[funsec] So, did the BBC cross the line?
AlexE at sunbelt-software.com
Sat Mar 14 17:23:59 CDT 2009
>* Alex Eckelberry:
>> But malware researchers routinely deal with botnets for analysis
>> purposes. It would be considered a high crime indeed to allow a
>> to actually send spam to the outside world, even for "testing"
>I think you've missed the peer-reviewed paper for an ACM conference
>where the researchers did exactly that. It's probably not even an
>obscure group, I recognized the name of one of the coauthors (and I
>usually can't remember names). 8-/
Yes, I missed it. Not sure if the point you're making is to exonerate
the BBC or counter my argument. But I'd love to see the document.
At any rate, I think everyone agrees that it's unethical to play with a
live botnet to send spam, even for research purposes (meaning, you're
directing a user's computer to do something without their knowledge and
assent, which is fundamentally a bad thing).
OTH, we've installed spam zombies on machines here in closed networks
for the purpose of analyzing their behavior to design mitigation
strategies. The self-generated spam doesn't go anywhere but to another
machine in our network. If that's the case with the ACM paper, I don't
see anything wrong with that at all.
More information about the funsec