Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hunting for Botnet Command and Controls

Posted by Zonk on from the owning-the-punkz dept.

Uky writes "Convinced that the recent upswing in virus and Trojan attacks is directly linked to the creation of botnets for nefarious purposes, a group of high-profile security researchers is fighting back, vigilante-style. The objective of the group, which operates on closed, invite-only mailing lists, is to pinpoint and ultimately disable the C&C (command-and-control) infrastructure that sends instructions to millions of zombie drone machines hijacked by malicious hackers." From the article: "Using data from IP flows passing through routers and reverse-engineering tools to peek under the hood of new Trojans, Thompson said the researchers are able to figure out how the botnet owner sends instructions to the compromised machines."

4 of 228 comments (clear)

  1. pessimistic by moz25 · · Score: 4, Insightful

    So is this news something to be pessimistic about or what? As I understand it, without vigilantes botnets would be even more "unstoppable" than they are now. It's cool that they're mitigating it, but it really comes down to getting some cooperation going on multiple levels... starting with the ISPs acting more against outgoing malicious traffic for a start.

    --
    see a Text Widget
  2. Re:Violation of My Privacy? by TCM · · Score: 5, Insightful

    When the security "experts" are busy looking at all the data passing through routers, who is busy ensuring that the "experts" will not violate my privacy by reading the personal but sensitive e-mail notes that I send to my friends and associates?

    You, by encrypting them.

    --
    Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
  3. Shutting down botnets is a pointless effort.. by Alascom · · Score: 4, Insightful

    The problem isn't botnets, the problem is people and systems. The only reason botnets exist is due to the fact that current software is engineered without much thought toward security, and vendor supplied patches are not applied. Shutting down a botnet is at most only minimally worth the effort as the hosts are still vulnerable to be aquired by the next virus that comes around.

    The only solution is secure software engineering and prompt, reliable patching.

  4. Re:Violation of My Privacy? by justforaday · · Score: 5, Insightful

    Does it come as a surprise to you that people that have access to routers can sniff your packets?

    --
    I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.