In the security industry, researchers have often been able to infiltrate botnets. Yet, the next step has always been a big question mark.
Now, defenders may have a new slate of options. The takedown of the Coreflood botnet marks the start of more aggressive stance against botnets, say security experts. Last week, the U.S. Department of Justice obtained a temporary restraining order forcing registrars to reroute requests from infected computers, not to Coreflood's command-and-control servers, but to a substitute server managed by a non-profit group. Under the judge's order, the sinkhole server can issue commands to prevent the bot agents from carrying out normal operations.
The result has been a drop of several orders of magnitude in the activity from the botnet, says Don Jackson, director of threat intelligence for Dell SecureWorks.