Sunday, February 25, 2007

BotNet Operators Getting More Savvy?

I ran across a short piece from DarkReading discussing trends seen by the botnet trackers at Arbor Networks. It seems that botnet operators are starting to see the writing on the wall and are moving to greener pastures than straight laced IRC. Encrypted IRC, HTTP, P2P are all up for grabs. I also found the anti-honeypot tactics interesting. This more than anything shows why investigators shouldn't use the "let's poke it with a stick and see what it does" method on any old IP found while investigating a compromised system.

Still, I don't think it's all doom and gloom. Even with superBot 6000 around the corner, there's still plenty of folks running plain Jane IRC bots out there and even more Joe User's ready to click on that link and serve up a fresh new machine for the zombie ranks. Overall these new bots are just another move in the security chess match.

I'd say the article is a good warning for Network Security folks to keep changes in mind as they build future defenses and countermeasures. Building a security mechanism based only on current incarnations of risks is shortsighted and foolhardy. Technology changes, deal with it.

No comments: