<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article09_12_28_1657245</id>
	<title>Man Challenges 250,000 Strong Botnet and Succeeds</title>
	<author>CmdrTaco</author>
	<datestamp>1261995360000</datestamp>
	<htmltext>nandemoari writes <i>"When security officials decide to 'go after' computer malware, most conduct their actions from a defensive standpoint. For most of us, finding a way to rid a computer of the malware suffices &mdash; but for one computer researcher, however, the change from a defensive to an offensive mentality is what ended the two year chase of a sinister botnet once and for all.  For two years, Atif Mushtaq had been keeping the notorious Mega-D bot malware from infecting computer networks. As of this past November, he suddenly <a href="http://www.pcworld.com/article/185122/good\_guys\_bring\_down\_the\_megad\_botnet.html">switched from defense to offense</a>. Mega-D had forced more than 250,000 PCs to do its bidding via botnet control."</i></htmltext>
<tokenext>nandemoari writes " When security officials decide to 'go after ' computer malware , most conduct their actions from a defensive standpoint .
For most of us , finding a way to rid a computer of the malware suffices    but for one computer researcher , however , the change from a defensive to an offensive mentality is what ended the two year chase of a sinister botnet once and for all .
For two years , Atif Mushtaq had been keeping the notorious Mega-D bot malware from infecting computer networks .
As of this past November , he suddenly switched from defense to offense .
Mega-D had forced more than 250,000 PCs to do its bidding via botnet control .
"</tokentext>
<sentencetext>nandemoari writes "When security officials decide to 'go after' computer malware, most conduct their actions from a defensive standpoint.
For most of us, finding a way to rid a computer of the malware suffices — but for one computer researcher, however, the change from a defensive to an offensive mentality is what ended the two year chase of a sinister botnet once and for all.
For two years, Atif Mushtaq had been keeping the notorious Mega-D bot malware from infecting computer networks.
As of this past November, he suddenly switched from defense to offense.
Mega-D had forced more than 250,000 PCs to do its bidding via botnet control.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30579982</id>
	<title>Re:PR "Stuff" from Fireeye</title>
	<author>vegiVamp</author>
	<datestamp>1262119560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>&gt; The cost of this may be too high to be worth it... but if you take away someone's internet access for a while when they get hosed, then maybe they'll stop getting hosed.<br><br>The trouble with this, is that the people who are prone to get hosed, are the people who have no real clue as to how or why they get hosed, let alone how to prevent it.<br><br>Had this practice started way back when eternal september was barely more than a witticism, we probably wouldn't have been where we are now; and while my gut says that it would be very benificial to just kick all the lusers off 'our' net again, that's not really an option in and of itself - it's mostly *because* of the constant influx of new users that we now have nice fat pipes.<br><br>The trouble is, for the most part, that users don't have much incentive to do something about malware on their machines as long as they're not impacted too much. Kicking infected PCs off the net for a while (and gradually longer with each new occurrence) may well provide that incentive, BUT it is then also our responsibility to educate them on how to avoid infection IN A WAY THAT THEY UNDERSTAND. That latter part is not always one of the strong points of our community<nobr> <wbr></nobr>:-)<br><br>And, one can only dream, maybe the unwashed masses will finally start demanding a more secure operating system from the majority vendor, or choose more secure alternatives. Before you lot start hammering me, I know full well that *nix isn't perfect, either, but if Redmond starts shaping up, maybe we'll be the next target, and we'll fix the holes we have, too<nobr> <wbr></nobr>:-)</htmltext>
<tokenext>&gt; The cost of this may be too high to be worth it... but if you take away someone 's internet access for a while when they get hosed , then maybe they 'll stop getting hosed.The trouble with this , is that the people who are prone to get hosed , are the people who have no real clue as to how or why they get hosed , let alone how to prevent it.Had this practice started way back when eternal september was barely more than a witticism , we probably would n't have been where we are now ; and while my gut says that it would be very benificial to just kick all the lusers off 'our ' net again , that 's not really an option in and of itself - it 's mostly * because * of the constant influx of new users that we now have nice fat pipes.The trouble is , for the most part , that users do n't have much incentive to do something about malware on their machines as long as they 're not impacted too much .
Kicking infected PCs off the net for a while ( and gradually longer with each new occurrence ) may well provide that incentive , BUT it is then also our responsibility to educate them on how to avoid infection IN A WAY THAT THEY UNDERSTAND .
That latter part is not always one of the strong points of our community : - ) And , one can only dream , maybe the unwashed masses will finally start demanding a more secure operating system from the majority vendor , or choose more secure alternatives .
Before you lot start hammering me , I know full well that * nix is n't perfect , either , but if Redmond starts shaping up , maybe we 'll be the next target , and we 'll fix the holes we have , too : - )</tokentext>
<sentencetext>&gt; The cost of this may be too high to be worth it... but if you take away someone's internet access for a while when they get hosed, then maybe they'll stop getting hosed.The trouble with this, is that the people who are prone to get hosed, are the people who have no real clue as to how or why they get hosed, let alone how to prevent it.Had this practice started way back when eternal september was barely more than a witticism, we probably wouldn't have been where we are now; and while my gut says that it would be very benificial to just kick all the lusers off 'our' net again, that's not really an option in and of itself - it's mostly *because* of the constant influx of new users that we now have nice fat pipes.The trouble is, for the most part, that users don't have much incentive to do something about malware on their machines as long as they're not impacted too much.
Kicking infected PCs off the net for a while (and gradually longer with each new occurrence) may well provide that incentive, BUT it is then also our responsibility to educate them on how to avoid infection IN A WAY THAT THEY UNDERSTAND.
That latter part is not always one of the strong points of our community :-)And, one can only dream, maybe the unwashed masses will finally start demanding a more secure operating system from the majority vendor, or choose more secure alternatives.
Before you lot start hammering me, I know full well that *nix isn't perfect, either, but if Redmond starts shaping up, maybe we'll be the next target, and we'll fix the holes we have, too :-)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30578128</id>
	<title>More questions than answers</title>
	<author>Earthquake Retrofit</author>
	<datestamp>1262011740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I still don't see why the company that makes the penis pills isn't arrested. Why do I hear ads for e-mail marketing services on NPR?

A non-governmental approach would be to convince 'legitimate' businesse' that their profits are at risk from spam. Trillion dollar multi-nationals might not be averse to extra-judicial means.</htmltext>
<tokenext>I still do n't see why the company that makes the penis pills is n't arrested .
