Botnets Growing Larger And Unstoppable?
Spam that contains malware has been making the rounds and even infected over 20,000 machines in one day according to the Internet Storm Center. The infected systems downloaded next generation bots which were designed to allow the bot-herder to use the systems as spam relays.
Unlike last generation botnets, these bots do not connect to IRC networks for their command and control. This change hasmade it very difficult for researchers to shut down the botnets.
The fact that infected computers connect through a peer-to-peer system and not to a standalone server or even a node makes it extremely hard to shut down. "We traditionally can shut down the IRC server or whatever controls it," said Johannes Ullrich, chief research officer at the SANS Institute and chief technology officer for the Internet Storm Center. "But with this, there is no single server or node to shut down. To deal with this, you'd have to shut down those 20,000 infected hosts. We would have to walk up to every single one of them and pull the plug."
Storm Outbreak: Building A Bigger, Better Botnet
Posted in
Tech News
by #!/usr/bin/geek at 2007-04-22 03:30 ET (GMT-5)
Tags: IRC bot botnets malware spyware SANS InternetStormCenter
