Forum latest

They will arise from the dead to Spam us!
Written by Daniel   
Friday, 01 June 2007 14:39

Robert Soloway, A.K.A. The Spam King is under lock and key and the world can breathe that much easier, yes?

Well not quite, there's what may well be called the Vampire factor! Soloway's vast army of subverted home and business computers still roam the dark side of computing awaiting for a new master to arrive. DarkReading offers us a real insight into what we are up against once a botnet has been created and activated....Even after we spike the Master! Good reading!

Dismantling a Botnet
JUNE 1, 2007 | Just because you arrest a spam kingpin doesn't mean his botnet is history.

The arrest of Robert Soloway, the so-called "Spam King" who commanded a botnet of zombies that reportedly sent out billions of spam email messages every day, is a case study in just how difficult killing a botnet can be. His capture does not equate to the release of thousands of newly healthy client machines that may once have been his infected hostages.

"You are basically cutting a tapeworm in two. The infrastructure is still there, and it can be picked up by anyone who can find it or knows where it is," says Ira Winkler, author of Zen and the Art of Information Security. "Authorities might be able to see what servers he connects to that command the rest of the bots, but it is unlikely that they will kill all of the bots."

Researchers say Soloway had his own botnet for spamming -- not for launching denial-of-service attacks like some botnets do, nor was it part of one of the infamous botnet "gangs" out there. And everyone was watching him and his movements. "The botnet wasn't terribly sophisticated, but it was custom enough that it sort of stood out," says Jose Nazario, software and security engineer for Arbor Networks. "It seemed to be primarily his own botnet, and he [probably] had a couple of guys in contract helping him out. People had their eye on him for quite a while."

Even if authorities try to shut down his botnet, there are plenty more wanna-be spam kings and botherders waiting in the wings who probably already are snapping up the infected bots Soloway used, researchers say. "There's always someone there ready to fill the void," says Joe Stewart, senior security researcher for SecureWorks. "I don't expect to see a decrease of spam in my inbox."

Even if Soloway's bots are freed, the machines are likely still infected, so another botherder can re-hijack them for his own botnet. "It's easy to steal someone else's bots," Arbor's Nazario says. Even scarier is if your machine just so happened to be one of a Soloway bot, it may already have been recruited as a member of another botnet and you wouldn't even know it, according to Nazario.

So how do you dismantle a botnet? It's no easy task, and it requires infiltration of the botnet. SecureWorks's Stewart says the most effective way to take down a botnet is to go after the actual hands-on operation, and that's not the spam king. "There's always a central server or some sort of central control mechanism, even if it's a peer-to-peer network. Someone has the keys to control it all.".... More

Comment the Forums 


See also

None found.

Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either