Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, January 20, 2006

Hacker PC networks getting harder to find

Hacked computer networks, or botnets, are becoming increasingly difficult to trace as hackers develop new means to hide them, says security experts.  Botnets are used to send spam, propagate viruses and carry out denial of service attacks - something that has again come to light with a high-profile attack on The Million Dollar Home Page, a novel advertising website idea by a British college student.  Extortion schemes are frequently backed by the muscle of botnets, and hackers are also renting the use of armadas of computers for illegal purposes through advertisements on the Web, said Kevin Hogan, senior manager for Symantec Security Response.

The first legitimate bot, called Eggdrop, was written in 1993 by Robey Pointer and had a feature that allowed more control over IRC networks.  As legislation emerged cracking down on spammers, those who ran botnets started pursuing more clandestine ways to continue their operations.  Rather than deter hardcore spammers, it merely drove them further underground, said Mark Sunner, chief technical officer for MessageLabs.

Increasingly, botnet administrators have customised IRC commands, and many well-known commands that allowed for the remote querying of machines have been disabled, Hogan said.

Over a year ago, two viruses - Netsky and Bagle - battled it out, uninstalling and replacing each other on users’ computers.  Law enforcement authorities have become more adept at putting together task forces to track down botnet admins. 

They have countered by sticking to smaller groups of around 20,000 machines that are less likely to be detected as quickly, Sunner said.

http://www.techworld.com/security/news/index.cfm?NewsID=5205

Posted on 01/20
NewsPermalink