| SAN FRANCISCO
SAN FRANCISCO Feb 26 A computer security firm
said it had freed tens of thousands of infected PCs from a
"botnet" that forced enslaved machines to send out spam
pharmaceutical ads during a cyber crime-fighting demonstration
to top industry executives on Tuesday.
Tillmann Werner, a senior research scientist with a startup
known as CrowdStrike, attacked the Kelihos botnet on stage in a
rare live demonstration of techniques used to attack cyber crime
He manipulated the messaging system used to control machines
enslaved in the botnet, a term used in the security world to
describe groups of infected computers that are enslaved in large
networks by "herders" who use the machines for tasks including
sending spam and attacking corporate networks.
He instructed machines to stop communicating with the
servers that had enslaved them and start checking in with a new
"command and control" server that he set up to protect the PCs.
For good measure he provided a "black list" of servers
controlled by the Kelihos gang, which essentially blocks those
computers from ever visiting those sites.
As infected machines visited his command and control server,
red dots showed up on a map on a video screen at the front of a
conference room at the RSA security conference in San Francisco,
winning Werner a round of applause for a rare victory in the
fight against cyber crime.
A few hours later, he said that tens of thousands of
infected machines had checked into the server of CrowdStrike,
which this week unveiled products to help businesses fight
sophisticated cyber attacks.
Werner has been using his keyboard to fight cyber crime for
nearly 10 years.
"It's a passion," he said. "I'm interested in botnets that
are technically challenging."
That passion has kept him persevering in his battle with
botnet "herders," or the criminals who control infected
machines, despite constant setbacks.
He previously worked with parties including Microsoft Corp
and Kaspersky Lab on other efforts to shut down Kelihos
and a related botnet known as Waledac, only to see them quickly
"It's an industry," he said. "There is some gang pulling the