Why do I hear ads for e-mail marketing services on NPR ?
A non-governmental approach would be to convince 'legitimate ' businesse ' that their profits are at risk from spam .
Trillion dollar multi-nationals might not be averse to extra-judicial means .</tokentext>
<sentencetext>I still don't see why the company that makes the penis pills isn't arrested.
Why do I hear ads for e-mail marketing services on NPR?
A non-governmental approach would be to convince 'legitimate' businesse' that their profits are at risk from spam.
Trillion dollar multi-nationals might not be averse to extra-judicial means.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30578016</id>
	<title>An idea:</title>
	<author>Hurricane78</author>
	<datestamp>1262010720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>If the botnet client runs on your own computer... then by definition, your own CPU interprets the list of commands that it resembles.</p><p>So nothing can stop you from modifying that program in-place, so it infects all other clients too, until the whole botnet in yours. At least if the clients have some update mechanism.</p><p>With a bit of luck, you could even trick the original &ldquo;owner&rdquo; into getting infected by your own trojan horse, find out all contact / address data on his system, where he lives, and either send him the cops, or beat him up.<br>I&rsquo;d choose: Gay child porn with dead animals on his computer, and then the cops beating him up. ^^</p></htmltext>
<tokenext>If the botnet client runs on your own computer... then by definition , your own CPU interprets the list of commands that it resembles.So nothing can stop you from modifying that program in-place , so it infects all other clients too , until the whole botnet in yours .
At least if the clients have some update mechanism.With a bit of luck , you could even trick the original    owner    into getting infected by your own trojan horse , find out all contact / address data on his system , where he lives , and either send him the cops , or beat him up.I    d choose : Gay child porn with dead animals on his computer , and then the cops beating him up .
^ ^</tokentext>
<sentencetext>If the botnet client runs on your own computer... then by definition, your own CPU interprets the list of commands that it resembles.So nothing can stop you from modifying that program in-place, so it infects all other clients too, until the whole botnet in yours.
At least if the clients have some update mechanism.With a bit of luck, you could even trick the original “owner” into getting infected by your own trojan horse, find out all contact / address data on his system, where he lives, and either send him the cops, or beat him up.I’d choose: Gay child porn with dead animals on his computer, and then the cops beating him up.
^^</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30579798</id>
	<title>Slashdoters should attack the ISP that do not help</title>
	<author>Anonymous</author>
	<datestamp>1262117160000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Slashdot has a huge following.  The should attack thsi ISP that do not support the take down. The word "attack" should be legal, I do not condone illegal activity.</p></htmltext>
<tokenext>Slashdot has a huge following .
The should attack thsi ISP that do not support the take down .
The word " attack " should be legal , I do not condone illegal activity .</tokentext>
<sentencetext>Slashdot has a huge following.
The should attack thsi ISP that do not support the take down.
The word "attack" should be legal, I do not condone illegal activity.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30584084</id>
	<title>Re:Arms race</title>
	<author>PerfectionLost</author>
	<datestamp>1262113020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I'm assuming that a P2P update system would be even more vulnerable.  Once you hook into it, you could hijack their bread and butter.</p><p>The way you really stop this, is by finding the people.  And look, all of their servers were in America, with the exception of 2.  I'm willing to bet that most of them live in america.  With two operatives in foreign countries.  If an actual law enforcement agency was doing this, they would be able to issue subpoenas, and follow the paper trail to who owns the domain--or atleast what identity theft persona owns it.</p></htmltext>
<tokenext>I 'm assuming that a P2P update system would be even more vulnerable .
Once you hook into it , you could hijack their bread and butter.The way you really stop this , is by finding the people .
And look , all of their servers were in America , with the exception of 2 .
I 'm willing to bet that most of them live in america .
With two operatives in foreign countries .
If an actual law enforcement agency was doing this , they would be able to issue subpoenas , and follow the paper trail to who owns the domain--or atleast what identity theft persona owns it .</tokentext>
<sentencetext>I'm assuming that a P2P update system would be even more vulnerable.
Once you hook into it, you could hijack their bread and butter.The way you really stop this, is by finding the people.
And look, all of their servers were in America, with the exception of 2.
I'm willing to bet that most of them live in america.
With two operatives in foreign countries.
If an actual law enforcement agency was doing this, they would be able to issue subpoenas, and follow the paper trail to who owns the domain--or atleast what identity theft persona owns it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576686</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577130</id>
	<title>Re:PR "Stuff" from Fireeye</title>
	<author>shentino</author>
	<datestamp>1262003760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I'd call it electronic quarantine.</p></htmltext>
<tokenext>I 'd call it electronic quarantine .</tokentext>
<sentencetext>I'd call it electronic quarantine.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577592</id>
	<title>Re:PR "Stuff" from Fireeye</title>
	<author>Anonymous</author>
	<datestamp>1262007600000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I think removing spammers is easier. They are not that numerous. And don't say, most of them are abroad. The infected bots are too.</p></htmltext>
<tokenext>I think removing spammers is easier .
They are not that numerous .
And do n't say , most of them are abroad .
The infected bots are too .</tokentext>
<sentencetext>I think removing spammers is easier.
They are not that numerous.
And don't say, most of them are abroad.
The infected bots are too.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30585018</id>
	<title>Re:Treat the illness, not the symptoms...</title>
	<author>Anonymous</author>
	<datestamp>1262117460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The illness in this case is human greed -- the greed of those sending the spam, the greed of those wanting to use the spammer's services for cheap, the greed of those individuals who actually make spam lucrative.</p><p>When you find out how to treat greed, let me know.  Until it's fixed, the problem will just shift to another domain.</p></htmltext>
<tokenext>The illness in this case is human greed -- the greed of those sending the spam , the greed of those wanting to use the spammer 's services for cheap , the greed of those individuals who actually make spam lucrative.When you find out how to treat greed , let me know .
Until it 's fixed , the problem will just shift to another domain .</tokentext>
<sentencetext>The illness in this case is human greed -- the greed of those sending the spam, the greed of those wanting to use the spammer's services for cheap, the greed of those individuals who actually make spam lucrative.When you find out how to treat greed, let me know.
