RSA - As Storm Fades, Botnet Fight Goes on

By Robert McMillan

Wed, April 09, 2008 — IDG News Service —

When Owen Walker was arrested for masterminding a massive international network of compromised computers last year, it seemed like a major victory in the war against botnets.

The 18-year-old New Zealander, who pleaded guilty to hacking charges last week, was arrested in the second of a series of actions, called Operation Bot Roast by the U.S. Federal Bureau of Investigation that were touted as major strikes against cyber-crime.

"The operation was an attempt to kind of smoke the botnet underground out," said Matthew Fine, the FBI special agent who worked on the case. "Did we make a dent? That is for you to determine," he told attendees during a panel discussion at the RSA Conference in San Francisco Tuesday.

According to one botnet hunter, not much has changed.

"I'm sorry to report this, but it did not make a dent in my workload," answered fellow panelist Joe Telafici, vice president of Avert operations with McAfee Inc. "The problem today is many orders of magnitude worse than it was."

Telafici believes that unless it becomes more expensive to run a botnet, nothing will change. It's simply too profitable to run these networks, and when someone like Owen Walker is arrested, there's always another criminal ready to take his place.

Some botnets are fading. Helped by better detection on the part of Microsoft's Malicious Software Removal Tool, which ships as part of the Windows operating system, the infamous Storm botnet has shrunk to a fraction of its former size.

On Tuesday, security vendor SecureWorks published a list of the largest botnets that are being used to send spam e-mail messages. Storm barely made the top five.

The largest and fastest-growing network is called Srizbi. With an estimated 315,000 bots, it can send as many as 60 billion messages per day. Last fall it made headlines when it sent out unauthorized spam messages promoting presidential candidate Ron Paul.

Written in part by a contract programmer from the Ukraine, Srizbi thrives using a technique known as social engineering -- it sends out links to malicious files, claiming that they are pornographic videos of celebrities. When the user clicks on the files, they become infected with the malware.

Storm has long thrived on social engineering techniques, too, sending malicious e-mail that is often linked to events in the news or holidays. But it now has only about 85,000 infected machines, and less than half of them are being used to send spam.

The other top spam-spewing botnets are Bobax, also known as Kraken, which has about 185,000 machines; Rustock, with 150,000, and Cutwail: 125,000.

$firstKeyword

Loading...
Security MarketSpace
8 Tactics to Combat Vulnerabilities
This white paper reviews 8 key elements of vulnerability management and provides advice on combating known vs. unknown vulnerabilities. Learn more »
Email and Web Threats Require a Layered Defense
Learn how web threats are changing and how using a layered defense strategy can give you the security you need. Learn more »
Take Fraudsters Out of the Game
Easily identify account-device relationships and get data for in-depth forensic analysis. Learn more »
Mobile Security Landscape
This paper examines the current mobile security landscape, including myths surrounding the risks and threats, and how organizations can establish a solid mobile security strategy. Learn more »
Reducing Energy Costs in Your Data Center
This white paper examines the most common roadblocks to improving data center efficiency. Learn more »
Security convergence equals network security cost savings
Security convergence equals network security cost savings Learn more »
IBM ISS X-Force Threat and Risk Report
Read this Trend and Risk report from IBM® ISS X-Force® to learn statistical information about all aspects of threats that affect Internet security, including software vulnerabilities and public exploitation, malware, spam, phishing, web-based threats, and general cyber criminal activity. Learn more »
 
SPONSORED LINKS
 

Mobile Security: The Essential Ingredient for Today's Enterprise

IDC White Paper: CCM for IT Compliance and Risk Management

Keeping Your Members Safe from Online Scams and Predators

Learn about the growing threat of insider data theft.

Cut Costs & Green Your IT Operations with PC Power Management

White Paper: 4 Customer Service Myths

White Paper: Improve Agility with Operational Responsiveness

White Paper: Legacy Tools: Not Built for the Helpdesk

Taking a Seat at the Executive Table: The Reality of Virtualization

White Paper: Next Generation Remote Infrastructure Management

Seven Design Requirements for Web 2.0 Threat Protection

Generation Remote Infrastructure Management - Changing the Paradigm

Cloud-Based Email Management: Opinion Shifts In Favor

eBook: How Can You Make Your People Productive Anywhere?

Achieving Business Agility with Application Grid

Ready to virtualize tier one applications? Check your virtualization maturity.

Seven Ways ITIL Can Help You in an Economic Downturn

Tips for successful virtualization management.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion

Read the RSA report: Security for Business Innovation

Webcast: Looking to the Cloud for Email and Collaboration Services

64-page prescriptive guide to security, compliance, and IT operations.

Keep your IT expertise up to date. Join the Intel Premier IT Professionals.

A Clear View Toward Virtualization

Virtualization Technology as a Business Solution

White Paper: Managed Security for a Not-So-Secure World

Secure Email and Web-Based Communication from Evolving Attacks

WagerWorks Takes Fraudsters Out of the Game using iovation

White Paper: A Security Blueprint Delivered From within the Network

See how AT&T can help protect your network.

Webcast: Unleashing the Power of Customer Data

White Paper: 5 Best Practices for Smartphone Support

Global Research: CIOs Weigh In On Virtualization

5 Key Virtualization Management Challenges

The Total Economic Impact of Network Security Intrusion Prevention

Join us at the US-Brazil IT-BPO Summit, on November 10th in New York.

Increase UPS efficiency without sacrificing protection.

Learn how advanced forecasting tools can deliver significant business results for global corporations.

Lower IT Costs with Oracle Database 11g Release 2

White Paper: Visibility and the New Normal of Mobile Work

Taking the Service Desk to the Next Level

Learn about The Information Technology Infrastructure Library.

Top Five CIO Challenges

Streamline IT Costs. Boost Performance with WAN Optimization.

Want to know how you can maximize employee productivity?

Build your 1st app FREE with Force.com

TDWI checklist helps define data readiness for analytics. Download report.

A new fleet of PCs with a total ROI in 10 months. Find your ROI.

eZine: A Roadmap to Reducing IT Complexity

Reduce risk, gain agility. See how Progress can help your business.

 
 
RESOURCE CENTER