Botnets: a retrospective to 2006, and where we are headed in 2007
December 23rd, 2006 by SecuriTeam, Filed under: Botnets, Commentary, Corporate Security, Culture, DDoS, Insider Threat, Law, Microsoft, Networking, Phishing, Physical Security, Rootkits, Spam, Virus, Web
a few months back i released a post on where i think anti-botnets technology is heading. now it’s time for what happened in 2006, and what we can expect from here on.
i am not a believer in such retrospective looks, as often, they are completely biased and based on what we have seen and what we want to see. this is why i will try and limit myself to what we know happens and is likely to get attention, as well as what we have seen tried by bad guys, which is working for them enough to take to the next level.
what changed with botnets in 2006:
1.botnets reached a level where it is unclear today what parts of the internet are not compromised to an extent. count by clean rather than infected.
2. botnets have become the most significant platform from which virtually any type of online attack and crime are launched. botnets equal an online infrastructure for abusive or criminal activity online.
3. in the past year, botnets have become mainstream. from a not existent field even in the professional realm up to a few years ago, where attacks were happening constantly reagrdless, it has turned to the main buzzword and occupation of the security industry today, directly and indirectly.
4. websites have returned to being one the most significant form of infection for building botnets, which hadn’t been the case since the late 90s.
5. botnets have become the moving force behind organized crime online, with a low-risk high-profit calculation.
6. new technologies are finally being introduced, moving the botnet controllers from using just (or mainly) irc to more advanced c&c (command and control) channels such as p2p, or multi-layered, such as dns and irc on the osi model.
7. botnets used to be a game of quantity. today, when quantity is assured, quality is becoming a high concern for botnet controllers, both in type of bot as well as in abilities.
what’s going to happen with botnets in 2007:
botnets won’t change. all will remain the same as it has been for years. awareness however, will increase making the problem appear larger and larger, perhaps approaching its real scale. the bad guys would utilize their infrastructure to get more out of the bots (quality once quantity is here) and be able to do more than just steal cash. maximizing their revenue.
further, more and more attackers unrelated to the botnet controllers will make use of already compromised systems and existing botnets to gain access to networks, to facilitate anything from corporate espionage and intelligence gathering, to shame-less and open show of strength to those who oppose them (think blue security), in the real world as well as the cyber one (which to the mob is one and the same, it’s the income that speaks).
meaning, the existing botnets infrastructure will be utilized both in an open fashion, due to the fact online miscreants (real-world mob) face virtually no risk, as well as quiet and secretive uses for third-party intelligence operations.