Slashdot Mirror

← Back to Stories (view on slashdot.org)

What a Botnet Looks Like

Posted by timothy on from the when-jerks-are-smart dept.

Esther Schindler writes "CSO has an annotated, zoomable map of real botnet topologies showing the interconnections between the compromised computers and the command-and-control systems that direct them. The map is based on work by security researcher David Voreland; it has interactive controls so you can zoom in and explore botnets' inner workings. Hackers use botnets for spamming, DDoS attacks and identity theft. One recent example is the Storm botnet, which may have comprised 1 million or more zombie systems at its peak. As with any networking challenge, there are good (resilient) designs and some not-so-good ones. In some cases the topology may be indicative of a particular botnet's purpose, or of a herder on the run."

8 of 122 comments (clear)

  1. Flash site, very funny. by inTheLoo · · Score: 5, Funny

    To get a good look at a botnet they say, "You need to upgrade your Flash Player". How true!

    --
    No calls now, I'm ...
  2. What a Botnet Looks Like by sm62704 · · Score: 5, Funny

    here's a photo of a botnet. Ok, it's a small botnet but if the botnet was a semi you wouldn't see the computers, now would you?

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
  3. reminds of the sexual partners mapping... by Anonymous Coward · · Score: 5, Interesting

    http://www.artsci.washington.edu/news/Autumn05/largermap_sexualnetworks.htm

  4. Ob. XKCD reference by DrYak · · Score: 5, Funny

    Ok, it's a small botnet Randall Munroe's botnet look like that.
    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  5. Check out the losers by Hoplite3 · · Score: 5, Funny

    There are lots of well constructed stars, where a handful of master nodes control several slaves. Each slave knows two or three masters for redundancy. That's good design, and I expected it.

    But what's hilarious is that there are some ip addresses that are slaves to four or five different botnets. I wonder what the owners of those machines think?

    "Man, the internet sure is slow today!"

    "I need a new computer, this one's all slow."

    "Sweet! Five botnets and counting! I'm part of something! I belong!"

    --
    Use the Firehose to mod down Second Life stories!
    1. Re:Check out the losers by Esther+Schindler · · Score: 5, Insightful

      I do know what those users think, and it's very much like you posited: "My computer has become unusably slow, and I don't know why or how to fix it!" Unfortunately that was followed by, "Aunt Esther, can you tell me what's wrong?"—and thus I spent half a day killing enough of the junk that I could install a firewall, antivirus, etc.

      People like my nephew aren't unwilling to learn. They're just lost when it comes to their computers. And they don't particularly mind being ignorant as long as the equipment works right (or appears to). Just as most of us don't feel the need to understand how a car works in order to drive one.

      Some of us remember the days when we wistfully wanted computers to become easy enough for ordinary people to use them. Alas, we got our wish.

  6. Re:Anonymous Coward by Anonymous Coward · · Score: 5, Funny

    No, it sucks. I zoomed in to close and saw my IP!

  7. Re:Thanks for posting... by multipartmixed · · Score: 5, Insightful

    I don't think you'd want to do that.

    My current RBL has about 6.5 million entries, and is extremely permissive. It is also updated bi-hourly.

    I sure wouldn't want my machine to traverse a hosts table of 7 million hosts every time I tried to look up a name in the DNS.

    Same for your firewall, 7 million entries will cripple iptables. Hell, 30,000 entries causes visible slowness on a dual-core opteron system.

    Of course, you might get better performance out of iptables with the ipsets kernel patch. But that's still a damned big list.

    --

    Do daemons dream of electric sleep()?