Shadowserver Battles the Botnets

Keep on Guard!


Botnets are indeed a growing problem, we’ve seen serious cases of DDoS extortion, the most recent example would be the attacks against the ‘million dollar homepage’ and the problems it caused the owner.

Botnets have been used for quite some time as spam networks and mostly for script kiddies to have DoS wars on IRC networks, but now they have released they can go back to the old mafia tactics of protection money and make a few bucks from it.

Botnets are the workhorses of most online criminal enterprises today, allowing hackers to ply their trade anonymously — sending spam, sowing infected PCs with adware from companies that pay for each installation, or hosting fraudulent e-commerce and banking Web sites.

As the profit motive for creating botnets has grown, so has the number of bot-infected PCs. David Dagon, a Ph.D. student at Georgia Tech who has spent several years charting the global spread of botnets, estimates that in the 13-month period ending in January, more than 13 million PCs around the world were infected with malicious code that turned them into bots.

Shadowserver is an effort to take out these botnets, they are made up of volunteers with some experience in computer security and have the thankless job of informing ISPs of infected machines and getting them to deny access.

Even after the Shadowserver crew has convinced an ISP to shut down a botmaster’s command-and-control channel, most of the bots will remain infected. Like lost sheep without a shepherd, the drones will continually try to reconnect to the hacker’s control server, unaware that it no longer exists. In some cases, Albright said, a botmaster who has been cut off from his command-and-control center will simply wait a few days or weeks, then re-register the domain and reclaim stranded bots.

That’s the problem, even after they have shut them down, they can spring up again in a few days. There are so many unprotected Windows machines, it’s an uphill battle..

Shadowserver is using some kind of custom Honeynet to collect samples of the Bot seeding malware and examine it using reverse engineering techniques.

I predict it will get worse and as more machines from developing nations come online (using outdated and pirated copies of Windows) more more and vulnerable machines will be available to these ‘bot herders’…

Recent media attention to the Shadowserver project has generated interest among a new crop of volunteers eager to deploy honeynet sensors and contribute to the effort. Albright says he’ll take all the help he can get, but he worries that the next few years will bring even more numerous and stealthy botnets.

“Even with all the sensors we have in place now, we’re still catching around 20 new unknown [bot programs] per week,” he said. “Once we get more sensors that number will probably double.”

It’s only going to get worse.

Source: Washington Post

Posted in: Countermeasures, Malware, Networking Hacking

, , , , , , , , ,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Comments are closed.