First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.
Researchers infiltrate Kraken botnet, could clean it out
- — 01 May, 2008 08:30
But Endler had the last word. In a comment attached to Amini's initial blog post, Endler put it plain. "Cleansing the systems would probably help 99 per cent of the infected user base, it's just the 1 per cent of corner cases that scares me from a corporate liability standpoint," he said.
"That's the other side," Pierce said. "It's not our property, and it's not up to us" to disinfect bot-infected machines. When asked who it was up to, he answered quickly: "I don't know. I wouldn't know the answer to that."
Corporate liability is the stumbling block, he agreed. "I think most people have the same opinion [as Amini and I do]," he said. 'You have to reduce the number of bots out there, whether that's infiltration or by the operating system or at the ISP. Something needs to be done.
"But corporate liability, everybody agrees on that. Cleaning the bots would be opening up a pretty large can of worms."
Most of the TippingPoint blog readers who logged comments took Pierce's side. "Clean them. If you don't, a rival bot net owner will," said one anonymous user.
Others, however, agreed with Endler. "You not only face a moral dilemma, but updating a computer without authorization is illegal in the US," said a user identified as Roan. "I fall on the side of pro-active patching, but there is more than just the moral decision to decide upon before taking action."
In the US, the Computer Fraud and Abuse Act prohibits unauthorized access to others' PCs; also, state anti-spyware laws have been regularly used to prosecute people who have accessed machines without permission.
Pierce has posted a video (Flash file) of the fake Kraken server connecting with, then cleaning, an in-the-lab system infected with the bot.