Untying the Bot Knot

You've heard the horror stories of botnet armies recruiting machines by the tens of thousands to help them spread spam and malware and commit crime. But what if your desktop computer, or your corporate user's machine, is living a dual life as a bot? And how can you tell?

It isn't easy to detect whether your machine has been "zombified," especially with botnet operators working harder to camouflage their activity via different command and control channels.

"It's never been easy to detect if you're infected with a bot, and it's getting harder and harder," says Johannes Ullrich, chief technology officer for defense at SANS Internet Storm Center. "A lot of bots are being used against smaller groups -- they may be attacking a university, for instance. And a lot of these never make it into antivirus signatures because they are not [widespread] enough and keep changing all the time." Dark Reading - Application and Perimeter Security - Untying the Bot Knot - Security News Analysis

Linked by shanmuga Wednesday, 10th January 2007 10:13PM