Until it's fixed, the problem will just shift to another domain.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576660</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30582136</id>
	<title>Re:Yeah that's how I read it too</title>
	<author>Anonymous</author>
	<datestamp>1262102940000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>1</modscore>
	<htmltext><p>Except the botnet's client software verifies commands with against a public key.  Official commands are signed by the private key and only executed if they have the proper signature.  Botnet authors are getting better<nobr> <wbr></nobr>:)</p></htmltext>
<tokenext>Except the botnet 's client software verifies commands with against a public key .
Official commands are signed by the private key and only executed if they have the proper signature .
Botnet authors are getting better : )</tokentext>
<sentencetext>Except the botnet's client software verifies commands with against a public key.
Official commands are signed by the private key and only executed if they have the proper signature.
Botnet authors are getting better :)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576930</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576604</id>
	<title>Command &amp; Control</title>
	<author>Anonymous</author>
	<datestamp>1261999980000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>All they did was get the DCs hosting the command and control servers to shut them down and register the spare domain names.</p><p>Obviously this was a temporary solution.</p></htmltext>
<tokenext>All they did was get the DCs hosting the command and control servers to shut them down and register the spare domain names.Obviously this was a temporary solution .</tokentext>
<sentencetext>All they did was get the DCs hosting the command and control servers to shut them down and register the spare domain names.Obviously this was a temporary solution.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576550</id>
	<title>Time to stop any jerkoff from starting an ISP.</title>
	<author>Anonymous</author>
	<datestamp>1261999560000</datestamp>
	<modclass>None</modclass>
	<modscore>-1</modscore>
	<htmltext><i>By cutting off the botnet's pool of domain names, the antibotnet operatives ensured that bots could not reach Mega-D-affiliated servers that the overseas ISPs had declined to take down.</i> <br> Don't allow overseas ISP  real estate on the internet, why allow an ISP that condone/allow such activity, the ability to even access the internet?</htmltext>
<tokenext>By cutting off the botnet 's pool of domain names , the antibotnet operatives ensured that bots could not reach Mega-D-affiliated servers that the overseas ISPs had declined to take down .
Do n't allow overseas ISP real estate on the internet , why allow an ISP that condone/allow such activity , the ability to even access the internet ?</tokentext>
<sentencetext>By cutting off the botnet's pool of domain names, the antibotnet operatives ensured that bots could not reach Mega-D-affiliated servers that the overseas ISPs had declined to take down.
Don't allow overseas ISP  real estate on the internet, why allow an ISP that condone/allow such activity, the ability to even access the internet?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576930</id>
	<title>Yeah that's how I read it too</title>
	<author>Weaselmancer</author>
	<datestamp>1262002200000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p> <i>All they did was get the DCs hosting the command and control servers to shut them down and register the spare domain names.

</i></p><p><i>Obviously this was a temporary solution.</i>

</p><p>Yeah, it sort of seems like they could have done a better job.  If they could get cooperation from the primary ISP of the main C&amp;C controller, and they could even set up honeypots that would accept connections to count the number of computers in the botnet - why not do more than simply remove the command servers?

</p><p>Why not set up a bogus C&amp;C server to have the botnet erase itself?

</p><p>I'm not promoting a "format c:" option here (although that would work, obviously) - but why not have the botnet destroy itself once you breach it's command structure?  Have the botnet pass around a binary that erases the botnet binaries from the infected PC on the next reboot, then force a reboot?  The researchers certainly know enough to create such a binary.  And they obviously know enough about command parsing if they can make honeypots.  Why not go that extra 2\% and kill the thing?

</p><p>The hard work was already done it seems.  This botnet could be completely dead, not just disconnected and waiting.</p></htmltext>
<tokenext>All they did was get the DCs hosting the command and control servers to shut them down and register the spare domain names .
Obviously this was a temporary solution .
Yeah , it sort of seems like they could have done a better job .
If they could get cooperation from the primary ISP of the main C&amp;C controller , and they could even set up honeypots that would accept connections to count the number of computers in the botnet - why not do more than simply remove the command servers ?
Why not set up a bogus C&amp;C server to have the botnet erase itself ?
I 'm not promoting a " format c : " option here ( although that would work , obviously ) - but why not have the botnet destroy itself once you breach it 's command structure ?
Have the botnet pass around a binary that erases the botnet binaries from the infected PC on the next reboot , then force a reboot ?
The researchers certainly know enough to create such a binary .
And they obviously know enough about command parsing if they can make honeypots .
Why not go that extra 2 \ % and kill the thing ?
The hard work was already done it seems .
This botnet could be completely dead , not just disconnected and waiting .</tokentext>
<sentencetext> All they did was get the DCs hosting the command and control servers to shut them down and register the spare domain names.
Obviously this was a temporary solution.
Yeah, it sort of seems like they could have done a better job.
If they could get cooperation from the primary ISP of the main C&amp;C controller, and they could even set up honeypots that would accept connections to count the number of computers in the botnet - why not do more than simply remove the command servers?
Why not set up a bogus C&amp;C server to have the botnet erase itself?
I'm not promoting a "format c:" option here (although that would work, obviously) - but why not have the botnet destroy itself once you breach it's command structure?
Have the botnet pass around a binary that erases the botnet binaries from the infected PC on the next reboot, then force a reboot?
The researchers certainly know enough to create such a binary.
And they obviously know enough about command parsing if they can make honeypots.
Why not go that extra 2\% and kill the thing?
The hard work was already done it seems.
