Tuesday, May 26, 2009

Self-Destructing Botnets: But Why?

Here's an interesting brief analysis about self-destructing botnets from Michael Kassner on TechRepublic's IT Security blog. While kill switches are nothing new in botnets, Kassner argues, it's not exactly clear what they do, or why they're there, in the first place.

Botmasters have total -- as in life-and-death -- control over their bots, and built-in self-destructing code is just one of those control mechanisms. Why not just control a machine, when you can blue-screen it's operating system altogether, if necessary? The concept was mentioned in a 2007 report by the ITU that nicely summarizes the whole subject of botnets.

Kassner cited three well-known botnets, in particular -- InfoStealer, ZeuS and Nethell -- all of which have built-in self-destruct mechanisms. But he focused on ZeuS in his article.

Basically, botnet kill switches can hide the botmaster's tracks when the heat is on, buy time for a phisher while transferring -- or stealing -- from a bank account, or even be a way for a criminal gang from allowing its botnet to fall into the hands of a rival cybergang. These are only a few possibilities.


Anonymous jennifer said...

Interesting article. Botnets are a criminals dream come true. Leads me to ask if our technology will ever really be secure.

I like how your articles are short and to the point. Would you entertain us republishing them in our newsletter? Please let me know - I'd love to showcase your thoughts.


3:18 PM  

Post a Comment

<< Home