• 
• 
• 

 1 of 3

Gallery

We can beat the botnets

Posted on 8 Mar 2010 at 14:50

Davey Winder celebrates some GBH (grievous botnet harm)

Botnets represent the biggest threat to IT security today – they’re used by spammers to churn out junk email in such volumes that it now forms more than 90% of all traffic, according to those whose business it is to know.

Most PC Pro readers will be savvy enough to have a decent antispam solution in place – either at the server or client end – but the sad truth is that most users aren’t so smart. If nine out of ten messages are now spam, and much of that contains malware links or other threats, this creates a security problem of daunting scale.

If you want some interesting numbers on this, I was talking to a guy who operates one of the larger spam honeypots who told me that a single botnet, Srizbi, was at one point last year pushing out an astonishing 7.8 billion spam messages every hour. Symantec reckons that 88% of all spam on the planet is distributed via botnets, and they handle around 150 billion spams every single day between them.

Not all botnets are simply spambots: some of them are far more troublesome. Some trade under the “Botnet for Hire” banner, which usually involves nefarious activities such as renting out the network to fire off Distributed Denial of Service attacks. Anyone prepared to pay can get the use of a botnet capable of sustaining a DDoS attack at anything up to 40Gbits/sec – enough to take down pretty well any target site it’s aimed at.

Even at the cheaper end of the DDoS-for-hire scale, where you’re talking about sustained attacks of 1Gbit/sec, the damage to an online business can be immense – the latest McAfee Threat Report highlights cases of sports betting companies that have been blackmailed using DDoS closure as the threat.

The way such a sting operates is that a gang launches a sustained DDoS attack against an online sports betting website during some key sporting fixture, taking it down for the duration of the event with consequent losses that can easily amount to millions in bets not placed. The bad guys then contact the company concerned and offer not to do it again, for a fee.

It isn’t all blackmail-orientated in the world of DDoS rentals: botnets can equally be put to use for making political points, and in particular when trying to silence some strand of political opinion. Such malpractice used to be rare – mainly because of the time, technical skill and money needed to build a botnet – but that’s sadly no longer true, and nowadays you don’t need technical ability or a carefully worked-out cunning plan, nor do you need to infect hundreds of thousands of PCs to build your zombie network.

All you need is a target and sufficient money, and they don’t even charge a huge amount these days. The botnet business is so competitive that prices have been dropping (there’s a recession, after all), and remember these resources are available to rent by the hour. You can do an awful lot of damage to an online business, or make a very forceful political point by taking an opponent out of action for 60 little minutes.

Fighting back

That’s why I was rather interested to read that one security outfit called the FireEye Malware Intelligence Lab – which I’ll admit to not having heard of before – hadn’t only been fighting back, but was actually winning.

All too often I hear the same old excuses from people in government, law enforcement, and even those at the coalface of the security research business, when expounding the reasons why botnets can’t be taken down. Generally speaking, the line is “we have to do this through legislation” and “technical solutions do not exist and cannot work”, which until now had appeared to be true – but the FireEye botnet beatdown changes all that.

Download a year of Davey Winder's Online Security columns by heading to our Free Downloads site