An Industry Sector Aimed at Fighting Botnets Emerges

Carl Weinschenk

The intense concern -- some would call it fear -- engendered by botnets in general and the Storm botnet in particular is giving rise to a security sector expressly aimed at this threat.


Botnets are armies of computers that are taken over by criminals called bot herders. They are used to do a number of things, none of which are good. Botnets are insidious precisely because they don't do any one thing. Instead, they control huge groups of Hessian computer troops that distribute viruses, send spam, launch denial-of-service attacks and recruit new members, among other things.


Botnet capacity can be leased and rented to customers, who often are in organized crime. This Internet cancer spreads rapidly. Fear grows because nobody knows precisely how bad the problem is. On top of all this, botnets are becoming increasingly sophisticated.


This makes the news that companies are springing up to confront the problem welcome. InfoWorld looks at two of them, FireEye and Damballa. Whether such companies remain independent or are acquired by established multipurpose vendors such as Symantec and McAfee remains to be seen. A third option is that anti-botnet software will become part of network-access control devices that serve as gatekeepers to end-point devices asking for network access. Indeed, there is no reason that all three paths may not be taken.


The main news in this Computerworld story -- that Storm switched from Christmas to New Year's greetings in the subject lines late on Christmas Day -- is out of date. The important takeaway, however, is the sense that Storm is run with tremendous flexibility, discipline and savvy. The piece says two variants of the Christmas message were detected. A Prevx executive said that 166 packagings of the first were seen in 10 hours. Symantec said Storm also is using fast-flux Domain Name Server (DNS) tactics. This is a process of registering and re-registering addresses for a DNS server or entire zone, the story says. Both techniques are aimed at avoiding detection.


Another sophisticated technique -- and another piece of evidence that IT executives' fear is justified -- used by Storm is described by eWEEK . Storm, the story says, is not disabling antivirus products. Instead, researchers from Sophos and IBM's Internet Security Systems say, it is automatically patching the system. Thus, the antivirus software finds that the system is secure and Storm and the malware it brings are free to do their dirty work.


It's not going to get any better. Storm is only the most notable of many botnets. Recently, another large botnet called Celebrity -- so named because it tends to use famous people's names in the subject line -- was uncovered.


It's good to know there is an active industry segment fighting botnets. The major generic security companies do a good job. But it's repeatedly been proven that real innovation comes from people who think about one thing 24/7. And, judging from news reports, botnets clearly are a problem that deserve that kind of attention.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.