Researchers: Botnets Getting Beefier

By Lisa Vaas  |  Posted 2007-04-16 Print this article Print

Botnets are moving to more resilient architectures and more sophisticated encryption that will make them even harder to track and fight, researchers say at HotBots, a Usenix event.

Think botnets are bad now? We aint seen nothin yet. A select group of some 40 security researchers gathered on April 10 in the first Usenix event devoted to these networks of infected machines. The invitation-only event, called HotBots, was held in Cambridge, Mass. At the event, researchers warned that botnets—which can contain tens or even hundreds of thousands of zombie PCs that have been taken over for use in spamming and thievery of financial and identity-related data—are on the brink of a technological leap to more resilient architectures and more sophisticated encryption that will make it that much harder to track, monitor and disable them.
Specifically, security researchers have spotted the early development stages of resilient botnets that have included peer-to-peer architectures. Botnets have traditionally been organized in a hierarchical structure, with one central command-and-control location. This centralization has been a blessing to researchers, as it gives them a single point of failure on which to focus.
With a P2P botnet, however, there is no centralized point for command and control. Each node in the network acts as both client and server, eliminating the central chokepoint. Individual nodes can be knocked offline, but the gaps in the network will be closed without the loss affecting the botnets operation or the attackers control. For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub. "P2P networks [are] the biggest challenge were facing," Dr. Jose Nazario, senior security engineer for Arbor Networks, headquartered in Lexington, Mass., said in an interview with eWEEK. "Bad guys know this. [P2P botnets are hard to take down] for the same reasons that media companies have trouble shutting down P2P networks." Not that P2P botnets are all that new. In a paper presented at HotBots titled "Peer-to-Peer Botnets: Overview and Case Study," Julian B. Grizzard, David Dagon, Vikram Sharma, Chris Nunnery and Brent ByungHoon Kang gave a timeline that shows the rise of malicious bots beginning at least as far back as 1998, with the release of GTBot Variants, an IRC (Internet Relay Chat) bot based on mIRC executables and scripts. A recent example of a P2P botnet was the