Botnets Using Ubiquity For Security

← Back to Stories (view on slashdot.org)

Botnets Using Ubiquity For Security

Posted by kdawson on Monday June 7, 2010 @03:28PM from the whack-a-c-and-c dept.

Trailrunner7 sends in this excerpt from Threatpost: "As major botnet operators have moved from top-down C&C infrastructures, like those employed throughout the 1990s and most of the last decade, to more flexible peer-to-peer designs, they also have found it much easier to keep their networks up and running once they're discovered. When an attacker at just one, or at most two, C&C servers was doling out commands to compromised machines, evading detection and keeping the command server online were vitally important. But that's all changed now. With many botnet operators maintaining dozens or sometimes hundreds of C&C servers around the world at any one time, the effect of taking a handful of them offline is negligible, experts say, making takedown operations increasingly complicated and time-consuming. It's security through ubiquity. Security researchers say this change, which has been occurring gradually in the last couple of years, has made life much more difficult for them. ... Researchers in recent months have identified and cleaned hundreds of domains being used by the Gumblar botnet, but that's had little effect on the botnet's overall operation."

3 of 95 comments (clear)

Min score:

Reason:

Sort:

They seem to throttle their "attacks" as well. by RobertSeattle · 2010-06-07 15:55 · Score: 5, Interesting

My small 16 person company gets an average of 300K Directory Harvesting emails a day - everyday - day in day out. All I have to say is I appreciate the jerks running the botnets for not killing my domain with 30 Million of these a day. They throttle their crap to a certain level somehow so they are annoying but not crippling. Gee, thanks, I guess.
1. Re:They seem to throttle their "attacks" as well. by noz · 2010-06-07 16:34 · Score: 4, Insightful
  
  There's no point sending any spam, if not your estimated 30 million messages, only to collapse the server and not relay the messages to the recipients.
  The botnet operators probably think of this as an optimization problem and not good manners.
Re:ISP accountability by girlintraining · 2010-06-07 16:19 · Score: 5, Insightful

It seems to me there is an accountability gap for ISPs. Those providing network connections are not held accountable for machines on their network.
And the moment they do that, they'll be expected to police for other illegal or immoral activity, like video and music downloading, content monitoring, deep packet inspection, and more. The operating costs go up as well, making them less competitive compared to other ISPs that do not monitor their customer's habits.
No, security needs to be managed by the owner of the machine. The ISP only has the responsibility to ensure that the customer has reasonable access through its networks, and perhaps a measure of QoS filtering/rate limiting/etc., to manage a shared (and limited) resource. Unless the bot is commanding the machine to use lots of network resources, its impact to other users is negligible from the ISPs perspective.

--
#fuckbeta #iamslashdot #dicemustdie