Over at eWeek, I just read the May 5th issue in which a very interesting situation has developed. For years researches have been trying to deal with the botnet problem, wherein computers are taken over and used for devious spam spewing which makes all of us vulnerable. It was also thought that botnets were an almost unsurmountable problem and that researches were not making any head way, up until now. It appears that one botnet has been reversed engineered and some 400,000 computers around the world have been identified as having been compromised.

One would think that this is great news. Finally one the these nasty bugs has been identified and it would be easy to kill or divert it away from us. This is where the dilemma comes in. Wonder if on of the computer systems controls some type of critical function such as providing life support? What happens if this system is turned off?

The article also states:

Researchers seize control of one of the world’s largest spam-spewing botnets, but there is disagreement about what should happen next.Researchers at TippingPoint Technologies’ Digital Vaccine Laboratories have found a way to infiltrate and seize control of one of the world’s largest spam-spewing botnets, a breakthrough that has ignited an intense debate over the ethics of “cleaning” infected computers.

Cody Pierce and Pedram Amini, two high-profile software security researchers, cracked into the Trojan powering Kraken—a 400,000-strong botnet of infected computers—by reverse-engineering the encryption routines and figuring out the communication structure between the botnet owner and the hijacked computers.

So what do you think should be done?  Should the botnet be destroyed or not?

Comments welcome.

Full article is here.

[tags]botnet, reversed engineered, crush, leave alone, researchers, cracked, trojan, hijacked, computers, mission critical,  [/tags]