BOTNET. The name sounds as if it belongs in a Sci Fi flick, in which it’s used to describe a robotic zombie army up to no good; bent on committing general mayhem.
Take the Sci Fi movie out of the equation and you’ve got the right idea. A botnet is a zombie army; but an army of individually owned, Internet connected computers, surreptitiously controlled by a so called “command and control center” – read, the “Bad Guys”.
Unknown to the owner of these individual computers, his or her machine is acting as a source of transmission, a relay point if you like, spreading spam, and in some cases infectious malware, including ads pushers, rogue AV installers, data stealers, and web search hijackers, to other Internet users’. Most of the spam you receive on a daily basis, for example, is a product of these zombies; both large (in some cases very large), and small.
It’s not surprising then, that various groups, or individual companies, within the Internet security community, monitor the formation and demise of botnets and wherever possible, attempt to take them down.
The following email I received from Symantec’s MessageLabs Intelligence, which I’d like to share with you, indicates the great efforts Internet security organizations make, in attempting to keep the Internet safe for all users.
Email from MessageLabs Intelligence:
Researchers at the Fireeye intelligence lab recently decided to attempt to take down the Mega-D botnet after doing detailed analysis of its inner workings. It seems their actions have been very successful indeed, as our monitoring shows a huge decline in this previously prolific botnet’s activity.
Mega-D was the botnet that took the biggest advantage of the takedown of the McColo ISP in November 2008, becoming the biggest of all the spam botnets. Since then, others (such as Rustock, Bagle, Grum, and Cutwail) have gained strength, but Mega-D has consistently been in the top 10 spam bots. Or at least it was, until the 4th of November, when it was hit, and hit hard.
This shows the number of unique IP’s seen on our systems on a daily basis for the Mega-D botnet. Normally between 600 and 1600 IP’s are seen each day, but you can see quite clearly that after the 4th that it plummeted down to less than 50.
It is unlikely that the botnet will ever be completely wiped out, but the efforts of the Fireeye team have crippled Mega-D to the point where it will be a long time (if indeed, ever) before it is able to regain its former standing.
To see the original news posting on MessageLabs Intelligence Blog, please follow this link.
If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.