Is the Botnet Battle Already Lost?

By Ryan Naraine  |  Posted 10-16-2006 Print Email
Botnets have become a big underground business, and the security industry has few answers. eWEEK delves into the uphill challenge in front of vendors by going to one company's research facility to study live botnets in action.

It's dress-down Friday at Sunbelt Software's Clearwater, Fla., headquarters. In a bland cubicle on the 12th floor, Eric Sites stares at the screen of a "dirty box," a Microsoft Windows machine infected with the self-replicating Wootbot network worm.

Within seconds, there is a significant spike in CPU usage as the infected computer starts scanning the network, looking for vulnerable hosts.

In a cubicle across the hall, Patrick Jordan's unpatched test machine is hit by the worm, prompting a chuckle from the veteran spyware researcher.

Almost simultaneously, the contaminated machine connects to an IRC (Internet Relay Chat) server and joins a channel to receive commands, which resemble strings of gibberish, from an unknown attacker.

"Welcome to the world of botnets," said Sites, vice president of research and development at Sunbelt, a company that sells anti-spam and anti-spyware software.



 

Submit a Comment

Loading Comments...