Slashdot Mirror

← Back to Stories (view on slashdot.org)

Searching for Botnet Command & Controls

Posted by ryuzaki0 on from the i-want-them-alive-no-disintegrations dept.

Orange Eater writes "eWeek has a story about a group of high-profile security researchers intensifying the search for the command-and-control infrastructure used to power botnets for malicious use. The idea is to open up a new reporting mechanism for ISPs and IT administrators to report botnet activity." From the article: "Operating under the theory that if you kill the head, the body will follow, a group of high-profile security researchers is ramping up efforts to find and disable the command-and-control infrastructure that powers millions of zombie drone machines, or bots, hijacked by malicious hackers."

3 of 114 comments (clear)

  1. This'll surely stop them, or not. by LordOfTheNoobs · · Score: 5, Insightful

    As soon as they start tracking down the web controlled and irc controlled nets, they'll move to gnutella style distributed control systems and i2p style networks of bots. Good luck tracking one of those to it's source. Onion routing anyone?

    --
    They're there affecting their effect.
  2. Re:What I don't understand by qwijibo · · Score: 4, Insightful

    They don't do it because they don't have to. The goal is to maintain control over a large number of machines. Currently, the barrier to entry in this market is pretty low. If many of the control nodes are taken out, the botnet operators will change their methods to be more resilient.

    Botnets are about numbers of machines. Destroying a node (ie, formatting the hard drive) lowers the number of machines. As long as the rate of compromise is greater than the rate of attrition, the botnet will continue to grow and that is good. In this case, doing harm to users is bad business for the botnet operators. Anyway, setting up the botnet as a series of cells means that any cell being compromised has a limited impact.

    I don't assume that computer criminals are dumb. A single felony conviction for youthful stupidity can prevent an otherwise talented technical person from getting any job in many large companies. Organized crime doesn't discriminate against these people and can pay pretty well. There are a lot of security experts who are in their roles today because they never got caught and prosecuted for some of the things they did in the past.

    I first heard of the idea of using spam as a communication medium 3-4 years ago. I wouldn't be surprised if this is already being done. There's so much spam that finding a signal in all that noise would be difficult. Unless you knew exactly what you were looking for, you wouldn't be likely to find it.

  3. Worst, it wouldn't help a bit by Opportunist · · Score: 4, Insightful

    So far, any reaction from the "good" guys of the net caused a reaction from the "bad" guys. You turn something off? Ok. Next!

    Turn IRC off and they'll do it via usenet and have the bot read a certain (not too spammy) group religiously for his master's voice.

    When you turn that off, they'll find another way. There are so many communication tools out there, so many protocols, from MSN to Skype, and they all can and will be abused to keep the botbrain in tough with his zombies.

    Futile. The only chance is to cut the machines from the 'net that contain those trojans.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.