Slashdot Mirror

← Back to Stories (view on slashdot.org)

Botnets Using Ubiquity For Security

Posted by kdawson on from the whack-a-c-and-c dept.

Trailrunner7 sends in this excerpt from Threatpost: "As major botnet operators have moved from top-down C&C infrastructures, like those employed throughout the 1990s and most of the last decade, to more flexible peer-to-peer designs, they also have found it much easier to keep their networks up and running once they're discovered. When an attacker at just one, or at most two, C&C servers was doling out commands to compromised machines, evading detection and keeping the command server online were vitally important. But that's all changed now. With many botnet operators maintaining dozens or sometimes hundreds of C&C servers around the world at any one time, the effect of taking a handful of them offline is negligible, experts say, making takedown operations increasingly complicated and time-consuming. It's security through ubiquity. Security researchers say this change, which has been occurring gradually in the last couple of years, has made life much more difficult for them. ... Researchers in recent months have identified and cleaned hundreds of domains being used by the Gumblar botnet, but that's had little effect on the botnet's overall operation."

5 of 95 comments (clear)

  1. Re:ISP accountability by Anonymous Coward · · Score: 0, Informative

    Letter or telephone call. Or even better just shut off their connection and let them call you.

  2. Re:ISP accountability by FrankieBaby1986 · · Score: 3, Informative

    They do exactly that at my University. Students get disconnected from the network when a bot or worm or rootkit is detected. I'm not sure what methods they use to detect, but when this happens, the user is REQUIRED to bring their computer to the Residential Computing Desk and have it reformatted. (They are allowed to and assisted with make(ing) backups of their personal files.)

    The users are sent an email informing them of the situation, but usually they never get it, and just visit or call the desk when their internet won't work.

    It's always pretty funny (but rare) when a Mac needs to be reformatted, the user is almost always blown away that they can be infected.

    --
    ERROR: SIG NOT FOUND (A)bort, (R)etry, (F)ail?:
  3. Re:DAAA DA DAAA DA DA DAAA DA DA DA DAAA DAAA by Anonymous Coward · · Score: 1, Informative

    My C&C goes down when the other guy builds Mammoth Tanks on the same grid location as his Tesla Coil.

  4. Re:Can we call a spade a Windows machine? by upyourshomo · · Score: 0, Informative

    your comment is pretty much the most retarded thing I've read all day on slashdot. congrats.

  5. Bring back the biff! by Puff_Of_Hot_Air · · Score: 2, Informative

    Years ago, virii held more fear to the average punter as they would literally trash your o/s, data, everything. The thing is, these viruses did far less real damage than the trojans and botnets of today. We need some well meaning black hats to write some old school virii. Viruses that knock those old unpatched boxes right of the web. It's time we brought back the biff!