Taking Down Botnets

I read with interest this week about the attempts by Internet Systems Consortium (ISC) to take down the Coreflood botnet with the cooperation of the FBI.

I was even quoted in an article about this today in TechNewsWorld entitled “FBI May Hunt Down and Destroy Botnets in Zombie PCs”.

So what is a botnet?  A botnet, short for ‘robot network’ is a collection of compromised computers, known as ‘zombie computers’ organized together on the Internet.  These computers have been compromised by a worm or a virus, or by a user downloading or installing some malicious software or malware.  Once the botnet software is installed, it goes underground, hiding itself from the owner of the computer, or should I say the former owner of the computer.  Once a botnet has control of  your computer, it can do anything it wants to including copy any of your files or documents, monitor all your Internet activity, record everything you type, turn on your microphone or webcam, etc.  I don’t mean to be too melodramatic about it, but your own computer could be part of a botnet – millions and millions around the world are.

Taking down botnets takes a lot of work and effort.  In this case, researchers managed to identify the command and control IP addresses and domain names that were being used to give commands to the zombie computers.  They then had those IP addresses and domains disconnected and replaced with their servers.

Now, the FBI has asked the courts and received permission to send ‘stop’ commands to the zombies.  Pretty amazing, stuff!

'Counting from Zero' Book Cover

It also has more than a passing similarity to what happens in my novel Counting from Zero.  In the book, security researcher Mick O’Malley discovers a huge botnet.  With help from his friends, he goes about trying to shut down the botnet, and has all kinds of adventures along the way.  The fictional botnet I write about is bigger than Coreflood and has an even more malicious purpose.  Also, it has a much more complicated command and control infrastructure than simple IP addresses and host names.  I can’t say more without spoilers… you’ll just have to read the book if you are interested.

So lets hope that this new level of effort to take down the Coreflood botnet is not an isolated incident, but the first steps in an effort to rid the Internet of this dangerous malware.

  1. Big Bad Botnet? « Counting from Zero

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: