botnets

Security Bites 103: Capitalizing on botnets

IronPort's Pat Peterson joins Robert Vamosi this week to talk about how online criminals make money using botnets.

Listen now: Download today's podcast

How do online criminals make money off of botnets? Previously, we've explored how parts of the Storm worm botnet may have been rented out to others. No matter who owns the botnet, the traffic is usually the same: spam. But what kind of spam?

IronPort Systems, a divison of Cisco, released a report this week (registration required) that identified some of the specific spam messages being used. Not surprising is the pharmaceutical spam. But … Read more

Carpet bombing networks in cyberspace

While Operation CyberStorm is intended to improve our ability to defend against a foreign cyberattack, the Air Force is talking openly about our ability to launch a preemptive attack in cyberspace.

In the May 2008 issue of Armed Forces Journal, Col. Charles W. Williamson III wrote that "America needs a network that can project power by building an af.mil robot network (botnet) that can direct such massive amounts of traffic to target computers that they can no longer communicate and become no more useful to our adversaries than hunks of metal and plastic. America needs the ability to … Read more

Buzz Out Loud 723: Best bad idea ever

The military has proposed creating their own botnet to help combat cyberfoes. Kevin Poulsen at Wired thinks this is idiotic. We think there's a certain amount of mad genius to it, and debate the points. Meanwhile 6 million Chileans had their personal data leaked to the Internet. Don't worry it's not all shock and awe. Harvard says violent video games are A-OK! Shoot 'em up, kids! Listen now: Download today's podcast EPISODE 723

Note: We are making a change to our podcast feed system on Friday, May 16. However, you do not need to subscribe to … Read more

Goodbye Storm, Hello Srizbi

On Thursday, MessageLabs reported in its April Intelligence Report a marked decrease in the number of malware links connected to the Storm botnet. "It's not too often that a security company says that things are getting better," said Mark Sunner, Chief Security Analyst.

At its peak, Sunner said, the Storm botnet resided upon one million computers worldwide. That number has since come down to between 85,000 IP addresses at the end of April. He said that over the last eighteen months Storm has been constant, and never decreased according to MessageLabs research. "Other security companies … Read more

McAfee's libel against open source

Over the weekend Stuart Hicks emailed the OSI about an odd statement made by McAfee in its white paper on botnets [PDF]:

Taking the bot controller offline may kill a botnet. As a result, many bots use a Dynamic Domain Name System (DDNS) or have a list of backup IP addresses to survive such an event. Bot technology is rapidly evolving, often aided and abetted, unfortunately, by the open-source movement. [Emphasis mine.]

Huh? No justification is made for this statement. No follow-on, explanatory comments are made.

Someone at McAfee thinks that the correlation between botnets and open source is clear, but I am struggling to grasp any connection between the two. Perhaps this is just one more example of McAfee's dubious grasp on reality when it comes to open source. Remember its statement that open-source licensing is a threat to its business?

Consider the definition of a botnet:… Read more

Teenage bot herder pleads guilty in New Zealand

Owen Thor Walker, an 18-year-old bot herder from Whitianga, New Zealand, plead guilty on Monday to six charges resulting from a botched botnet upgrade that led to a 2007 denial-of-service attack on the University of Pennsylvania.

Walker plead guilty to two charges of accessing a computer for dishonest purposes; two charges of accessing computer systems without authorization; one of damaging or interfering with computer systems; and one of possessing software for committing a crime. He could face five years in jail. However, according to reports from The New Zealand Herald, Judge Arthur Tompkins is considering Walker's age and cooperation … Read more

No April Fools'--Storm worm is back

Don't click on that silly April Fools' Day e-mail, says one security expert.

In a blog, Arbor Networks' Jose Nazario reports that within the last 24 hours he's seeing new releases of the Storm worm designed to take advantage of the first day of April. This new spam campaign is a lure to infect new computers that will become part of the larger Storm worm botnet.

The e-mail body is spartan: the words "Doh! April Fools" followed by a numeric URL. If a user clicks on that URL, the default Internet browser will open to a … Read more

From Storm, with love

The FBI is warning that Valentine's Day e-mails you see this year might be coming not from loved ones, but from the Storm worm botnet. In a press release Tuesday, the FBI warns users to be on the lookout for e-mail that "directs the recipient to click on a link to retrieve the electronic greeting card (e-card). Once the user clicks on the link, malware is downloaded to the Internet-connected device and causes it to become infected and part of the Storm worm botnet."

Dr. Jose Nazario of Arbor Networks said the authors of Storm have launched … Read more

Where the botnets are

Last week, the FBI announced the end of the second phase of Operation Bot Roast, an ongoing investigation into botnets, and the criminal activity associated with them. I recently asked Dr. Jose Nazario of Arbor Networks where in the world the bot herders, the people who control the botnets, might be. Here are some excerpts:

We see a few major groups. We see Americans and Western Europeans often interested in using the botnet to make money either directly or indirectly by selling services, or stealing information from those botnets to sell and use credit card information bank information, etc.

There … Read more