http://www.darkreading.com/insiderthreat/security/vulnerabilities/showArticle.jhtml?articleID=222300408 By Kelly Jackson Higgins DarkReading Jan 11, 2010 Yet another botnet has been shut down as of today as researchers joined forces with ISPs to cut communications to the prolific Lethic spamming botnet -- a development that illustrates how botnet hunters increasingly are going on the offensive to stop cybercriminals, mainly by disrupting their valuable bot infrastructures. For the most part researchers monitor and study botnets with honeypots and other more passive methods. Then security vendors come up with malware signatures to help their customers scan for these threats. But some researchers are turning up the heat on the bad guys' botnet infrastructures by taking the lead in killing some botnets: Aside from last weekend's takedown by Neustar of Lethic, which is responsible for about 10 percent of all spam, FireEye last November helped shut down the MegaD botnet. And researchers at the University of California at Santa Barbara in May revealed they had taken the offensive strategy one step further by infiltrating the Torpig botnet, a bold and controversial move that stirred debate about just how far researchers should go to disrupt a botnet. Back in 2008 after two major ISPs halted traffic to malicious hosting provider McColo, spam worldwide dropped around 70 percent because McColo had been the main home to most botnet command and control (C&C) servers. But deploying more offensive tactics to stop botnets and bad guys is not so straightforward: Researchers walk a fine line as to how far they can go legally and ethically, and sometimes taking down a botnet actually backfires, either with the bad guys returning the favor with a denial-of-service (DoS) attack, or learning how to better evade investigators next time. There's the danger that getting inside a botnet will just give its operators more tools and insight into how to strengthen their operations; botnet operators are notorious for reinventing themselves with stealthier botnets and new forms of malware. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Tue Jan 12 2010 - 09:04:24 PST
This archive was generated by hypermail 2.2.0 : Tue Jan 12 2010 - 09:12:44 PST