Interesting reading fresh out of Tipping Point/DV Labs.

One article detailing an analysis and reverse engineering of a Kraken bot and another explains how the gained knowledge can be used to better infiltrate the Kraken botnet and possibly fight back.

Whilst the analysis article is interesting I must confess parts went over my head. The part that I found most interesting is the ability to gain control of portions of the botnet (4%->14% quoted over a seven day period). This invariably came back to the 'good worm' concept, although as stated by the authors this particular system is reactive rather than proactive, and more controllable.

Question is does this scenario provide a valid, ethical method for the security community to fight back against the rise of botnets? I'm still undecided...

Very good read. Thanks.

It might be noble to fight back by gaining control of portions of the bot net, but my ethical way would be to call the appropriate law enforcement organization.

I know it sounds weak, but as you can see, this is a pretty sophisticated attack and there is likely a lot of financial gain to be made here. It might be analogous to going under cover with the mafia.