Researchers: Botnets Getting Beefier

By Lisa Vaas Print this article Print

Botnets are moving to more resilient architectures and more sophisticated encryption that will make them even harder to track and fight, researchers say at HotBots, a Usenix event.

Think botnets are bad now? We ain't seen nothin' yet.

A select group of some 40 security researchers gathered on April 10 in the first Usenix event devoted to these networks of infected machines. The invitation-only event, called HotBots, was held in Cambridge, Mass.

At the event, researchers warned that botnets—which can contain tens or even hundreds of thousands of zombie PCs that have been taken over for use in spamming and thievery of financial and identity-related data—are on the brink of a technological leap to more resilient architectures and more sophisticated encryption that will make it that much harder to track, monitor and disable them.

Specifically, security researchers have spotted the early development stages of resilient botnets that have included peer-to-peer architectures. Botnets have traditionally been organized in a hierarchical structure, with one central command-and-control location. This centralization has been a blessing to researchers, as it gives them a single point of failure on which to focus.

With a P2P botnet, however, there is no centralized point for command and control. Each node in the network acts as both client and server, eliminating the central chokepoint. Individual nodes can be knocked offline, but the gaps in the network will be closed without the loss affecting the botnet's operation or the attacker's control.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet's Security IT Hub.

"P2P networks [are] the biggest challenge we're facing," Dr. Jose Nazario, senior security engineer for Arbor Networks, headquartered in Lexington, Mass., said in an interview with eWEEK. "Bad guys know this. [P2P botnets are hard to take down] for the same reasons that media companies have trouble shutting down P2P networks."

Read the full story on eWEEK.com: Researchers: Botnets Getting Beefier

This article was originally published on 2007-04-16
Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.