Limelight kills botnets better than cops do

Limelight kills botnets better than cops do

Summary: Botnet operators have become public enemy number-one as consumers, businesses and governments fall foul to identity theft, DDoS attacks and spam. Yet no one appears to be able to stop the spread of bots -- except maybe the media.


Botnet operators have become public enemy number-one as consumers, businesses and governments fall foul to identity theft, DDoS attacks and spam. Yet no one appears to be able to stop the spread of bots -- except maybe the media.

After a year in the limelight, it appears the operators behind the Storm worm botnet have shut-up shop or are laying low. Well, for now at least.

At the height of its rein, Storm was the top spammer in the world, responsible for around 21 percent of all spam. As 70 percent of all spam is generated by botnets, this is pretty good reach when you consider that as many as five million machines were under its control. But they were the good old days for Storm. Now, according to Bradley Anstis of Marshal security, Storm accounts for just two percent of the spam the company captures.

So what has caused this? Why has Storm become a shell of its old self? Was it AV vendors improving their software to stop the spread of malware used to harvest bots? Was it the police cracking down on botnet operators that has caused Storm's owners to duck for cover? Did the ISPs suddenly decide to protect us with clean pipes? Or was it you, reader, creating a groundswell of interest in the botnet operator's activities that caused them to shrivel?

Normally users get the blame for the spread of botnets. You're either unpatched or not using the adequate security measures to protect your system, a security vendor will say. Bruce Schneier, on the other hand blames security vendors for over-promising and under-delivering.

Others blame ISPs for not providing clean pipes and allowing botnets to flourish unfettered. ISPs however seem only interested in protecting themselves through such initiatives as Arbor Network's Fingerprint Sharing Alliance. These help mitigate against the risk of a denial of service attack, such as that inflicted on NAB in 2006, but this only frustrates one aspect of a botnet operation -- DDoS -- leaving the rest of the world with spam and more malware.

Telcos, like ISPs, won't take responsibility for bots, but they will sell discounted antivirus software to customers. And your bank will sell you discounted AV software even if you're not a customer!

But while these initiatives may be worthy in their own right, they are one-dimensional responses in contrast to the effect of media coverage. During various conversations with security experts and analysts, the one thing I hear about botnet operators is that they don't want to be seen -- enter the media with spotlight.

A good analogy of a botnet operator's relationship to the world was given to me by IBRS security analyst, James Turner. He said: "Snipers hate the spotlight; they only work if you can't see them and you don't know where they are. The minute their position is revealed, they become ineffective."

Of course, this doesn't mean that a botnet will stay down forever. Its operators may go into hiding but recent Valentine's Day spam activity, which the FBI suspects is the work of the Storm gang, shows that a botnet is always ready to rear its head again. And with new botnets such as Mega-D on the rise there's no time to rest.

The battle continues and I hope my coverage of this goes some way to forcing this scourge of the Web off the face of the planet.

Topics: Collaboration, Banking, Operating Systems, Security, Telcos

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Botnets

    Someone in another discussion said that it will take a major loss-of-life catastrophe caused by botnets to make the authorities sit up and take notice .... and actually DO something about them. I agree. Until then, criminal spammers will continue to destroy e-mail as the most useful form of communication yet created, and our important e-mails will keep getting snared by over-active spam filters. Not to mention our in-boxes being clogged with pen!is spam, as they have been since before the start of this century.
  • ISP's don't care

    If the major ISP's like the infamous US Comcast and Roadrunner (aka Spamcast and Spamrunner) would simply block port 25 outgoing, the gazillions of spam that their botnets send daily would stop. Heck even Telstra does that.

    They spend millions on technology to protect themselves from a plague whilst doing nothing to stop spreading it.