affected with an advisory that their access could be blocked if they took no corrective action would be in order as they are putting many others at risk.

My IP is not on the list Smiley
Customer and Forum Moderator  Which gateway am I on and How is it Performing (Scroll down to your Gateway Graph)
BBYW 3
Stratospheric on PSN.....MW2......please don't shoot me Smiley...and I won't shoot you.....honest Roll Eyes
Logged
« Reply #9 on 01/05/2008, 13:17 »
Woioohooo! My number is on that list! Where do I go to collect my prize?
Logged
  • Strat
  • Forum Moderator
  • Posts: 6391
  • AKA fcel
  • View Profile
« Reply #10 on 01/05/2008, 13:20 »
 Cool
Customer and Forum Moderator  Which gateway am I on and How is it Performing (Scroll down to your Gateway Graph)
BBYW 3
Stratospheric on PSN.....MW2......please don't shoot me Smiley...and I won't shoot you.....honest Roll Eyes
Logged
« Reply #11 on 01/05/2008, 13:22 »
Quote from: Strat on 01/05/2008, 13:13
Personally I would have thought an email to the affected with an advisory that their access could be blocked if they took no corrective action would be in order as they are putting many others at risk.

That's the idea, but I'm not manually trawling through god knows how many IPs to pull out the ones that are ours Wink
Bob Pullen
Plusnet Support Team
Service Status :: RSS :: Email
twitter / plusnet
Logged
  • Strat
  • Forum Moderator
  • Posts: 6391
  • AKA fcel
  • View Profile
« Reply #12 on 01/05/2008, 13:24 »
As you said...volunteers please email Bob at.... Smiley
Customer and Forum Moderator  Which gateway am I on and How is it Performing (Scroll down to your Gateway Graph)
BBYW 3
Stratospheric on PSN.....MW2......please don't shoot me Smiley...and I won't shoot you.....honest Roll Eyes
Logged
  • God
  • Posts: 1010
  • God - Moving in mysterious ways.
  • View Profile WWW
« Reply #13 on 01/05/2008, 13:26 »
Quote from: geewizz on 01/05/2008, 13:17
Woioohooo! My number is on that list! Where do I go to collect my prize?

Geewizz if your machine is infected your avatar will change to a blank grey square....  Shocked
Limited Edition Fractal Designs for your Desktop - www.fractal.org.uk
Bad Boys Darts Club - Mahjong Rules - Golf Darts!
Logged
« Reply #14 on 01/05/2008, 13:27 »
Bob - what sort of format would your IP map be in? Smiley

B.
Barry Zubel : plusnet Community Site Forum Moderator
I'm a customer, not an employee
100x Core i7-980x, 12GB DDR3, ATI FirePro v8750 (realtime stats)
Logged
« Reply #15 on 01/05/2008, 13:37 »
Quote from: God on 01/05/2008, 13:26

Geewizz if your machine is infected your avatar will change to a blank grey square....  Shocked

The real giveaway was the discoloured, sticky discharge from my hard drive.
Logged
Pages: [1] 2
Home » Forum » Products and Services Discussion » Community Support » Kraken Botnet
Jump to:  

Related Sites

Community Apps

Here at Plusnet we're always trying to use clever open source things to make our lives easier. Sometimes we write our own and make other people's lives easier too!

View the Plusnet Open Source applications page

About Plusnet

We sell broadband, phone, VoIP and more to homes and businesses in the UK. Winner of 9 out of 11 Categories in the 2008 USwitch survey. Winner of "Best Consumer ISP" at 2008 ISPA awards. Voted number 1 in the Broadband Choices 2008 survey.

© Plusnet plc All Rights Reserved. E&OE

Powered by SMF | SMF © 2006-2008, Simple Machines LLC

Add to Technorati Favourites