Botnets: 4 Reasons It's Getting Harder to Find and Fight Them

Researchers say vulnerable Web 2.0 applications and peer-to-peer architecture are making it easy for hackers to maintain armies of hijacked computers

By , Senior Editor
Wed, April 15, 2009

CSO

The perpetual proliferation of botnets is hardly surprising when one considers just how easy it is for the bad guys to hijack computers without tipping off the users.

Botnets have long used a variety of configurations, in part to disguise their control mechanisms -- see What a Botnet Looks Like. But as user-friendly but insecure applications continue to become available -- especially social networking programs used by the non-tech-savvy -- hackers have an ever growing number of security holes to choose from. They're also getting smarter about building resilient architectures, according to botnet hunters who have monitored recent activity.

Here are four reasons the botnet fight is getting harder, and what to do about it:

1. Operating below the radar
While much of the attention lately has been on botnet activity related to the Conficker worm (see Conficker Group: Worm 4.6 Million Strong), researchers say some of the largest botnets have largely escaped media attention. And that's how the bad guys like it.

Alex Lanstein, senior security researcher at FireEye Inc., a security vendor based in the San Francisco Bay area, said this is because their overlords don't want to make news and let people know their machines are infected. Cimbot, for example, is a piece of malware that has been used to create a botnet that now accounts for about 15 percent of the world's spam, he said.

Paul Royal, principal researcher at Atlanta-based security vendor Purewire Inc., has found several other examples of botnet herders operating below the radar. In one experiment he participated in, Project ZeroPack, he found that automated obfuscation techniques allow the bad guys to engage in such activities as server-side polymorphism. With malware morphing regularly, traditional antivirus vendors have more trouble keeping up with the right AV signatures. The Waledac botnet has used this method with much success.

Meanwhile, he said, hackers are moving away from the centralized command-and-control botnet structure in favor of a more peer-to-peer-based architecture. This is unfortunate because with the more centralized structure, security researchers at least have one large target to aim at. The P2P approach means more smaller targets that are tougher to aim at, he said.

"Conficker.C, Storm and Waledec have all moved from centralized architecture to peer-to-peer-based architecture," Royal said.

2. Malware can shield itself
Among the problems security researchers have encountered when trying to track and shut down botnets is that the newer worms used to build botnets are using strong cryptography to protect the command-and-control centers, said Paul Kocher, president and chief scientist at Cryptography Research.

Continue Reading

White Papers »
Overcome Top 7 Admin Challenges of Active Directory
As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable, enforceable processes that reduces administrative overhead and enables robust, customizable reporting and auditing capabilities. Brought to you by NetIQ.
Top Solutions and Tools to Prevent Devastating Malware
Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts. This white paper has been brought to you by NetIQ, the leader in solving complex IT challenges.
Insiders Can Ruin Your Company. Take Action.
Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in organizations worldwide. This white paper from NetIQ, discusses key technology solutions that help to prevent and detect insider threats.
X-Ray of the PCI Process-4 Proactive Steps
This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into creating a compliant and secure IT environment. Follow these four proactive steps now before your next audit. Brought to you by NetIQ.
Streamline Compliance and Increase ROI
Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will help your business gain the maximum return on investment possible while aligning your compliance programs.
Has Your Server Infrastructure Kept Pace with End User Demands?
Learn how your answer to this question compares to your peers by taking this quick poll. See how your peers are dealing with the challenge of ensuring a highly capable server infrastructure as technological shifts impact the application server platform.
Webcasts »
Virtualization Success is a Team Effort
As greater numbers of datacenter servers transition from the physical to the virtual world, the components of virtualization success come to the fore. What scores of organizations have discovered is that success is derived from an optimal pairing of the right software platform with the right hardware platform.
Optimizing Networks for the Cloud
Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and enterprise campus network infrastructures for the Cloud, and identify ways to better allocate network resources, reduce operating costs and improve application performance.
Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn about VMware customer, Navicure, and their experiences testing and evaluating the recovery manager, their progress in implementing it in their environment and their advice other customers considering using vCenter.
Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as support considerations
Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and disaster recovery and support considerations.
Virtualizing Microsoft and Oracle on VMware vSphere: Benefits and Best Practices
Virtualizing business-critical applications is an essential step in your journey to the cloud. Microsoft SQL Server, Exchange and SharePoint, and Oracle applications, are often the backbone of business IT. The benefits of virtualizing these applications extend far beyond mere consolidation. Understanding how VMware improves quality of service and agility while reducing costs will help you make the case for taking virtualization to the next level in your company.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Overcome Top 7 Admin Challenges of Active Directory

Top Solutions and Tools to Prevent Devastating Malware

Insiders Can Ruin Your Company. Take Action.

X-Ray of the PCI Process-4 Proactive Steps

Streamline Compliance and Increase ROI

Has Your Server Infrastructure Kept Pace with End User Demands?

Delivering a Greener Data Center

Cloud-Scale Networks Using Open Fabric Architectures

Mobility in the Network: A Phased Technology Approach

Smarter Commerce is redefining value chain visibility

Digital Transformation: Creating New Business Models Where Digital Meets Physical

IBM Synchronizes its Commerce 2.0 Strategy with 'Smarter Commerce' Initiative

Identity Governance: The Business Imperatives

CA Technology Brief: CA Point of View: Content Aware Identity & Access Management

Enterprise Strategy Group: The Case for a New Data-centric DLP White Paper

Data Loss by the Numbers

Data Loss Prevention Solution for Managing E-Discovery

Best Practices in Data Protection - Executive Summary

Business Centric DLP

ESG Lab Validation Report: HP Data Protector & Deduplication Solutions
Sponsored Links

Push the limits of virtualization with HP. Get the tech dossiers and learn how you can put an end to runaway virtual sprawl.

Splunk translates machine data into "aha" moments for IT and the business.

Evolving Your Data Center for the Cloud

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Gain cutting-edge insights at MIT in 2-5 day executive programs.

Converge your infrastructure with HP. Access a valuable case study in the CI Resource Center now.

Redefine Software support with HP

Click to see how Accenture has delivered high performance to clients

Learn how Accenture helps clients become high-performing businesses.

Join the Conversation. Follow Oracle EPM & BI on Twitter Today.

Check Point Trusted by the Global 100

Customized information views & Twitter events at New Fulcrum Point

ShoreTel UC cuts costs like no other. Mobilize your business today.

E-book: Discover Business-Ready Storage Systems For Oracle Environments

Managed Hosting Buyer's Guide - Benefits to key considerations

Discover how integration of operations mgmt and service mgmt enhances productivity.

Converge your infrastructure with HP. Access white papers, case studies, videos and more.

High performance. Delivered. Click to see Accenture's client successes

See how Accenture helps clients perform at the highest levels

Compare risk and TCO in single and multivendor networks on Feb 23.

Connect with global CIOs now at Enterprise CIO Forum

Upcoming Webinar: Managing Cost in the Cloud

Resource Center
buy a link »
Ads by TechWords