427 Botnet fm qxd

(C&C) server is no longer as effective as it once was. Imagine how the first
invading army that encountered a castle felt. Imagine the castle owner’s reac-
tion upon the invention of the siege tower, catapult, or mortar.Yet, in the
years following the introduction of each of these weapons, castle design
changed. A single wall surrounding the castle became a series of walls.The
rectangular castle shape gave way to irregular shapes intended to deflect
instead of stopping enemy weapons.The loss of a major weapon doesn’t mean
the loss of the war unless the general lets morale plummet and does not
evolve to meet the new environment.
This book will attempt to add new soldiers and new weapons to the
battle. In doing so, the authors hope to stem the tide of lost morale and help
security professionals regain focus. It is necessary to lay a foundation for
deeper discussions.
This chapter describes the current state and how we got to this place. We
come from many levels and as such we must start from the very beginning.
What is a botnet? In its simplest form, it is an army of compromised com-
puters that take orders from a botherder. A botherder is an immoral hacker
who uses the botnet for financial gain or as a weapon against others.
The Killer Web App
How does this make a botnet a “killer Web app?”The software that creates
and manages a botnet makes this threat much more than the previous genera-
tion of malicious code. It is not just a virus; it is a virus of viruses.The botnet
is modular—one module exploits the vulnerabilities it finds to gain control
over its target. It then downloads another module that protects the new bot
by stopping antivirus software and firewalls; the third module may begin scan-
ning for other vulnerable systems.
A botnet is adaptive; it can be designed to download different modules to
exploit specific things that it finds on a victim. New exploits can be added as
they are discovered.This makes the job of the antivirus software much more
complex. Finding one component of a botnet does not imply the nature of
any of the other components because the first component can choose to
download from any number of modules to perform the functionality of each
phase in the life cycle of a botnet. It also casts doubt on the capability of

Download 6,98 Mb.

Do'stlaringiz bilan baham: