Slashdot Mirror

← Back to Stories (view on slashdot.org)

What a Botnet Looks Like

Posted by timothy on from the when-jerks-are-smart dept.

Esther Schindler writes "CSO has an annotated, zoomable map of real botnet topologies showing the interconnections between the compromised computers and the command-and-control systems that direct them. The map is based on work by security researcher David Voreland; it has interactive controls so you can zoom in and explore botnets' inner workings. Hackers use botnets for spamming, DDoS attacks and identity theft. One recent example is the Storm botnet, which may have comprised 1 million or more zombie systems at its peak. As with any networking challenge, there are good (resilient) designs and some not-so-good ones. In some cases the topology may be indicative of a particular botnet's purpose, or of a herder on the run."

28 of 122 comments (clear)

  1. Flash site, very funny. by inTheLoo · · Score: 5, Funny

    To get a good look at a botnet they say, "You need to upgrade your Flash Player". How true!

    --
    No calls now, I'm ...
    1. Re:Flash site, very funny. by Bryansix · · Score: 4, Funny

      They say you can get a good look at a botnet by upgrading your flash player but I'd rather take your word for it.

  2. What a Botnet Looks Like by sm62704 · · Score: 5, Funny

    here's a photo of a botnet. Ok, it's a small botnet but if the botnet was a semi you wouldn't see the computers, now would you?

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
  3. Thanks for posting... by Thelasko · · Score: 3, Funny

    all of the IP addresses. Can I get that in a text format? I want to add them to my hosts file.

    --
    One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
    1. Re:Thanks for posting... by multipartmixed · · Score: 5, Insightful

      I don't think you'd want to do that.

      My current RBL has about 6.5 million entries, and is extremely permissive. It is also updated bi-hourly.

      I sure wouldn't want my machine to traverse a hosts table of 7 million hosts every time I tried to look up a name in the DNS.

      Same for your firewall, 7 million entries will cripple iptables. Hell, 30,000 entries causes visible slowness on a dual-core opteron system.

      Of course, you might get better performance out of iptables with the ipsets kernel patch. But that's still a damned big list.

      --

      Do daemons dream of electric sleep()?
    2. Re:Thanks for posting... by apt-get+moo · · Score: 2, Funny

      I heard 192.168.1.1 is among...

      --
      ...."Have you mooed today?"...
  4. reminds of the sexual partners mapping... by Anonymous Coward · · Score: 5, Interesting

    http://www.artsci.washington.edu/news/Autumn05/largermap_sexualnetworks.htm

  5. Ob. XKCD reference by DrYak · · Score: 5, Funny

    Ok, it's a small botnet Randall Munroe's botnet look like that.
    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  6. Wow - I can see my house from here! by jmichaelg · · Score: 2, Interesting

    It would be nice to be able to search my static IP or a range of IPs to see if they are on the map.

  7. Check out the losers by Hoplite3 · · Score: 5, Funny

    There are lots of well constructed stars, where a handful of master nodes control several slaves. Each slave knows two or three masters for redundancy. That's good design, and I expected it.

    But what's hilarious is that there are some ip addresses that are slaves to four or five different botnets. I wonder what the owners of those machines think?

    "Man, the internet sure is slow today!"

    "I need a new computer, this one's all slow."

    "Sweet! Five botnets and counting! I'm part of something! I belong!"

    --
    Use the Firehose to mod down Second Life stories!
    1. Re:Check out the losers by Esther+Schindler · · Score: 5, Insightful

      I do know what those users think, and it's very much like you posited: "My computer has become unusably slow, and I don't know why or how to fix it!" Unfortunately that was followed by, "Aunt Esther, can you tell me what's wrong?"—and thus I spent half a day killing enough of the junk that I could install a firewall, antivirus, etc.

      People like my nephew aren't unwilling to learn. They're just lost when it comes to their computers. And they don't particularly mind being ignorant as long as the equipment works right (or appears to). Just as most of us don't feel the need to understand how a car works in order to drive one.

      Some of us remember the days when we wistfully wanted computers to become easy enough for ordinary people to use them. Alas, we got our wish.

    2. Re:Check out the losers by Volante3192 · · Score: 3, Interesting

      And they don't particularly mind being ignorant as long as the equipment works right (or appears to). Just as most of us don't feel the need to understand how a car works in order to drive one.

      Yes, but people are often more familiar with what a car needs. Regular oil changes, maintenance, gas; they might not know (or care) why the car needs these, but they know that if they don't, the car will fail to work.

      People don't even know that much about computers, about what they shouldn't do, even if they don't know why.

    3. Re:Check out the losers by Esther+Schindler · · Score: 3, Insightful

      Not everyone does understand basic maintenance. You'd be amazed. Plenty of people wait until the car breaks down before they think to get it serviced.

