On Mon, 23 Jul 2007 11:39:35 EDT, Sean Donelan said:
messages. The irc.foonet.com server clearly sends several cleaning commands used by several well-known, and very old, Bots.
Old and well-known bots. Remember that for a moment, and think "6 month old antivirus signatures" for a bit....
service (can't look for help)? Or should the ISP only disrupt the minimum number of services needed to clean the Bot?
Is there any indication that the commands actually pushed have a *significant* chance of actually wiping any resident bots, or is it "That's an old worn-out magic word" time? It's one thing if 95% of the time, hijacking the connection and pushing command strings actually cleans a bot up. It's another thing entirely if it only works 5 or 10% of the time because most of the bots currently out there are no longer susceptible to that cleaning method.