427 Botnet fm qxd

Giving Up Is Not an Option

Download 6,98 Mb.

Pdf ko'rish

bet	343/387
Sana	03.12.2022
Hajmi	6,98 Mb.
	#878307

1 ... 339 340 341 342 343 344 345 346 ... 387

Bog'liq
Botnets - The killer web applications

Giving Up Is Not an Option
Recently, some botnet pundits have opined that the traditional way to get rid of
a botnet may not work as well anymore as distributed botnet software continues
to evolve. We have traditionally relied on botnets having a known head (a few
botnet server IPs at a DNS name as mentioned in Chapter 3) and have tried to
take down the botnet server itself. In a few cases (not enough), we have tried to
lock the botnet herder in jail. Chapter 3 presented botnets that may use the
Web (http) or P2P technologies for connectivity. P2P in particular looks worri-
some because it could mean the snake now has multiple heads.
The problem with cutting off the head is that it leaves a sea of infected
hosts behind. If a botnet client host is vulnerable to exploitation and not fixed,
it is still vulnerable and can probably be infected with a new bug, controlled by
a different master, and added to a new, stealthier botnet for new forms of
www.syngress.com
418
Chapter 12 • Responding to Botnets
427_Botnet_12.qxd 1/9/07 3:08 PM Page 418

misuse. We can’t be sure we actually cut off enough of the head, either.
Alternate head #2 may be primed and ready to take over.The host and all its
data are still in peril. Ultimately, we still have to address host security and do a
better job of it.
Botnets certainly represent a new, more evolved form of malware.
Malware used to be one virus and maybe one remote controlled host, not an
entire assemblage of exploited hosts remotely controlled.The big differences
now are in the numbers of controlled hosts and the use of exploited hosts for
money, possibly with organized crime behind it all. Systems are used for var-
ious forms of identity theft (phishing, more later) and other forms of fraud,
including bogus mouse clicks on Web pages, spam generation, and the use of
denial of service as a form of extortion.
Computers are hacked in different ways—some traditional, some new, and
as of yet possibly unknown. Botnets represent a rapid sphere of evolution in
some sense in attacks, but most of the attacks are old and represent nothing
new. These attacks include traditional password guessing and Microsoft file
share attacks. Password-guessing attacks could be dealt with by known strong
authentication techniques or even such simple techniques as making sure
accounts have passwords. Microsoft file share attacks often succeed simply
because people for whatever reason (bad reasons, typically like “it is not con-
venient”) don’t update their computers.
So, possibly to misquote John Paul Jones: “we have not yet begun to
fight.” We do not know if the situation is worse than it was a few years ago
(attacks often go unreported). We might simply be more aware of what is
happening in the black-hat world. Even if botnet technology changes, though,
the arms race between white-hats trying to protect computers and black-hats
trying to exploit computers has been going on for awhile.That particular
arms race is not new, either.There will be new advances in both white-hat
and black-hat technologies. At times, white-hat technologies may discover a
way to more easily discern botnet traffic or practices. At times, the black-hat
hackers may create a new technology and deploy it in their botnet malware.
This doesn’t mean the white-hats should give up and call it a day.
In the meantime, we would do well to pay attention to the usual suspects:
1. We need more education about security in general and botnets in

Download 6,98 Mb.

Do'stlaringiz bilan baham:

1 ... 339 340 341 342 343 344 345 346 ... 387