Google to the world: Botnets will pwn the internet
CNet News is reporting that botnets pose a danger to the Internet. -- All FUD aside, my research does agree with this statement:
More botnet operators are splitting up their networks as a protection method. We call this "Distributed C&C's", or DC&Cs. The reasons for doing this are two fold,
First its harder to find C&C's with only a thousand drones, than it is to find C&C's with 100,000 drones; and secondly, law enforcement tends to focus on networks with more drones. The bad guys obviously understand this and have figured out a very unique way to respond to the increase interest in botnet operator arrests.
Botnet intelligence teams like DISOG encourage gathering intelligence on botnet operators, not just the networks they are running.
Botnet statistics teams ...aka census bureaus... produce interesting numbers, but they tend to increase the publics fear over these nets while providing little or no education for the end users.
Until law enforcement accepts that the botnet operator is the danger, not the net they run; operators will continue to have us under their thumb.
Botnet research teams should move from statistical analysis of the botnets and focus on creating education materials that can be used by law enforcement, public agencies and private security firms.
Lets face it, we all know botnets exist, but frankly, due to the distributed structure of the new nets, some of these numbers are misleading. Are there really 1500 botnet operators operating nets right now, or 150 operators running 10 C&C's each?
With new levels of sophistication this has reached a real milestone," Sunner added. "Botnets are getting smaller, more stealthy and more discreet and yet the volumes of spam are going up.
More botnet operators are splitting up their networks as a protection method. We call this "Distributed C&C's", or DC&Cs. The reasons for doing this are two fold,
First its harder to find C&C's with only a thousand drones, than it is to find C&C's with 100,000 drones; and secondly, law enforcement tends to focus on networks with more drones. The bad guys obviously understand this and have figured out a very unique way to respond to the increase interest in botnet operator arrests.
Botnet intelligence teams like DISOG encourage gathering intelligence on botnet operators, not just the networks they are running.
Botnet statistics teams ...aka census bureaus... produce interesting numbers, but they tend to increase the publics fear over these nets while providing little or no education for the end users.
Until law enforcement accepts that the botnet operator is the danger, not the net they run; operators will continue to have us under their thumb.
Botnet research teams should move from statistical analysis of the botnets and focus on creating education materials that can be used by law enforcement, public agencies and private security firms.
Lets face it, we all know botnets exist, but frankly, due to the distributed structure of the new nets, some of these numbers are misleading. Are there really 1500 botnet operators operating nets right now, or 150 operators running 10 C&C's each?
posted by Nicholas at
17:13
