Operation Ghost Click

Rich Kulawiec rsk at gsp.org
Tue May 1 14:40:57 UTC 2012

On Tue, May 01, 2012 at 12:26:20PM +0000, Livingood, Jason wrote:
> At Comcast we have done the following:
> - Sent emails
> - Send postal mail
> - Left voicemail
> - Used automated outbound calling
> - Used increasingly persistent web browser notifications

This is a reply to you, but it's intended to be directed at everyone
who runs a consumer network, since zombies are everywhere.

Why haven't you cut these obviously-infected systems off entirely?
They no longer belong to their putative owners in any meaningful sense:
oh, they might be in their homes, sitting on their desktops, but they're
owned, operationally, by parties unknown -- botmasters and anyone that
they're renting them out to.  The only use your customers are making of
them is that which they are *permitted* to do by the largesse of their
new owners, who of course find it convenient to maintain the illusion
because it encourages the former owners to keep them switched on and
plugged into your network.

(And given that your customer is not using their own system any more,
there's no reason to believe that its new owners will permit them to see
any email you send or any web browser notifications you emit.  I'm sure if
these become prevalent, not just at Comcast but among other major ISPs,
the botmasters will pay someone to do the coding necessary to suppress
them, and then propagate that code to all their bots.)

This isn't to say that what you're doing isn't well-intentioned: it is.
And it's a lot more than many others are doing.  But if it was going to
work, it would have worked by now.


More information about the NANOG mailing list