Use the Fact that Bots are Big Business Against Them

Carl Weinschenk

OK, we get the idea. There are a lot of botnets.


The first named one that got a lot of attention -- like the first named hurricane of the season -- was Storm. Then there was Celebrity and Nugache. It can't be precisely judged when each was born, much like the depressions that start off the coast of Africa long predate a hurricane's recognition by the public.


In any case, there are two names to add to the list, according to Damballa. As reported in Dark Reading and elsewhere, MayDay has the potential to be stronger than Storm. The story says that it already has hit thousands of machines, 96.5 percent of which are in the U.S. (the rest are in China).


This is a sophisticated affair: It arrives as a fake Adobe file, communicates with the PCs it hijacks via two forms of peer-to-peer (P2P) networking, and appears to target specific enterprises, the story says. It also evades anti-virus engines. To make matters worse, Damballa engineers aren't sure how.


The other new name is Mega-D. The security firm Marshal says that the creators of Storm may be behind the new botnet. According to SC Magazine story, Mega-D now accounts for 32 percent of spam. That, the piece quotes Marshal as saying, is 11 percent more than the highpoint reached by Storm last September. The spam is heavy on pharmaceutical products.


The sophistication of these bots, in a strange way, may be good news. Bot herders do R&D, lease portions of their networks, and perform such sophisticated tasks as dispensing updates. This creates questions for law enforcement to explore and possibly exploit: Is there an ownership relation between the botnets? How does this work? Does it provide vulnerabilities to enterprising good guys?


So much about them is miming the legitimate business world, it seems possible that there are botnet M&As. Conversely, competition between rival gangs also could be an avenue into this dark world. Anyone who has seen The Godfather or Donnie Brasco knows that the challenges gangs face from rivals is at least as dangerous -- and perhaps more so -- than from law enforcement. Why should this change when the crooks go online?


Along those lines, it may be best for law enforcement and companies springing up to fight bots to employ a three-pronged strategy. The first two approaches are common: Shore up technological defenses and educate the public about the dangers of clicking on unknown attachments and otherwise putting themselves at risk. The innovative third approach would be to go hard after these folks at the business level. Simply, all those financial transactions and competition must provide some juicy tidbits authorities can latch onto that didn't exist when online criminals were mere thrill seekers and precocious kids. Remember, Al Capone was taken down because he didn't pay income tax, not because of violent crimes he committed.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.