This botnet could be completely dead, not just disconnected and waiting.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576604</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576686</id>
	<title>Arms race</title>
	<author>Locke2005</author>
	<datestamp>1262000580000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>Sure, cutting off botnet access to C&amp;C machines works now, but what happens when they adopt a true peer-to-peer control structure, rather than the primitive centralized control structure they are using now?</htmltext>
<tokenext>Sure , cutting off botnet access to C&amp;C machines works now , but what happens when they adopt a true peer-to-peer control structure , rather than the primitive centralized control structure they are using now ?</tokentext>
<sentencetext>Sure, cutting off botnet access to C&amp;C machines works now, but what happens when they adopt a true peer-to-peer control structure, rather than the primitive centralized control structure they are using now?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577044</id>
	<title>Re:Arms race</title>
	<author>MadnessASAP</author>
	<datestamp>1262003040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Then we are all truly fucked.</p><p>Or alternatively the internet becomes a whole lot more fun as we learn to take control of parts of the botnet by hijacking these p2p links.</p></htmltext>
<tokenext>Then we are all truly fucked.Or alternatively the internet becomes a whole lot more fun as we learn to take control of parts of the botnet by hijacking these p2p links .</tokentext>
<sentencetext>Then we are all truly fucked.Or alternatively the internet becomes a whole lot more fun as we learn to take control of parts of the botnet by hijacking these p2p links.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576686</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30580080</id>
	<title>Guerrilla Gorilla</title>
	<author>fm6</author>
	<datestamp>1262078040000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>Fighting spammers is like fighting against a guerilla army. Constant vigilance, swift response times, and, eventually, wholesale destruction of the people supporting the guerrillas will be necessary to win the war.</p></div><p>Is your use of "wholesale destruction" metaphorical, or do you really think guerilla warfare works that way? Because we tried that in Vietnam, and it didn't work. Which is why U.S. <a href="http://www.army.mil/-news/2006/12/15/1005-army-marine-corps-unveil-counterinsurgency-field-manual/" title="army.mil">counterinsurgency doctrine</a> [army.mil] got revised to exclude the myth that you can win a guerrilla war just by killing people. You also have to change the environment on the ground so that supporting your side instead of the guerrillas is a realistic option for the general population.</p><p>Now, if the war against malware is like a guerrilla war, then it's never going to be over. There will always be some place for the other side to run and hide. We can't order other countries to not host services we don't like, if only because <a href="http://www.fas.org/irp/world/china/netreg.htm" title="fas.org">we don't want them to do the same to us</a> [fas.org].</p><p>Fortunately, the analogy with guerrilla warfare only goes so far. The Internet is something people invented, not a foreign country with a complicated history and obscure customs. We can rework the thing so that the Bad Guys have a less friendly environment.</p></div>
	</htmltext>
<tokenext>Fighting spammers is like fighting against a guerilla army .
Constant vigilance , swift response times , and , eventually , wholesale destruction of the people supporting the guerrillas will be necessary to win the war.Is your use of " wholesale destruction " metaphorical , or do you really think guerilla warfare works that way ?
Because we tried that in Vietnam , and it did n't work .
Which is why U.S. counterinsurgency doctrine [ army.mil ] got revised to exclude the myth that you can win a guerrilla war just by killing people .
You also have to change the environment on the ground so that supporting your side instead of the guerrillas is a realistic option for the general population.Now , if the war against malware is like a guerrilla war , then it 's never going to be over .
There will always be some place for the other side to run and hide .
We ca n't order other countries to not host services we do n't like , if only because we do n't want them to do the same to us [ fas.org ] .Fortunately , the analogy with guerrilla warfare only goes so far .
The Internet is something people invented , not a foreign country with a complicated history and obscure customs .
We can rework the thing so that the Bad Guys have a less friendly environment .</tokentext>
<sentencetext>Fighting spammers is like fighting against a guerilla army.
Constant vigilance, swift response times, and, eventually, wholesale destruction of the people supporting the guerrillas will be necessary to win the war.Is your use of "wholesale destruction" metaphorical, or do you really think guerilla warfare works that way?
Because we tried that in Vietnam, and it didn't work.
Which is why U.S. counterinsurgency doctrine [army.mil] got revised to exclude the myth that you can win a guerrilla war just by killing people.
You also have to change the environment on the ground so that supporting your side instead of the guerrillas is a realistic option for the general population.Now, if the war against malware is like a guerrilla war, then it's never going to be over.
There will always be some place for the other side to run and hide.
We can't order other countries to not host services we don't like, if only because we don't want them to do the same to us [fas.org].Fortunately, the analogy with guerrilla warfare only goes so far.
The Internet is something people invented, not a foreign country with a complicated history and obscure customs.
We can rework the thing so that the Bad Guys have a less friendly environment.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30582106</id>
	<title>Re:PR "Stuff" from Fireeye</title>
	<author>TheCarp</author>
	<datestamp>1262102760000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>No, a guerrilla army still has a command and control structure. While an individual botnet, or individual criminal enterprise would have such a structure, "botnets" don't. Its more like crime fighting. Anyone could choose to commit a crime at any time. Most wont (mostly) and some will. Some criminals you will put a stop to, some you wont.</p><p>You are never going to win a war against "crime" any more than the war against "botnets". The best you can ever hope to do is raise the perception of how hard it is to create, maintain, and control botnets higher than the percieved value of doing so. The same way the cost and probability of getting caught shoplifting in a store with cameras stops a certain number of people who might otherwise shoplift.</p><p>-Steve</p></htmltext>
<tokenext>No , a guerrilla army still has a command and control structure .
While an individual botnet , or individual criminal enterprise would have such a structure , " botnets " do n't .
Its more like crime fighting .
Anyone could choose to commit a crime at any time .
Most wont ( mostly ) and some will .
Some criminals you will put a stop to , some you wont.You are never going to win a war against " crime " any more than the war against " botnets " .
The best you can ever hope to do is raise the perception of how hard it is to create , maintain , and control botnets higher than the percieved value of doing so .
The same way the cost and probability of getting caught shoplifting in a store with cameras stops a certain number of people who might otherwise shoplift.-Steve</tokentext>
<sentencetext>No, a guerrilla army still has a command and control structure.
While an individual botnet, or individual criminal enterprise would have such a structure, "botnets" don't.
Its more like crime fighting.
Anyone could choose to commit a crime at any time.
Most wont (mostly) and some will.
Some criminals you will put a stop to, some you wont.You are never going to win a war against "crime" any more than the war against "botnets".
The best you can ever hope to do is raise the perception of how hard it is to create, maintain, and control botnets higher than the percieved value of doing so.
The same way the cost and probability of getting caught shoplifting in a store with cameras stops a certain number of people who might otherwise shoplift.-Steve</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30578242</id>
	<title>Re:Arms race</title>
	<author>mysidia</author>
	<datestamp>1262012700000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>
I think it's so hard to develop good peer-to-peer network structure that it might not happen.
</p><p>
There aren't that many truly peer-to-peer networks that have ever succeeded.
</p><p>
I'd say the Internet itself, but even the Internet has to have DNS...
</p><p>
Something central has to give you a starting point, at least.</p><p>
I've yet to see any  peer to peer network technologies that don't require a "seed list" of some central nodes to initially connect to the network.
</p></htmltext>
<tokenext>I think it 's so hard to develop good peer-to-peer network structure that it might not happen .
There are n't that many truly peer-to-peer networks that have ever succeeded .
I 'd say the Internet itself , but even the Internet has to have DNS.. . Something central has to give you a starting point , at least .
