Researchers: Botnets Getting BeefierBy Lisa Vaas | Posted 2007-04-16 Email Print
Botnets are moving to more resilient architectures and more sophisticated encryption that will make them even harder to track and fight, researchers say at HotBots, a Usenix event.Think botnets are bad now? We ain't seen nothin' yet.
A select group of some 40 security researchers gathered on April 10 in the first Usenix event devoted to these networks of infected machines. The invitation-only event, called HotBots, was held in Cambridge, Mass.
At the event, researchers warned that botnetswhich can contain tens or even hundreds of thousands of zombie PCs that have been taken over for use in spamming and thievery of financial and identity-related dataare on the brink of a technological leap to more resilient architectures and more sophisticated encryption that will make it that much harder to track, monitor and disable them.
Specifically, security researchers have spotted the early development stages of resilient botnets that have included peer-to-peer architectures. Botnets have traditionally been organized in a hierarchical structure, with one central command-and-control location. This centralization has been a blessing to researchers, as it gives them a single point of failure on which to focus.
With a P2P botnet, however, there is no centralized point for command and control. Each node in the network acts as both client and server, eliminating the central chokepoint. Individual nodes can be knocked offline, but the gaps in the network will be closed without the loss affecting the botnet's operation or the attacker's control.
"P2P networks [are] the biggest challenge we're facing," Dr. Jose Nazario, senior security engineer for Arbor Networks, headquartered in Lexington, Mass., said in an interview with eWEEK. "Bad guys know this. [P2P botnets are hard to take down] for the same reasons that media companies have trouble shutting down P2P networks."