Client Login
 Quick Contact
Botwars: the fight against criminal cyber Webs
Category : General 25 May 2010 01:16 AM | Industry News
Security firms have battled botnets for many years, but only in the last 18 months, with takedowns of rogue ISPs (especially McColo), has the security community been more aware of opportunities to disrupt botnets, and grown more confident that this online menace can be successfully fought.
As botnets grow in sophistication and number, there is a danger of them becoming an extension of the hidden world of international and industrial espionage. The authorities in many countries are now concerned that attacks on government and business resources will become the next battleground in cyber warfare. The botnet could become the weapon of choice to disrupt infrastructure, and a lot less expensive - or traceable - than a ballistic missile.
Botnet gangs had made many refinements to their creations in the six months since the McColo take-down. Thus, the organizations behind Cutwail were able to quickly reorganize after losing an important part of their botnet infrastructure. The fact that the technology was now much more flexible and robust allowed them to review the status of the botnet and return to business as usual in just a few days. It was clear that botnets now had a business continuity or disaster recovery plan of their own.
The botnet C&C mechanisms had shifted away from IRC towards HTTP. Instead of receiving instructions from one place, algorithms were built into the bots so they would look for random-looking domain names, which are purchased by the botnet gang each day, and from which the bots receive their commands. This ensures that the botnets aren't so reliant on one ISP.
But as the botnet controllers evolved their tactics, so did the security firms. One botnet in particular had grown significantly in the wake of the McColo take-down; a botnet called Mega-D (aka Ozdok). By November 2009, the algorithms behind the C&C mechanism used to issue the botnet with new instructions were broken by FireEye, a security company that specializes in combating botnets. It was now possible to predict which domain names were to be used by the botnet and to register them in advance of the botnet controllers. It was almost like cracking the Enigma code; and for the first time it was possible to know the botnet’s next move and to register these domains faster than the botnet controllers.
Only when technology has caught-up will the criminals realize that they can no longer hide behind the mystique and the antiquated technology we have become accustomed to. As the Internet of today becomes the Internet of yesterday only then can legislation itself become a deterrent.
Although many companies have already tightened their security as a result of increasing attacks, there is still room for improvement beyond reactive security software. The reality is that traditional anti-spam and anti-virus solutions are providing inadequate protection that can and are being easily circumvented by criminals who are one step ahead of contemporary security systems that only combat existing, known threats.