Sandia Studies Botnets In 1M OS Digital Petri Dish

Ponca City, We love you writes "The NY Times has the story of researchers at Sandia National Laboratories creating what is in effect a vast digital petri dish able to hold one million operating systems at once in an effort to study the behavior of botnets. Sandia scientist Ron Minnich, the inventor of LinuxBIOS, and his colleague Don Rudish have converted a Dell supercomputer to simulate a mini-Internet of one million computers. The researchers say they hope to be able to infect their digital petri dish with a botnet and then gather data on how the system behaves. 'When a forest is on fire you can fly over it, but with a cyber-attack you have no clear idea of what it looks like,' says Minnich. 'It's an extremely difficult task to get a global picture.' The Dell Thunderbird supercomputer, named MegaTux, has 4,480 Intel microprocessors running Linux virtual machines with Wine, making it possible to run 1 million copies of a Windows environment without paying licensing fees to Microsoft. MegaTux is an example of a new kind of computational science, in which computers are used to simulate scientific instruments that were once used in physical world laboratories. In the past, the researchers said, no one has tried to program a computer to simulate more than tens of thousands of operating systems."

First Findings!

[CorporateSuit]

The first thing the researchers noticed is that within 30 minutes, the botnet had sent over 6 billion emails out of newly-registered gmail and hotmail accounts, and continued to send millions more each hour. The researchers say the botnet thrives on pain and misery, and probably shouldn't have been given access to the real internet.

They can't afford an MSDN subscription?

[n0tWorthy]

Then they can run 1 million copies without a subscription.

Re:I've got an easier way

[Ant+P.]

OK, here's seven hundred million lines of source code. Come back when you've solved the halting problem.

But -- how can you infect it?

[Nefarious+Wheel]

My first thought meme was "Yes, but does it run Linux?" ("Megatux". Duh.) Then I thought - hang on, how can you develop a botnet that runs on Linux in the first place? And if you did, how would it reflect the nature of real botnets if those millions of operating systems weren't running NT4 or variants?

Then it got surreal - I imagined all those bots emulating the game of life , with little dots flashing on and off, and little gliders and factories...

Ok, I'll go back to work now.

14 comments so far

[zmollusc]

and nobody yet has imagined a beowulf cluster of these? Standards are slipping!

Wine for viruses?

[Tubal-Cain]

Wine's come a long way in the past 4 years if it can run viruses now!

Re:Is that really a windows environment?

I understand not wanting to buy 1M windows licenses; I am of the persuasion that is not inclined to buy 1 license.

However, the summary seems to claim that Wine == Windows environment. I don't see how they are analogous in this sense. In particular, if you are trying to understand botnet behavior, you need infected botnet systems. Is there a way to make Wine vulnerable to the infections that frequently hit Windows systems?

Yeah, I call bullshit that on too. If you want to study botnet behavior, which includes studying malware and viruses, then it should be a "real" Microsoft OS. I don't think WINE counts.

I am not the biggest fan of ol' M$, but considering how interesting this research is and it's possible positive impact on the greater community (which does benefit Microsoft) you would think they would at least ask Microsoft for some licenses gratis.

Microsoft would probably be reasonable, if just for the good PR, which they sorely and always need.

True... But if they did use *real* windows instead of Wine, then the supercomputer could only virtualise a few hundred copies of Windows XP running simultaneously, or 2-3 copies if it's Vista. :E

Re:WINE

[monopole]

I hope Microsoft issues a statement that only Genuine Windows software can fully support viruses and malware in an effective fashion.

Re:Is that really a windows environment?

[CarpetShark]

I would assume (ass + u + me)...

ASL?

Re:WINE

[Eighty7]

In other news, Miguel de Icaza said that he believes botnet support is a good idea. Linux should support malware because Microsoft is going to win anyway, so linux would better be prepared if it doesn't want to be locked out of the future markets, and presented a beta version of the software. Members of the Mono project are participating in the standarization.

Old News...

[davevr]

There is already a system running somewhere around 420 million windows machines in a semi-private walled-off version of the internet, with no license fees paid to Microsoft, hosting several botnets and just about every virus under the sun.

It is called "China".

Re:Is that really a windows environment?

[Antique+Geekmeister]

Lease time on one of the larger botnets?

It's "The Matrix"

[Michael+Woodhams]

for bots. Poor little things think they're in the real world.

Dell Makes Supercomputers...

[longacre]

And in related news, Hummer will join the Formula 1 circuit next season.

Re:I've got an easier way

[AliasMarlowe]

OK, here's seven hundred million lines of source code. Come back when you've solved the halting problem.

Power switch. Halts that sucker every time.