I read with interest this week about the attempts by Internet Systems Consortium (ISC) to take down the Coreflood botnet with the cooperation of the FBI.
I was even quoted in an article about this today in TechNewsWorld entitled “FBI May Hunt Down and Destroy Botnets in Zombie PCs”.
So what is a botnet? A botnet, short for ‘robot network’ is a collection of compromised computers, known as ‘zombie computers’ organized together on the Internet. These computers have been compromised by a worm or a virus, or by a user downloading or installing some malicious software or malware. Once the botnet software is installed, it goes underground, hiding itself from the owner of the computer, or should I say the former owner of the computer. Once a botnet has control of your computer, it can do anything it wants to including copy any of your files or documents, monitor all your Internet activity, record everything you type, turn on your microphone or webcam, etc. I don’t mean to be too melodramatic about it, but your own computer could be part of a botnet – millions and millions around the world are.
Taking down botnets takes a lot of work and effort. In this case, researchers managed to identify the command and control IP addresses and domain names that were being used to give commands to the zombie computers. They then had those IP addresses and domains disconnected and replaced with their servers.
Now, the FBI has asked the courts and received permission to send ‘stop’ commands to the zombies. Pretty amazing, stuff!
It also has more than a passing similarity to what happens in my novel Counting from Zero. In the book, security researcher Mick O’Malley discovers a huge botnet. With help from his friends, he goes about trying to shut down the botnet, and has all kinds of adventures along the way. The fictional botnet I write about is bigger than Coreflood and has an even more malicious purpose. Also, it has a much more complicated command and control infrastructure than simple IP addresses and host names. I can’t say more without spoilers… you’ll just have to read the book if you are interested.
So lets hope that this new level of effort to take down the Coreflood botnet is not an isolated incident, but the first steps in an effort to rid the Internet of this dangerous malware.