I 've yet to see any peer to peer network technologies that do n't require a " seed list " of some central nodes to initially connect to the network .</tokentext>
<sentencetext>
I think it's so hard to develop good peer-to-peer network structure that it might not happen.
There aren't that many truly peer-to-peer networks that have ever succeeded.
I'd say the Internet itself, but even the Internet has to have DNS...

Something central has to give you a starting point, at least.
I've yet to see any  peer to peer network technologies that don't require a "seed list" of some central nodes to initially connect to the network.
</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576686</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30578476</id>
	<title>Re:PR "Stuff" from Fireeye</title>
	<author>aedil</author>
	<datestamp>1262014380000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>I think you miss another important aspect of this "war"...  As in fighting a guerilla army, you usually end up being on the less effective side of the conflict due to rules and regulations that one tends to be bound by, whereas a guerilla army usually couldn't care less about the rules.  Spammers do not care about breaking rules, regulations, and protocols, so they can play very dirty whenever they want (and botnets are a clear example of that).  Offensive action against them is usually still bound by some rules, and thus they have a natural advantage.  Spammers do not care about any collateral damage... System administrators and othe people fighting the spammers usually do have to care about collateral damage.</p></htmltext>
<tokenext>I think you miss another important aspect of this " war " ... As in fighting a guerilla army , you usually end up being on the less effective side of the conflict due to rules and regulations that one tends to be bound by , whereas a guerilla army usually could n't care less about the rules .
Spammers do not care about breaking rules , regulations , and protocols , so they can play very dirty whenever they want ( and botnets are a clear example of that ) .
Offensive action against them is usually still bound by some rules , and thus they have a natural advantage .
Spammers do not care about any collateral damage... System administrators and othe people fighting the spammers usually do have to care about collateral damage .</tokentext>
<sentencetext>I think you miss another important aspect of this "war"...  As in fighting a guerilla army, you usually end up being on the less effective side of the conflict due to rules and regulations that one tends to be bound by, whereas a guerilla army usually couldn't care less about the rules.
Spammers do not care about breaking rules, regulations, and protocols, so they can play very dirty whenever they want (and botnets are a clear example of that).
Offensive action against them is usually still bound by some rules, and thus they have a natural advantage.
Spammers do not care about any collateral damage... System administrators and othe people fighting the spammers usually do have to care about collateral damage.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577240</id>
	<title>Re:Treat the illness, not the symptoms...</title>
	<author>Requiem18th</author>
	<datestamp>1262004540000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>What illness Windows? The Windows ecosystem security is hopelessly broken.</p><p>Lot's of outdated machines won't upgrade because the upgrades are expensive, and even if they were free they might brake software OR compatibility, and even if they are free and don't break compatibility many of these systems use pirate copies of Windows and they aren't going to expose themselves to unexpected lockouts.</p><p>No, the solution is implementing a counter-spaming initiative at the ISP level. With counter spaming I mean spaming the spamers, NO, I don't mean naively counter-spaming their email addresses, I mean spaming their honey pot channels, there was a thunderbird extension for this, basically they follow the links in the spam message and sign up/buy whatever they ask for, credit card numbers, friend email addresses, SSN, etc, all fake of course. Unlike their source email addresses they use to spam, they DO pay attention to information sent this way, because it is the way they make money, it's their biggest weak point, spam that and you  take them out of business.</p></htmltext>
<tokenext>What illness Windows ?
The Windows ecosystem security is hopelessly broken.Lot 's of outdated machines wo n't upgrade because the upgrades are expensive , and even if they were free they might brake software OR compatibility , and even if they are free and do n't break compatibility many of these systems use pirate copies of Windows and they are n't going to expose themselves to unexpected lockouts.No , the solution is implementing a counter-spaming initiative at the ISP level .
With counter spaming I mean spaming the spamers , NO , I do n't mean naively counter-spaming their email addresses , I mean spaming their honey pot channels , there was a thunderbird extension for this , basically they follow the links in the spam message and sign up/buy whatever they ask for , credit card numbers , friend email addresses , SSN , etc , all fake of course .
Unlike their source email addresses they use to spam , they DO pay attention to information sent this way , because it is the way they make money , it 's their biggest weak point , spam that and you take them out of business .</tokentext>
<sentencetext>What illness Windows?
The Windows ecosystem security is hopelessly broken.Lot's of outdated machines won't upgrade because the upgrades are expensive, and even if they were free they might brake software OR compatibility, and even if they are free and don't break compatibility many of these systems use pirate copies of Windows and they aren't going to expose themselves to unexpected lockouts.No, the solution is implementing a counter-spaming initiative at the ISP level.
With counter spaming I mean spaming the spamers, NO, I don't mean naively counter-spaming their email addresses, I mean spaming their honey pot channels, there was a thunderbird extension for this, basically they follow the links in the spam message and sign up/buy whatever they ask for, credit card numbers, friend email addresses, SSN, etc, all fake of course.
Unlike their source email addresses they use to spam, they DO pay attention to information sent this way, because it is the way they make money, it's their biggest weak point, spam that and you  take them out of business.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576660</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576572</id>
	<title>Re:PR "Stuff" from Fireeye</title>
	<author>nomadic</author>
	<datestamp>1261999680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><i>Mega-D returned on 13 November using a different collection of bots, sending between 4-5\% of spam</i>
<br>
<br>In other words he cut the amount of spam he sent in half?  That's not too shabby.</htmltext>
<tokenext>Mega-D returned on 13 November using a different collection of bots , sending between 4-5 \ % of spam In other words he cut the amount of spam he sent in half ?
That 's not too shabby .</tokentext>
<sentencetext>Mega-D returned on 13 November using a different collection of bots, sending between 4-5\% of spam

In other words he cut the amount of spam he sent in half?
That's not too shabby.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576474</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30579722</id>
	<title>Re:Treat the illness, not the symptoms...</title>
	<author>CharlyFoxtrot</author>
	<datestamp>1262029080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>The machines that are infected are still vulnerable.  All the original botnet owner is going to do is modify a new botnet to use different domains or IP's and back to life it comes.</p></div><p>I've long thought that one way to deal a deadly blow to spammers would be for Microsoft to announce a "Windows amnesty" where people could carry in their computers to volunteer geeks and get a legit fully patched version of whatever (pirated and probably infected) Windows is on their system. It would generated a lot of positive press too but it's probably too costly.</p></div>
	</htmltext>
<tokenext>The machines that are infected are still vulnerable .
