Tracing Botnets Becoming More Difficult

Latest news
Apple iTunes Version 9.2.1 Patches Critical Vulnerability Fake Check Scam Targets Two NH Attorneys, One Loses $240,000 Man Spying Through Webcams Arrested DNS-Rebinding Can Help Infiltrate Home PCs Stuxnet Malware Signed With JMicron Certificate

Support our Sponsors

uClip Clipping Path Service

Main Menu

Resources

Login
Username Password Remember Me Forgot your password? Forgot your username? Create an account

Syndicate

Popular
Facebook Attacked by Clickjacking Worm Surge in Attacks Abusing Zero-Day Vulnerability in Windows Microsoft Sues RedOrbit in Charges of Click Laundering BookWhirl.com Issues Phishing E-mail Alert Alureon Rootkit Returns to Windows PCs

Tracing Botnets Becoming More Difficult

Written by Administrator

Thursday, 11 March 2010 14:00

According to computer scientists, honeypot traps that are set up to safeguard PCs off botnets' clutches can now be attacked due to sophistications in botnet programs. Botnets are utilized for executing spurious and criminal operations online.

Reportedly, the leaders of the computer scientists' team are University of Florida's Cliff Zou and colleagues.

Their research indicates that online crooks manage to find out the PCs inside the botnets that are unable to follow commands like pushing out spam. Subsequently, on discovering a honeypot, these crooks configure the command-and-control server such that the honeypot systems are eluded or disabled, preventing researchers to access crucial data.

Said Zou that security researchers still considerably found it valuable to research and install honeypots. According to him, the current paper would likely reiterate to honeypot researchers how significant it was to study the methods for constructing clandestine honeypots as also the security impediments involved in their installation. However, it shouldn't be still as simple to spot honeypots, as they were currently, the scientists noted. The New Internet reported this on March 3, 2010.

In the meantime, according to anti-virus and other security companies, they are already dealing with the problem.

Technical Director Luis Corrons of PandaLabs at Panda Security the Spanish anti-virus company elucidated that while researchers should necessarily filter all e-mail traffic produced from the honeypot's bot, they could filter to choose that which they would and wouldn't allow passage. For instance, in case the bot-controller told the bot that it must distribute spam, researchers could allow the instruction to come to the bot along with even allowing it to dispatch the spam, however, diverting the messages via a proxy so that they didn't go to any victim. TheRegister reported this on March 2, 2010.

In another suggestion, CTO Amichai Shulman at Imperva the database security company said that instead of following infected systems' activities, cyber-criminals could try detecting virtual PCs. Honeypot systems mostly relied on virtualization environments, usually VMWare. If malware developers could recognize that attribute pertaining to the contaminated environment, they might effectively spot a lot of honeypots in existence, Shulman pointed out. TheRegister reported this.

Read full article...