      And they don't like to gain even basic knowledge. In the gas crisis of the late 1970s, my (then-)mother-in-law waited 40 minutes at a gas station before she got to the pump. When she discovered it was self-serve, she drove away, because she didn't know how to use the pump herself. (Yes, obviously all she had to do was ask the person behind her—who'd be motivated to help—but she didn't.)

      Also, even when people take the car in for maintenance, it's something they do out of distrust for the practitioners. That's better than not taking it in, of course, but it's inherently a combative relationship: what's the mechanic gonna tell me I need this time?

      The thing is, few of us want to be experts in every technology we use. We just want it to work.

      None of which excuses ignorance, mind you, but it does explain it.

  8. Oh come on. by willeyhill · · Score: 2, Interesting

    Who modded this "offtopic"? The site requires the latest and greatest flash player to look at a freaking image when everyone knows that Flash has big fat holes in it. They might as well made it IE only.

    1. Re:Oh come on. by nschubach · · Score: 2, Insightful

      Useful
      Not necessarily this post, but if I'm to believe what these folks (willhill, et al.) are telling me, twitter has had some informative posts and if he feels the need to "sockpuppet", mod the puppets, leave the information. Coming into this war fairly fresh, it looks like someone is trying to discredit a logical poster instead of informing people. Stick it in your signature if it's that important to you and contribute to the site so you get modded up instead of spamming.
      --
      Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
    2. Re:Oh come on. by thePowerOfGrayskull · · Score: 2, Insightful

      Dude... seriously, move on. Take a deep breath, and just... move on. In the grand scheme of things, he can have 2351 different IDs- and it would not matter one iota. Why on earth do you let him have so much control over you?

  9. I, for one.. by oodaloop · · Score: 4, Insightful

    ...would like to see more. Was there actually an article there, or was that just a picture? How about something about the methodologies used, a description of the organization of the network, maybe even some metrics like centrality. Something other than a picture, ferchrissakes.

    --
    Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
  10. Re:Anonymous Coward by Anonymous Coward · · Score: 5, Funny

    No, it sucks. I zoomed in to close and saw my IP!

  11. How it looks like? by gmuslera · · Score: 2, Funny

    There are fields, Neo. Endless fields where bot beings are no longer born. Are grown. For the longest time I wouldn't believe it and then I saw the fields with my own eyes...

  12. Ha Ha! by Thelasko · · Score: 2, Funny

    One of the nodes backendportal.info is registered to Horatio Nelson!

    --
    One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
  13. Honeynets seem to be doing their thing by Lucas123 · · Score: 3, Interesting

    If you zoom in, you'll see a lot of the concentration of spiderwebs are around sites like honeynet.cz.

  14. Re: Better way needed by Red+Flayer · · Score: 2, Funny

    can be shut down by shut down by just shutting down computers that don't have secure computers.
    Gee thanks thanks captain obvious captain obvious for your observe your observations.

    Was it just me, or did anyone else imagine parent as speaking in the voice of max headroom?
    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  15. 127.0.0.1 by Anonymous Coward · · Score: 4, Funny

    Wait, 127.0.0.1 is in there. That is my IP address!

  16. How does eNom... by Thelasko · · Score: 2, Funny

    allow people to register with information like:
    Registrant Contact:
    elnopic
    elnopic elnopic (elnopic@elnopic.com)
    +1.2435543
    Fax: +1.5555555555
    123 sdhdsa g
    asdf, AD 34215
    US
    Do they not even try to verify this information?

    --
    One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
    1. Re:How does eNom... by Thelasko · · Score: 2, Interesting

      after further investigation, it appears the above domain was registered by a company called namecheap also known as HostingAnime a company known for hosting al-Qaeda websites.

      Coincidence? I think not!

      --
      One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
  17. Too many bots! by IBBoard · · Score: 2, Funny

    There must be too many bots - I can't even get it to render! All I get is a white page with no nodes and no links :\

    Either that or they've rendered the botnet on a white background in apple white with light grey lines.

    (i.e. it seems to be Slashdotted ;) )

  18. yeah... and by spikedvodka · · Score: 2, Interesting

    And why's this so much news?
    Any self-respecting revolutionary knows that you have a distributed network, so that even if a cell goes down, you can still pass messages.

    Hell... I wish IRC could learn from this, I've had enough of netsplits. By rights only the server that goes offline should be affected if it goes down, it shouldn't split the network into 2 massive sections.

    Yeah the image looks nice, and is all "ooohhhh ahhhh" and lends itself to "Hey... that's me", but really "News"? I think not

    Call me when they have an article as to how they got this information

    -1 "Cynical Bastard"

    --
    I will not give in to the terrorists. I will not become fearful.
  19. Hey.... by losethisurl · · Score: 2, Funny

    That looks alot like the map of our network where I am emplo... oh crap...

    --
    Seriously, is it supposed to look like that?