{"id":746,"date":"2006-03-02T00:00:00","date_gmt":"2006-03-02T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2006\/03\/02\/hunt-intensifies-for-botnet-command-controls\/"},"modified":"2021-12-30T11:38:05","modified_gmt":"2021-12-30T11:38:05","slug":"hunt-intensifies-for-botnet-command-controls","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2006\/03\/02\/hunt-intensifies-for-botnet-command-controls\/","title":{"rendered":"Hunt Intensifies for Botnet Command &#038; Controls"},"content":{"rendered":"<p>Operating under the theory that if you kill the head, the body will follow, a group of high-profile security researchers is ramping up efforts to find and disable the command-and-control infrastructure that powers millions of zombie drone machines, or bots, hijacked by malicious hackers.  A botnet, which is short for &#8220;robot network,&#8221; is a collection of broadband-enabled computers that have been commandeered by hackers for use in spam runs, distributed denial-of-service attacks or malware installation.  The compromised machines are controlled by a &#8220;botmaster&#8221; via an IRC (Inter Relay Chat) server installed illegally on a high-bandwidth educational or corporate network.  &#8220;If that command-and-control is disabled, all the machines in that botnet become useless to the botmaster.  It&#8217;s an important part of dealing with this problem,&#8221; said Gadi Evron, a botnet hunter who helps to manage the anti-botnet fightback.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Evron, who serves as the Israeli CERT manager and is a leader in many global Internet security efforts, said the group includes representatives from anti-virus vendors, ISPs, law enforcement, educational institutions and dynamic DNS providers internationally.<\/p>\n<p>Over the last year, the group has done its work quietly on closed, invite-only mailing lists.  Now, Evron has launched a public, open mailing list to enlist the general public to help report botnet C&#038;C servers.  The new mailing list will serve as a place to discuss detection techniques, report botnets, pass information to the relevant private groups and automatically notify the relevant ISPs of command-and-control sightings.  &#8220;The vetted lists will still do the bulk of the work, but we needed a public place to involve a wider audience,&#8221; Evron said in an interview with eWEEK.<\/p>\n<p>Anti-virus experts have detected signs of a massive, well-coordinated Trojan attack capable of creating botnets-for-hire.<\/p>\n<p>Dan Hubbard, senior director of security and technology research at San Diego-based Web filtering software firm Websense, said the threat from botnets should be high on a CIO&#8217;s worry list.  &#8220;We&#8217;re seeing more and more bots being written for multiple use.&#8221;<\/p>\n<p>Roger Thompson, a veteran anti-virus researcher who runs the Atlanta-based Exploit Prevention Labs, said the vigilante approach to targeting botnet command-and-controls comes with upside and downside.  However, Thompson worries that culling the herds may breed a stronger beast.  Like Thompson, Evron admits that the command-and-control shutdowns are only a small part of dealing with the growth of botnets.<\/p>\n<p>The bad guys go back to drawing board and plan a more sophisticated mode of attack.  <\/p>\n<p>With the new mailing list and increased public participation, Evron envisages a scenario where experts in the anti-virus, anti-phishing, anti-spyware and anti-spam industries are all working together on research and development to help curb the growth of botnets.  Websense&#8217;s Hubbard agrees there&#8217;s no silver bullet to solve the problem.  &#8220;The techniques are becoming better and more sophisticated as we come out with new defense techniques.&#8221;<\/p>\n<p>http:\/\/www.eweek.com\/print_article2\/0,1217,a=172598,00.asp<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-746","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/746","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=746"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/746\/revisions"}],"predecessor-version":[{"id":3233,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/746\/revisions\/3233"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=746"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=746"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=746"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}