Battle of the botnets

happygeek 0 Tallied Votes 724 Views Share

For the average user spam has always been an annoyance. For the average spammer it has always been about making money. For the criminal gangs that have muscled in on this lucrative industry during the last few years it is now about territory and control. Control, that is, of the botnets behind the malware distribution networks that they rent out to the spamming middle men to enable them to ply their trade in relative safety from the crippled arm of the law.

Leading AV researchers at Kaspersky have now identified three criminal gangs which are participating in an increasingly desperate battle of the botnets. This turf war is, as all turf wars have a habit of doing, turning nasty and it is the average computer who is getting caught in the crossfire. No longer are the gangs happy to settle for a slice of the spam pie, they want it all. And that means control over as many compromised third party computers to create the biggest of mega zombie botnets. To accomplish this, the gangs behind the Bagle, Warezov and Zhelatin worms are turning their attention to ridding those compromised computers of rival gang malware infections in order to install their own and gain that control.

Spammers pay a lot of money to rent time on these mega botnets, and the bigger the botnet, the bigger its capacity to distribute spam, the more valuable a commodity it becomes.

Kaspersky Lab senior virus analyst Alexander Gostev writing in the latest Viruslist.com Malware Evolution report states that “war had been declared in cyberspace between the groups producing Warezov and Zhelatin. Taking into account the size of the botnets used by both groups, and their clear aim to conduct a large number of attacks, the situation was clear: this was threatening to become one of the most serious problems on the Internet in recent years.” Gostev identifies three groups from different countries who were all busy with the same thing, creating spam harvesting and distribution botnets. “This brought the three groups into conflict with each other, and they are willing to use everything at their disposal to gain an advantage” Gostev concludes.

The end result has been a huge increase in attacks on users, with an emphasis on developing new techniques to infect end users and evade detection by AV filters. If you need any evidence of this, 32% of all malicious code in email traffic during March 2007 was made up of Trojan-Spy.HTML.Bankfraud.ra according to Kaspersky, and indicating clearly that Bagle, Warezov and Zhelatin have created an epidemic.

Although there has been some success in dealing with high profile botnet related security incidents, including the 57 month prison term for Jeanson James Ancheta for infecting 400,000 computers for botnet use, this really is tip of the iceberg time. The really organised criminals will be using exactly the same techniques to evade capture and to protect the business of criminality as is seen in the drugs war. You can be sure that while sacrificial lambs get jail time, the gang bosses and the real botnet builders will continue to prosper. Until, that is, law enforcement, the judiciary and governments around the world start to take the spam problem as seriously as they do the drugs one. To be frank, I don’t see any evidence of that happening any time soon.

shamgar 0 Newbie Poster

You can be sure that while sacrificial lambs get jail time, the gang bosses and the real botnet builders will continue to prosper. Until, that is, law enforcement, the judiciary and governments around the world start to take the spam problem as seriously as they do the drugs one.

You've got to be kidding. Yes, that's a great vision of the future. I can see it now. A 70 yo grandma is up late at night working on her computer. The police, on a tip from an anonymous informant (looking to escape an arrest on a malware charge himself) get a warrant to raid her house as a known user of a compromised machine. (You did say drug war right? They go after the end-users too you know). They bust down her door and storm her house in full tactical gear with flash bangs and tear gas grenades flying. Granny gets up to defend her home, and gets shot to death by police.

Even if you think they'll not go after Joe End User that is not properly protecting their machines and as a result gets compromised and becomes a point of distribution...it's still a bad idea. Lets see, how has the drug war done so far? Well, it is hard to tell, since the ONDCP and others give different numbers depending on whether it's trying to justify spending more money or reassure the public that its succeeding. However less biased numbers and just plain common sense will tell you we're not winning the "war on drugs".

The groups providing drugs get continually better at it. I heard recently that they had developed a new marijuana plant that is near impossible to kill. It can't be killed by burning, herbicides, or cutting. It'll just grow back. And quickly - more quickly than standard plants. The news covers new drugs becoming popular all the time. They tried to end Crystal Meth by moving cold medicine behind the counter, but all they did was create a vacuum from the lack of home-grown supply which was then filled with dangerous drug cartels that don't depend on it - sending violent crime way up.

The bottom line is, cliche or not, if government is the only answer you can come up with, you are asking all the wrong questions. As a wise man once said,

Government is bureaucracy, inefficiency, and brute force. It is the least desirable, least effective and least likely to succeed means of getting anything accomplished.

I live in fear of the day the government declares a "war on spam" or a "war on malware".

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

And your solution is?

ravloony 0 Newbie Poster

Oh come on. Install a real operating system everywhere and the problem will disappear on its own. That's the battle we should be fighting, not expecting the law to step in.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Your username suits you :)

Infarction 503 Posting Virtuoso

>Oh come on. Install a real operating system everywhere
>and the problem will disappear on its own. That's the battle we
>should be fighting, not expecting the law to step in.
Great idea. Got one handy? And are you sure it'll never be compromised? Not to mention that user applications also need to be secure; viruses don't only attack the OS.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.