22 Mar
2005
22 Mar
'05
2:25 p.m.
* Colin Johnston:
The better idea would be fingerprint the spam to match the bot used to match the exploit used to run the bot to then reverse exploit back to the exploited machine patching in the process.
Doesn't work reliably. A lot of bots close the attack vector they used, to prevent infection by just another bot. There's also a lot of cross-infection behind packet filters, which stop the same attack from the Internet.