To catch a criminal, sometimes you have to think like one.
So researchers on the trail of cybercrooks that use armies of infected computers, known as botnets, to send out spam e-mail or to attack websites are building botnets of their own. Fortunately, the new approach is being tested using a high-powered computing cluster that is safely isolated from the Internet.
"We set up what we thought would be the closest to a botnet in the wild," says Pierre-Marc Bureau, a researcher with computer security firm ESET, part of the project led by a team at Ecole Polytechnique de Montreal with collaborators at Nancy University, France, and Carlton University, Canada. "To our knowledge, this is the first such realistic experiment," he says.
Over 3,000 copies of Windows XP were installed on a cluster of 98 servers at Ecole Polytechnique. Each virtual computer system was wrapped in software that linked it up to the others as if it were an individual computer connected to the Internet or a local network. Every system was also infected with the Waledac worm, a piece of now well understood and largely vanquished software that at the start of 2010 was estimated by Microsoft to control hundreds of thousands of computers and to send out 1.5 billion spam messages a day.
The team mimicked the control structure needed to take charge of a Waledac botnet, in which a central command-and-control server sends orders to a handful of bots that then spread those instructions to other machines.
Sabre (Julian) 92.5% Stock 04 STI
Good choice putting $4,000 rims on your 1990 Honda Civic. That's like Betty White going out and getting her tits done.
I wish I could say I was impressed, but I'm not. All too often projects like this get more press than their actually worth. They're still studying just one worm and how it works, which will probably have very little in common with how the next big botnet works
On the bright side, given the University setting, these guys are probably training quite a few guys to be good a front line malware analysis.
thermatico wrote:I wish I could say I was impressed, but I'm not. All too often projects like this get more press than their actually worth. They're still studying just one worm and how it works, which will probably have very little in common with how the next big botnet works
On the bright side, given the University setting, these guys are probably training quite a few guys to be good a front line malware analysis.
I couldn't agree more. Great training, tons of potential in the future.
thermatico wrote:I wish I could say I was impressed, but I'm not. All too often projects like this get more press than their actually worth. They're still studying just one worm and how it works, which will probably have very little in common with how the next big botnet works
On the bright side, given the University setting, these guys are probably training quite a few guys to be good a front line malware analysis.
Hopefully they can replicate the tech for other worms/virii/botnets. As you said, at least it's getting some new minds on the problem
Sabre (Julian) 92.5% Stock 04 STI
Good choice putting $4,000 rims on your 1990 Honda Civic. That's like Betty White going out and getting her tits done.