All the original botnet owner is going to do is modify a new botnet to use different domains or IP 's and back to life it comes.I 've long thought that one way to deal a deadly blow to spammers would be for Microsoft to announce a " Windows amnesty " where people could carry in their computers to volunteer geeks and get a legit fully patched version of whatever ( pirated and probably infected ) Windows is on their system .
It would generated a lot of positive press too but it 's probably too costly .</tokentext>
<sentencetext>The machines that are infected are still vulnerable.
All the original botnet owner is going to do is modify a new botnet to use different domains or IP's and back to life it comes.I've long thought that one way to deal a deadly blow to spammers would be for Microsoft to announce a "Windows amnesty" where people could carry in their computers to volunteer geeks and get a legit fully patched version of whatever (pirated and probably infected) Windows is on their system.
It would generated a lot of positive press too but it's probably too costly.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576660</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30579190</id>
	<title>Re:Signed software.</title>
	<author>LaminatorX</author>
	<datestamp>1262022000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If you have a few infected honeypots and can eavesdrop on the C&amp;C, shouldn't you be able to compromise the key exchange as well?  Not trivial but doable when the stakes high.  Or are the botmasters using a sequence of one-time-pads for their updates similar to their domain name fallbacks?</p></htmltext>
<tokenext>If you have a few infected honeypots and can eavesdrop on the C&amp;C , should n't you be able to compromise the key exchange as well ?
Not trivial but doable when the stakes high .
Or are the botmasters using a sequence of one-time-pads for their updates similar to their domain name fallbacks ?</tokentext>
<sentencetext>If you have a few infected honeypots and can eavesdrop on the C&amp;C, shouldn't you be able to compromise the key exchange as well?
Not trivial but doable when the stakes high.
Or are the botmasters using a sequence of one-time-pads for their updates similar to their domain name fallbacks?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577312</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30580550</id>
	<title>Re:PR "Stuff" from Fireeye</title>
	<author>Anonymous</author>
	<datestamp>1262086740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>Constant vigilance, swift response times, and, eventually, <b>wholesale destruction of the people supporting the guerillas</b> will be necessary to win the war.</p></div><p>In this case that is the customers who buy what is advertised in the spam. Are you suggesting we take over the botnets and send out arsenic instead of viagra?</p></div>
	</htmltext>
<tokenext>Constant vigilance , swift response times , and , eventually , wholesale destruction of the people supporting the guerillas will be necessary to win the war.In this case that is the customers who buy what is advertised in the spam .
Are you suggesting we take over the botnets and send out arsenic instead of viagra ?</tokentext>
<sentencetext>Constant vigilance, swift response times, and, eventually, wholesale destruction of the people supporting the guerillas will be necessary to win the war.In this case that is the customers who buy what is advertised in the spam.
Are you suggesting we take over the botnets and send out arsenic instead of viagra?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30580112</id>
	<title>Re:The role of Microsoft</title>
	<author>Anonymous</author>
	<datestamp>1262078700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>And they run services and programs with full system access</p></div><p>No, they don't. Nice try at FUD though. You should update your talking points you got at the last anti-ms troll conference.</p><p><div class="quote"><p>No way you should be able to compromise a system with a just a document or a web page.</p></div><p>Cool, so no code execution vulnerabilities have ever been found on Linux? No browsers on Linux have ever been found to have exploits? The dope is good...</p></div>
	</htmltext>
<tokenext>And they run services and programs with full system accessNo , they do n't .
Nice try at FUD though .
You should update your talking points you got at the last anti-ms troll conference.No way you should be able to compromise a system with a just a document or a web page.Cool , so no code execution vulnerabilities have ever been found on Linux ?
No browsers on Linux have ever been found to have exploits ?
The dope is good.. .</tokentext>
<sentencetext>And they run services and programs with full system accessNo, they don't.
Nice try at FUD though.
You should update your talking points you got at the last anti-ms troll conference.No way you should be able to compromise a system with a just a document or a web page.Cool, so no code execution vulnerabilities have ever been found on Linux?
No browsers on Linux have ever been found to have exploits?
The dope is good...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577960</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576660</id>
	<title>Treat the illness, not the symptoms...</title>
	<author>Last\_Available\_Usern</author>
	<datestamp>1262000520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>
All of the effort associated with this, and other endeavors to thwart botnets, would really be better served isolating the primary reason why these botnets continue to be successful and create new ways to thwart them before they occur.  The machines that are infected are still vulnerable.  All the original botnet owner is going to do is modify a new botnet to use different domains or IP's and back to life it comes.</htmltext>
<tokenext>All of the effort associated with this , and other endeavors to thwart botnets , would really be better served isolating the primary reason why these botnets continue to be successful and create new ways to thwart them before they occur .
The machines that are infected are still vulnerable .
All the original botnet owner is going to do is modify a new botnet to use different domains or IP 's and back to life it comes .</tokentext>
<sentencetext>
All of the effort associated with this, and other endeavors to thwart botnets, would really be better served isolating the primary reason why these botnets continue to be successful and create new ways to thwart them before they occur.
The machines that are infected are still vulnerable.
All the original botnet owner is going to do is modify a new botnet to use different domains or IP's and back to life it comes.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577040</id>
	<title>Re:PR "Stuff" from Fireeye</title>
	<author>shentino</author>
	<datestamp>1262003040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Finally, someone treats the army of compromised computers like what it really is, an army.</p></htmltext>
<tokenext>Finally , someone treats the army of compromised computers like what it really is , an army .</tokentext>
<sentencetext>Finally, someone treats the army of compromised computers like what it really is, an army.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576474</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577312</id>
	<title>Signed software.</title>
	<author>khasim</author>
	<datestamp>1262004900000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><blockquote><div><p>Have the botnet pass around a binary that erases the botnet binaries from the infected PC on the next reboot, then force a reboot?</p></div></blockquote><p>Because most of them depend upon digitally signed updates now. So you cannot use the zombie code to remove the zombie code unless you first have the key.</p><p>Which makes it rather difficult.</p><p>On the other hand<nobr> <wbr></nobr>... writing a removal routine should be a LOT easier. A clean removal. Removing just the zombie code and ALL of the zombie code.</p><p>The problem then would be getting it to run on the zombies.</p><p>This is where the ISP's come in. It's easy enough for them to redirect all your traffic to a web page with the removal code available there. And since it is easy enough to identify the zombies, their IP addresses and their ISP's<nobr> <wbr></nobr>... that should be easy, right?</p><p>Except it would cost the ISP's some money and they won't do that unless someone forces them to spend the money. So it will take a new law requiring them to do so.</p></div>
	</htmltext>
<tokenext>Have the botnet pass around a binary that erases the botnet binaries from the infected PC on the next reboot , then force a reboot ? Because most of them depend upon digitally signed updates now .
