Mail List on the Trail of Botnet Bounty | eWeek

Mail List on the Trail of Botnet Bounty

Written By
Ryan Naraine
Ryan Naraine
Mar 6, 2006
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Operating under the theory that if you kill the head, the body will follow, a group of high-profile security researchers is ramping up efforts to find and disable the command-and-control infrastructure that powers millions of zombie drone machines, or bots, hijacked by malicious hackers.

The idea is to open up a new reporting mechanism for ISPs and IT administrators to report botnet activity, especially the command-and-control system that remotely sends instructions to botnets.

A botnet, which is short for robot network, is a collection of broadband-enabled computers that have been commandeered by hackers for use in spam runs, distributed DoS (denial of service) attacks or malware installation.

The compromised machines are controlled by a “botmaster” via an IRC (Internet Relay Chat) server installed illegally on a high-bandwidth educational or corporate network.

“If that command and control is disabled, all the machines in that botnet become useless to the botmaster. Its an important part of dealing with this problem,” said Gadi Evron, a botnet hunter who helps to manage the anti-botnet fight-back.

Evron, who serves as CERT manager in Israels Ministry of Finance, in Jerusalem, said the group includes representatives from anti-virus vendors, ISPs, educational institutions and dynamic DNS (Domain Name System) providers internationally.

Over the last year, the group has done its work quietly on closed, invite-only mailing lists. Now, Evron has launched a public, open mailing list where anyone can join in and report a botnet command-and-control server.

The new mailing list will serve as a place to discuss detection techniques, report botnets, pass information to the relevant private groups and automatically notify the relevant ISPs of command-and-control sightings.

“The vetted lists will still do the bulk of the work, but we needed a public place to involve a wider audience,” Evron said in an interview with eWEEK.

Dan Hubbard, senior director of security and technology research at San Diego-based Web filtering software company Websense, said the threat from botnets should be high on a CIOs worry list. “Were seeing more and more bots being written for multiple use. They used to open a back door simply to send spam, but now were seeing bots logging keystrokes or pulling Web-surfing data to build personal identity profiles,” Hubbard said. “The botnet has become a web of connections.”

He said Websense Web Security Suite Version 6.2 has been fitted with a new protection mechanism to sniff out bots and bot networks.

“Bots and botnets are spreading like wildfire. Were working to control them, but its always a catch-up game,” Hubbard said. “Even after you cut off the command and control, the machines in the botnet are still vulnerable to reinfection. In some cases, a single machine may belong to multiple botnets.”

Roger Thompson, a veteran anti-virus researcher who runs the Atlanta-based Exploit Prevention Labs, said the vigilante approach to targeting botnet command and controls comes with an upside and a downside. “The upside to these information-sharing efforts is that the right people get involved. We get the right information to law enforcement, which is really whats required,” Thompson said.

However, he worries that culling the herds may breed a stronger beast. “We might just be killing off the [command and controls] that are easily found and making them get stronger and more cunning to survive,” he said.

Like Thompson, Evron said that the command-and-control shutdowns are only a small part of dealing with the growth of botnets.

“Its all about return on investment. Botnets are being used to make money,” said Evron. “Its very well organized, and its working for the bad guys.”

Websenses Hubbard agreed theres no silver bullet to solve the problem.

“I dont think well ever shut down botnets. The problem is just going to change with time,” he said. “The techniques are becoming better and more sophisticated as we come out with new defense techniques. Were just trying to slow them down, really.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.