Free Newsletter
HOT TOPICS >> The tech world's top flops and fiascos of 2011 | Top 8 features in Windows 8 | Paul's Q&As
INDUSTRY >> Healthcare IT | Government IT | Financial Services IT | Biotech IT | Compliance IT
Botnets won't be going away anytime soon
This week comes news of how members of the FireEye security team put together an operation that crippled a major botnet known as Mega-D. The move saw spam levels from this botnet dramatically reduced; you can read the full details of what FireEye did here.
I've independently received news from MessageLabs Intelligence showing how the 'market share' coming from Mega-D has dipped to lower than 0.1 percent since the November 5th, the day action was taken against it. This is impressive, for the Mega-D botnet peaked at 11.8 percent of all spam sent in the preceding week alone.
Before you pop the champagne though, Mathew Nisbet, Malware Data Analyst at MessageLabs Intelligence, wrote in a blog entry that "it is unlikely that the botnet will ever be completely wiped out, but the efforts of the FireEye team have crippled Mega-D to the point where it will be a long time [if indeed, ever] before it is able to regain its former standing."
What Nisbet is trying to say here is that while Mega-D is now unlikely to top the charts for spam, that doesn't mean that it's out of action. After all, the zombie computers powering Mega-D are still very much in action, if temporarily incapacitated by the lack of new orders flowing in.
There is another reason why botnets will not be going away anytime soon. You see, the action taken by the FireEye team involves preemptively registering domains that the botnet is due to check for new instructions. In other words, it is a fairly low-tech solution in which the list of dynamically generated domain names are reverse engineered from inspecting infected computers.
Now, while it is true that the current generation of botnets has evolved substantially over the years, there remain a large number of ways with which to improve them. For one, the principles of PKI could be leveraged to 'authenticate' domains setup by the spammers from the dummy ones put in place by security researchers. Think of it as your Windows Product Key, but implemented in reverse.
In fact, there are probably many other methods that the spammers, even now, are working on. Personally, I think that the only certainty we can conclude here is that botnets won't be going away anytime soon. - Paul Mah
SHARE WITH:
Home
| Subscribe | Advertise | RSS |
Privacy
| Site Map
| EditorsTHE FIERCEMARKETS NETWORKFierceEnergy | FierceSmartGrid | FierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceEMR | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceGovernment | FierceHomelandSecurity | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceEnterpriseCommunications | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2011 FierceMarkets. All rights reserved. |
 |
