Spying on bot nets becoming harder

The workings of bot nets will become more difficult to divine in the future, because the people who control the networks are moving away from using Internet relay chat (IRC) rooms to link the compromised computers together, a security researcher told attendees at the Virus Bulletin 2006 conference.

Josť Nazario, a senior security researcher for Arbor Networks, spent more than six months delving into the chat rooms typically used by bot herders as the central command posts for their compromised networks. The research, which was part of a project dubbed "Bladerunner," used a mock bot that Nazario and an intern at Arbor coded using Python.

The researchers found that the command and control channels are increasingly becoming encrypted and are increasing moving away from chat rooms to Web servers. Spying on bot nets becoming harder

Linked by shanmuga Friday, 13th October 2006 11:47PM