To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Gadi Evron wrote: > On Thu, 16 Mar 2006, Georg Wicherski wrote: > >>P2P to be the future of botnets? Yes, give it one more year to convince the >>kiddies. Use the Skype P2P network? Most uncertainly. > > > P2P among other such mediums are the past and the future of botnets on > different levels. > > The issue is, the Bad Guys don't often need it as IRC works well. If we > limit our fight to what-a-mole though, continually KILLING The problem > when it becomes annoying enough after ignoring it so it became annoying > in the first place, we will push the Bad Guys to evolve once again in a > broader fashion than previously... much like with terrorism, > spam, etc. through history.
Just waiting for the rhetorical question, whether USA should not have fought terrorism... ;) Basically, we cannot just wait and hope as long as we don't provoke them, they will not do worse things. Fighting botnets has always been an arms race and will always be, unless each packet is digitally signed. > More complex (or simple) control channels are here for a long time now, > IRC is still the most used one, though. Right, peer-to-peer control channels are already emerging. > Botnets are interesting in that whenever you make the control channel more > complicated, your equally raise the difficulty of maintaining them and > make them easier to find. Once a peer-to-peer based bot is publically available, people will probably shift even if IRC still works, as soon as one botnet proofed peer-to-peer to work. Peer-to-peer botnets are not neccisarily hard to maintain, you just need the script kiddie compatible GUI and all is fine. They are not easy to find either, if deployed well. > This is less of a thumb rule and more of yet another difficulty to > over-come. Right, it is good to see a community emerging around these difficulties, though. Most of research on this topic has been done behind closed doors (except for some exceptions of course, like our botnet KYE paper). Researchers need to join forces (as we recently did with mwcollect and nepenthes), still it's all about busines. ;) Georg 'oxff' Wicherski _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
