[ISN] More Researchers Going On The Offensive To Kill Botnets

From: InfoSec News <alerts_at_private>
Date: Tue, 12 Jan 2010 11:04:24 -0600 (CST)
http://www.darkreading.com/insiderthreat/security/vulnerabilities/showArticle.jhtml?articleID=222300408

By Kelly Jackson Higgins
DarkReading
Jan 11, 2010

Yet another botnet has been shut down as of today as researchers joined 
forces with ISPs to cut communications to the prolific Lethic spamming 
botnet -- a development that illustrates how botnet hunters increasingly 
are going on the offensive to stop cybercriminals, mainly by disrupting 
their valuable bot infrastructures.

For the most part researchers monitor and study botnets with honeypots 
and other more passive methods. Then security vendors come up with 
malware signatures to help their customers scan for these threats. But 
some researchers are turning up the heat on the bad guys' botnet 
infrastructures by taking the lead in killing some botnets: Aside from 
last weekend's takedown by Neustar of Lethic, which is responsible for 
about 10 percent of all spam, FireEye last November helped shut down the 
MegaD botnet. And researchers at the University of California at Santa 
Barbara in May revealed they had taken the offensive strategy one step 
further by infiltrating the Torpig botnet, a bold and controversial move 
that stirred debate about just how far researchers should go to disrupt 
a botnet.

Back in 2008 after two major ISPs halted traffic to malicious hosting 
provider McColo, spam worldwide dropped around 70 percent because McColo 
had been the main home to most botnet command and control (C&C) servers.

But deploying more offensive tactics to stop botnets and bad guys is not 
so straightforward: Researchers walk a fine line as to how far they can 
go legally and ethically, and sometimes taking down a botnet actually 
backfires, either with the bad guys returning the favor with a 
denial-of-service (DoS) attack, or learning how to better evade 
investigators next time. There's the danger that getting inside a botnet 
will just give its operators more tools and insight into how to 
strengthen their operations; botnet operators are notorious for 
reinventing themselves with stealthier botnets and new forms of malware.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Tue Jan 12 2010 - 09:04:24 PST

This archive was generated by hypermail 2.2.0 : Tue Jan 12 2010 - 09:12:44 PST