In the World of Botnets, Three Isn't a Charm

Carl Weinschenk

Bad things happen in threes. First there was the Storm botnet, then Celebrity and now -- according to -- Nugache.


That order of appearance may not be entirely accurate, however. Nugache may predate Storm, according to Secure Computing. The firm says Nugache has gotten a makeover and now is using many of the innovations developed by Storm, such as encryption, frequent mutation and the use of a peer-to-peer (P2P) structure that eliminates any command-and-control hub that security forces could target. The piece says Nugache may even be bigger than Storm, which researchers say has downsized a bit.


Debates over the relative size of the botnets is a good example of the confusion that surrounds these nebulous, but exceedingly dangerous, entities. The mystery of botnets is reinforced by the lack of information about them. While the story says Storm is shrinking, this Security Pro News piece says that infections attributable to it increased 200 percent between Christmas and New Year's. The assessment was made from data collected by a German honeypot, a computer system set up to attract and ultimately combat hackers.


Indeed, Storm may be both shrinking and growing. The growth, of course, is due to its continual efforts to trick computer owners and add new members. The shrinkage may be cosmetic. This post says that researchers at F-Secure have noted Storm variants using unique security keys, suggesting that phishers are leasing capacity from Storm.


Botnets are so mysterious that it seems strange when an individual responsible is revealed. It happens, however. In November, 2007, a 26-year-old Los Angeles man by the name of John Schiefer agreed to plead guilty to compromising 250,000 computers. Specifically, he was charged with disclosing illegally intercepted electronic communications to conduct fraud, wire fraud and bank fraud. The charges carry a potential prison term of 60 years and $1.75 million in fines, the story said. Earlier this month, however, the plea hearing was canceled amid signs that he and his legal team were at odds and that he had second thoughts about the plea agreement.


This is no time for security forces in the United States to let their guard down. Indeed, as the presidential race heats up, 2008 could prove to be an interesting year. InfoWorld reports that political activists increasingly are using botnets to carry out illicit attacks. The first and still greatest example occurred last April, when governmental and corporate sites in Estonia were brought down by distributed denial of service (DDoS) botnet-based attacks launched by groups angry about the move of a World War II monument.


The story says attacks appear to have been launched against political figures and parties in Ukraine and Russia. The latter was aimed at political parties controlled by former chess champion Garry Kasparov. The botnets used in the attacks resemble those used in attacks against anti-spam organizations such as Spamhaus and CastleCops.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.