Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Tracking Emerging 'Darkness' Botnet

Posted by Soulskill on from the new-kid-on-the-block dept.

Trailrunner7 writes "Researchers are tracking a new botnet that has become one of the more active DDoS networks on the Internet since its emergence early last month. The botnet, dubbed 'Darkness,' is being controlled by several domains hosted in Russia and its operators are boasting that it can take down large sites with as few as 1,000 bots. The Darkness botnet is seen as something of a successor to the older Black Energy and Illusion botnets and researchers at the Shadowserver Foundation took a look at the network's operation and found that it is capable of generating large volumes of attack traffic. 'Upon testing, it was observed that the throughput of the attack traffic directed simultaneously at multiple sites was quite impressive,' Shadowserver's analysts wrote in a report on the Darkness botnet. 'It now appears that "Darkness" is overtaking Black Energy as the DDoS bot of choice. There are many ads and offers for DDoS services using "Darkness." It is regularly updated and improved and of this writing is up to version 7. There also appear to be no shortage of buyers looking to add "Darkness" to their botnet arsenal.'"

2 of 85 comments (clear)

  1. Re:Slightly related question by machxor · · Score: 4, Insightful

    My assumption is that someone needing a service like this would use *YOUR* credit card details to pay for it ;-)

  2. Re:Peer-to-peer by KublaiKhan · · Score: 4, Insightful

    Because there are ethical considerations involved.

    Standard research ethics forbids the researchers from interfering with what is being researched. Part of this is to ensure the safety of the researchers: when the coyote's eating the yorkie, there's a very real danger of the researcher getting bitten by a rabid coyote. Likewise, if the researchers take over a botnet, there's a very real danger that their activities could be traced and the Russian Mafia comes and pays them a visit.

    The other part is that the conclusions that they could draw may not be as valid (or completely invalid) if they have interfered. Certainly no respectable peer-reviewed journal would accept the research if it's been tainted like that.

    Also, there's a lot more to be learned by watching it evolve naturally; the researchers may require some time to catch the full context of the setup, whereas if they interfered right away they could lose sight of certain management techniques or whatnot that would otherwise help in the botnets' defeat.

    Finally, the action you propose is actively illegal. Just because it's a crime against another criminal doesn't mean they can't be prosecuted for it.

    --
    In Xanadu did Kubla Khan
    A stately pleasure dome decree