Declaring war on botnets

Declaring war on botnets

Summary: Internet security has never been worse. Is this a war we can win, or are Internet crimes destined to be a bigger and bigger part of all our futures?

TOPICS: Malware

This morning's New York Times carried a John Markoff article on the growing threat of zombie networks. Internet crimes are on the increase and botnets, large networks of computers that have been compromised by hackers and turned to the hackers purposes are increasingly the tool of choice. The article quotes Gadi Evon:

"It's the perfect crime, both low-risk and high-profit. The war to make the Internet safe was lost long ago, and we need to figure out what to do now."

The article also quotes David Dagon, a researcher at the Georgia Institute of Technology saying "that botnet programs are present on about 11 percent of the more than 650 million computers attached to the Internet." ShadowServer estimates that over 400,000 machines on the Internet are infected.

Botnet programs are used for Spam--all those graphic images touting the next big thing in penny stocks are the result of botnets--as well as other illegal activities. What's more, the architecture of the software running on many of the botnets is such that they can be repurposed like any general purpose computer. At least one designer of these systems is brazen, actively participating in technical discussion groups:

The extent of the botnet threat was underscored in recent months by the emergence of a version of the stealthy program that adds computers to the botnet. The recent version of the program, which security researchers are calling "rustock," infected several hundred thousand Internet-connected computers and then began generating vast quantities of spam e-mail messages as part of a "pump and dump" stock scheme.

The author of the program, who is active on Internet technical discussion groups and claims to live in Zimbabwe, has found a way to hide the infecting agent in such a way that it leaves none of the traditional digital fingerprints that have been used to detect such programs.

The article gives little hope that the problem will be solved any time soon and few clues about what can be done to combat it. All kinds of experts were quoted, but no one offers any advice. In fact, the consensus of the people quoted seems to one of hopelessness.

Is it hopeless? What do you think can be done to solve the problem? Cast your vote below or leave a comment.

[poll id=36]

Topic: Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Linux kills Botnets - easy solution

    It really is as simple as getting a good percentage of people to install Linux - it's immune to most all viruses and malware. Computer newbies especially should be starting with Linux, as it's newbies who create the most Windows botnet machines due to their lack of experience. Linux is so bullet-proof (or at least bullet-resistant) that the only threat remaining to newbies would be phishing sites. I would recommend Dreamlinux 2.2 - just released - which is cool and sexy, quite Mac-like, and very fast and clean.
    Don Collins
    • Hmm, Mac-like?

      It strikes me yet again that we describe this new Linux distro's interface as being "cool" and qualify that by indicating it has "Mac-like" qualities.

      Yet the suggestion never even comes up that we could just USE A REAL MACINTOSH. It doesn't get any more mac-like than that...

      Linux can be a very good platform in many cases, and certainly has its place (well, it *should* have more of the market than it actually does right now), but Mac OS X is by far superior for new computer users, along with the vast majority of everyone else.

      And the market it certainly not limited to these three platforms... Solaris is an excellent UNIX platform for many purposes, and continues to improve, with the addition of features like ZFS and Containers in recent releases. Much like Linux, it can now be obtained for free, and there is a release that will run on most modern x86-based platforms (the most common platform for Linux, I suspect?) The various BSD platforms (FreeBSD, NetBSD, OpenBSD) are ideal for many server environments. The list continues...
  • Macs are nice but too expensive

    Of course it [i]would[/i] be better if people used Macs rather than Windows, but Macs are so expensive that few ordinary people can afford them. The Linux solution can be much more quickly implemented, as vast quantities of PCs (including many old and slow boxes) can have Linux successfully installed. I do like Macs, as they are in the Linux OS family (or vice versa), but your wallet will get damaged if you take that road.
    Don Collins
  • Linux and Macs are not immune...

    There are just two few of them for the malware writers to worry about them. Get 20 million Linux machines connected to the internet and you will see the same kind of malware being written for them that is currently being written for Windows machines.
    Beat a Dead Horse
    • The Linux doesn't work like Windows

      That's the classic comment from someone who is not familiar with the workings of the Linux OS. Linux has a very sophisticated file permissions system, far in advance of Windows. That system, plus the fact that nobody sane ever runs Linux as root, means that you simply can't compare the two OSs in that way. Ask a Linux guru, and they will tell you that on a fundamental level writing Linux malware is several orders of magnitude more difficult than writing Windows malware.

      Test Linux for yourself - have a play with it, and you'll begin to see what I mean. You can run a Live CD on your PC with many distros now - so you can examine the OS without changing [i]anything[/i] aleady installed on your HDD. I respect your views and understand why you say that, but please have a play with Linux - your view may very well shift...
      Don Collins
  • The war on botnets holds no resolution

    The days of service pack1 when NetBios and DCOM were being exploited daily by malicious drones, a cracker could gather thousands of infected pcs in little time. While many holes have been fixed, thus making it a little harder for hackers to break in. There are still other exploits that should be taken into account. Creating a huge botnet today would not rely on hitting up thousands of machines in a single week. Rather, it would rely on the trojan being very undetectable, so that the 20 or 30 pcs a day it hits, are sure to never find it. I also believe that the future of botnets are going to be web based. IRC bots are falling by the waste side, making way for bots that retrieve commands off webservers. Since it is port 80, it wouldn't be as simple for honeypot pcs to sniff out. And blocking port 80 is ALWAYS out of the question. The only safe computer is the one not connected to the internet. Hackers will continue to find more elaborate ways to break in, and whitehats will continue to tighten up. And the whirlygig keeps going.