So you can not use the zombie code to remove the zombie code unless you first have the key.Which makes it rather difficult.On the other hand ... writing a removal routine should be a LOT easier .
A clean removal .
Removing just the zombie code and ALL of the zombie code.The problem then would be getting it to run on the zombies.This is where the ISP 's come in .
It 's easy enough for them to redirect all your traffic to a web page with the removal code available there .
And since it is easy enough to identify the zombies , their IP addresses and their ISP 's ... that should be easy , right ? Except it would cost the ISP 's some money and they wo n't do that unless someone forces them to spend the money .
So it will take a new law requiring them to do so .</tokentext>
<sentencetext>Have the botnet pass around a binary that erases the botnet binaries from the infected PC on the next reboot, then force a reboot?Because most of them depend upon digitally signed updates now.
So you cannot use the zombie code to remove the zombie code unless you first have the key.Which makes it rather difficult.On the other hand ... writing a removal routine should be a LOT easier.
A clean removal.
Removing just the zombie code and ALL of the zombie code.The problem then would be getting it to run on the zombies.This is where the ISP's come in.
It's easy enough for them to redirect all your traffic to a web page with the removal code available there.
And since it is easy enough to identify the zombies, their IP addresses and their ISP's ... that should be easy, right?Except it would cost the ISP's some money and they won't do that unless someone forces them to spend the money.
So it will take a new law requiring them to do so.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576930</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30581802</id>
	<title>Re:Command &amp; Control</title>
	<author>whoisisis</author>
	<datestamp>1262100900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>A good attack on botnets would be to make them delete zombie machines owners files.<br>Then the malware would get much more attention.</p><p>A decade ago, the mission of vira was to destroy as much as possible locally,<br>today they use stealth to be able to send spam, earning the virus writer money.</p></htmltext>
<tokenext>A good attack on botnets would be to make them delete zombie machines owners files.Then the malware would get much more attention.A decade ago , the mission of vira was to destroy as much as possible locally,today they use stealth to be able to send spam , earning the virus writer money .</tokentext>
<sentencetext>A good attack on botnets would be to make them delete zombie machines owners files.Then the malware would get much more attention.A decade ago, the mission of vira was to destroy as much as possible locally,today they use stealth to be able to send spam, earning the virus writer money.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576604</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30578618</id>
	<title>Re:PR "Stuff" from Fireeye</title>
	<author>Anonymous</author>
	<datestamp>1262015640000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>and, eventually, wholesale destruction of the people supporting the guerillas will be necessary to win the war.</p> </div><p> Too bad that was tried in the Southern America. It didn't end well. The "deep throat" famously told to follow the money. Spam is unsolicited junk e-mail advertising something. Somebody is paying for the campaign. Lets get them on the basis of them financing the criminal activity.</p></div>
	</htmltext>
<tokenext>and , eventually , wholesale destruction of the people supporting the guerillas will be necessary to win the war .
Too bad that was tried in the Southern America .
It did n't end well .
The " deep throat " famously told to follow the money .
Spam is unsolicited junk e-mail advertising something .
Somebody is paying for the campaign .
Lets get them on the basis of them financing the criminal activity .</tokentext>
<sentencetext>and, eventually, wholesale destruction of the people supporting the guerillas will be necessary to win the war.
Too bad that was tried in the Southern America.
It didn't end well.
The "deep throat" famously told to follow the money.
Spam is unsolicited junk e-mail advertising something.
Somebody is paying for the campaign.
Lets get them on the basis of them financing the criminal activity.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612</id>
	<title>Re:PR "Stuff" from Fireeye</title>
	<author>Anonymous</author>
	<datestamp>1262000100000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><blockquote><div><p>Almost eradicated on 4 November 2009 as the result of community action to disrupt the botnet, spam from Mega-D fell to approximately 1\% of all spam. Mega-D returned on 13 November using a different collection of bots, sending between 4-5\% of spam."</p></div></blockquote><p>So now there can be coordinated effort against the new botnet, he'll come back with new bots, community response to kill that one off...<br> <br>Fighting spammers is like fighting against a guerilla army.  Constant vigilance, swift response times, and, eventually, wholesale destruction of the people supporting the guerillas will be necessary to win the war.  Impact of spammers can be reduced by constant counter-attacks, but the only way to eliminate spam networks hosted on compromised machines is to remove compromised machines from the network (and as many compromisable machines as possible).<br> <br>The cost of this may be too high to be worth it... but if you take away someone's internet access for a while when they get hosed, then maybe they'll stop getting hosed.</p></div>
	</htmltext>
<tokenext>Almost eradicated on 4 November 2009 as the result of community action to disrupt the botnet , spam from Mega-D fell to approximately 1 \ % of all spam .
Mega-D returned on 13 November using a different collection of bots , sending between 4-5 \ % of spam .
" So now there can be coordinated effort against the new botnet , he 'll come back with new bots , community response to kill that one off... Fighting spammers is like fighting against a guerilla army .
Constant vigilance , swift response times , and , eventually , wholesale destruction of the people supporting the guerillas will be necessary to win the war .
Impact of spammers can be reduced by constant counter-attacks , but the only way to eliminate spam networks hosted on compromised machines is to remove compromised machines from the network ( and as many compromisable machines as possible ) .
The cost of this may be too high to be worth it... but if you take away someone 's internet access for a while when they get hosed , then maybe they 'll stop getting hosed .</tokentext>
<sentencetext>Almost eradicated on 4 November 2009 as the result of community action to disrupt the botnet, spam from Mega-D fell to approximately 1\% of all spam.
Mega-D returned on 13 November using a different collection of bots, sending between 4-5\% of spam.
"So now there can be coordinated effort against the new botnet, he'll come back with new bots, community response to kill that one off... Fighting spammers is like fighting against a guerilla army.
Constant vigilance, swift response times, and, eventually, wholesale destruction of the people supporting the guerillas will be necessary to win the war.
Impact of spammers can be reduced by constant counter-attacks, but the only way to eliminate spam networks hosted on compromised machines is to remove compromised machines from the network (and as many compromisable machines as possible).
