Botnet Stalkers Share Takedown Tactics at RSA

By Matt Hines Print this article Print

Security researchers who specialize in the infiltration and pursuit of botnet operators lay out their methods for finding, monitoring and shutting down individuals who control networks of infected computers.

SAN FRANCISCO—A pair of security researchers speaking here at the ongoing RSA Conference Feb. 7 demonstrated their techniques for catching botnet operators who use secret legions of infected computers to distribute malware programs and violent political propaganda.

The botnet experts, both of whom are employed by anti-malware software maker FaceTime Communications, based in Foster City, Calif., detailed how they identified and pursued individuals believed to be responsible for running a pair of sophisticated botnet schemes, which have been subsequently shut down or significantly scaled back.

Addressing a packed room of conference attendees, Chris Boyd, director of malware research at FaceTime Security Labs, and Wayne Porter, director of special research for the company, detailed their efforts to infiltrate the botnet community and find the people responsible for running underground networks believed to have harbored as many as 150,000 compromised computers.

This eVideo shows how to defend against botnet infestations. Watch it here.

One of the botnets uncovered by the researchers was based in the United States and was used to deliver malware code including spyware that stole credit card data from e-commerce systems for the purpose of committing fraud. The other crimeware distribution campaign appears to have been used by radical Middle Eastern ideologists to espouse violent messages of world domination and steal money to buy satellites, radios and computer equipment.

Read the full story on eWEEK.com: Botnet Stalkers Share Takedown Tactics at RSA.

This article was originally published on 2007-02-08
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.