The Network Security. Org

Inside Botnets

In the news recently was an interesting story about MetaFisher (also known as Spy-Agent), a Trojan horse program that steals personal financial information. What was particularly interesting about the news report that I received from iDefense was screenshots of the control interface used by the MetaFisher bot network (botnet) operators. The images give a good idea of what goes on behind the scenes of botnets. If you've already looked at the news story that I posted on our Web site and didn't see the images, be sure to check it again--I added the images on Monday. You can link to the story from the MetaFisher news story below.

Botnets are a huge problem. Understanding how bots work helps us understand how to defend against them and how to shut down botnets. Every antivirus vendor and many other types of security vendors hold a wealth of information about untold numbers of bots. However, when these companies publish alerts and advisories about bots, the reports rarely contain greatly detailed information that describes the inner workings and capabilities of the bots. So learning how a bot behaves is typically rough work. Even if you manage to capture a bot, you're left to reverse-engineer it on your own.

Paul Barford and Vinod Yegneswaran of the University of Wisconsin Computer Sciences Department wrote an excellent white paper, "An Inside Look at Botnets." The pair give detailed insight into four types of bots, including those based on Agobot, SDBot, GT Bot, and Spybot.

If you read the white paper, you'll learn that although most bots today operate in conjunction with Internet Relay Chat (IRC) servers (which makes shutting down botnets somewhat less difficult), some bots are beginning to gain peer-to-peer functionality. This evolution of course means that shutting down botnets will become more difficult in many cases in the future. Inside Botnets

More News

• Website infection rate triples
  



• How to Use Honeypots to Improve Your Network Security
  



• Microsoft Patch Tuesday Targets 26 Application Flaws
  



• SSL VPNs might not be as secure as you think
  



• 8 tips to filter spam effectively
  



• Onus on IP address owner to prove innocence
  



• How to install an SSH Server in Windows Server 2008.
  



• Several vulnerabilities closed in the Linux kernel
  



• 8 Best Practices for Encryption Key Management and Data Security
  



• Free Honeypot Client Could Sting Malware
  



• What Firewalls Do & Donot Do
  



• Symantec fingers D Link for bot attacks
  



• WhiteHat: 90% of Sites Still Vulnerable
  



• Red Hat releases free security code
  



• A new type of Bluetooth security
  



• Dude, where is my perimeter?
  



• Scaring users into IT security
  



• VMware fixes security bugs
  



• The top 10 security land mines
  



• Encrypt volumes through a cross platform GUI with TrueCrypt 5.0