The cost of this may be too high to be worth it... but if you take away someone's internet access for a while when they get hosed, then maybe they'll stop getting hosed.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576474</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577960</id>
	<title>The role of Microsoft</title>
	<author>Anonymous</author>
	<datestamp>1262010300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I see nothing here about what I see to be one of the primary culprits. Microsoft have consistently produced easily exploited, vulnerable software. And they run services and programs with full system access. Sure, they have improved somewhat lately, but they continue to include legacy code in SMB and probably in Office and IE - the whole code base is no doubt riddled with it. No way you should be able to compromise a system with a just a document or a web page.</p><p>There are enough vulnerabilities in Linux and MacOS, no doubt, but not such easy meat as Windows.</p></htmltext>
<tokenext>I see nothing here about what I see to be one of the primary culprits .
Microsoft have consistently produced easily exploited , vulnerable software .
And they run services and programs with full system access .
Sure , they have improved somewhat lately , but they continue to include legacy code in SMB and probably in Office and IE - the whole code base is no doubt riddled with it .
No way you should be able to compromise a system with a just a document or a web page.There are enough vulnerabilities in Linux and MacOS , no doubt , but not such easy meat as Windows .</tokentext>
<sentencetext>I see nothing here about what I see to be one of the primary culprits.
Microsoft have consistently produced easily exploited, vulnerable software.
And they run services and programs with full system access.
Sure, they have improved somewhat lately, but they continue to include legacy code in SMB and probably in Office and IE - the whole code base is no doubt riddled with it.
No way you should be able to compromise a system with a just a document or a web page.There are enough vulnerabilities in Linux and MacOS, no doubt, but not such easy meat as Windows.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30580932</id>
	<title>Make ISPs accountable</title>
	<author>Anonymous</author>
	<datestamp>1262092020000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Just make ISPs accountable for what is done with their IP range.</p><p>Then they'll be forced to check their traffic and shut botnet victims away from the outside world.</p><p>Of course, it will make full internet access hugely expensive and impossible to do anonymously, but limited access (surfing and emails) can still be free for the masses.</p><p>The internet is too powerful to not be policed.</p></htmltext>
<tokenext>Just make ISPs accountable for what is done with their IP range.Then they 'll be forced to check their traffic and shut botnet victims away from the outside world.Of course , it will make full internet access hugely expensive and impossible to do anonymously , but limited access ( surfing and emails ) can still be free for the masses.The internet is too powerful to not be policed .</tokentext>
<sentencetext>Just make ISPs accountable for what is done with their IP range.Then they'll be forced to check their traffic and shut botnet victims away from the outside world.Of course, it will make full internet access hugely expensive and impossible to do anonymously, but limited access (surfing and emails) can still be free for the masses.The internet is too powerful to not be policed.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576474</id>
	<title>PR "Stuff" from Fireeye</title>
	<author>Anonymous</author>
	<datestamp>1261999020000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>For some value of "Stuff".</p><p>Yeah.  He succeeded in eradicating the mega-D botnet.  For about 2 weeks anyway.</p><p>From MessageLabs Intelligence: 2009 Annual Security Report "Almost eradicated on 4 November 2009 as the result of community action to disrupt the botnet, spam from Mega-D fell to approximately 1\% of all spam.  Mega-D returned on 13 November using a different collection of bots, sending between 4-5\% of spam."</p></htmltext>
<tokenext>For some value of " Stuff " .Yeah .
He succeeded in eradicating the mega-D botnet .
For about 2 weeks anyway.From MessageLabs Intelligence : 2009 Annual Security Report " Almost eradicated on 4 November 2009 as the result of community action to disrupt the botnet , spam from Mega-D fell to approximately 1 \ % of all spam .
Mega-D returned on 13 November using a different collection of bots , sending between 4-5 \ % of spam .
"</tokentext>
<sentencetext>For some value of "Stuff".Yeah.
He succeeded in eradicating the mega-D botnet.
For about 2 weeks anyway.From MessageLabs Intelligence: 2009 Annual Security Report "Almost eradicated on 4 November 2009 as the result of community action to disrupt the botnet, spam from Mega-D fell to approximately 1\% of all spam.
Mega-D returned on 13 November using a different collection of bots, sending between 4-5\% of spam.
"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30579436</id>
	<title>Spammers</title>
	<author>Anonymous</author>
	<datestamp>1262024820000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Dude...we are all spammers on some level.  Just not always using computers.</p></htmltext>
<tokenext>Dude...we are all spammers on some level .
Just not always using computers .</tokentext>
<sentencetext>Dude...we are all spammers on some level.
Just not always using computers.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576658</id>
	<title>Last week I killed seven with one blow...</title>
	<author>Anonymous</author>
	<datestamp>1262000520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>... ants that is...</p></htmltext>
<tokenext>... ants that is.. .</tokentext>
<sentencetext>... ants that is...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576620</id>
	<title>Wow</title>
	<author>Anonymous</author>
	<datestamp>1262000100000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It sounds like Ghost in the Shell-like tactics. Did he do it manually or from his cyberbrain?</p></htmltext>
<tokenext>It sounds like Ghost in the Shell-like tactics .
Did he do it manually or from his cyberbrain ?</tokentext>
<sentencetext>It sounds like Ghost in the Shell-like tactics.
Did he do it manually or from his cyberbrain?</sentencetext>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30582106
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576474
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577592
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576474
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30578618
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576474
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577130
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576474
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30581802
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576604
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30584084
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576686
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30580550
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576474
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30580080
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576474
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30579190
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577312
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576930
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576604
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577240
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576660
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30579982
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576474
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30578476
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576474
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576572
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576474
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30578242
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576686
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30585018
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576660
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30582136
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576930
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576604
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30580112
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577960
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577040
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576474
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577044
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576686
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_28_1657245_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30579722
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576660
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_28_1657245.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577960
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30580112
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_28_1657245.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576474
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576612
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30578618
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30580080
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577592
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577130
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30582106
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30579982
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30578476
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30580550
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576572
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577040
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_28_1657245.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576660
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30579722
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30585018
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577240
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_28_1657245.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576604
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576930
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577312
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30579190
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30582136
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30581802
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_28_1657245.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576658
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_28_1657245.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576686
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30578242
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30584084
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30577044
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_28_1657245.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_28_1657245.30576550
</commentlist>
</conversation>
