Tech Support Forum banner
Status
Not open for further replies.
1 - 1 of 1 Posts

·
Premium Member
Joined
·
39,538 Posts
Discussion Starter · #1 ·
The world is not only losing the war against spam, the situation might be about to get a whole lot worse with the emergence of a new type of automatic botnet able to thrive without direct human control, Symantec's MessageLabs division has warned.

Ironically, according to the company's 2009 Security Report, the emergence of what might be termed the ‘autobot' has been driven by attempts to tackle the current generation of botnets by shuttering ISPs associated with the global flow of spam.

The best example of that was the closing of ISP-gone-bad, McColo, towards the end of 2008, which dramatically and instantly reduced spam levels in a way that nobody thought was possible. During 2009, further ISPs have been shut, including Real Host last summer, but the effect has been much less pronounced.

MessageLabs reckons this is a sign that today's botnets have been modified to more quickly adapt to the loss of a particular nodes, transferring traffic through different channels in a matter of days or even hours. The speed of response necessary requires self-healing behaviour, including the use of encrypted channels for control based on P2P principles.

"You don't have to have a person looking after it, the botnets can now look after themselves," says MessageLabs' Paul Wood, who notes that the McColo shutdown had affected spam levels for up to seven weeks, a hiatus that would be extremely unlikely now.

Woods predicts that during the coming year, botnets will migrate to a design based on "inbuilt self-sufficient code" able to adapt to anti-botnet activities and so improve their survival chances. The company has detected 5 million PCs that are now working on behalf of the botnets.

Elsewhere in the spam ecosystem, 2009 has seen defences such as CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) being eroded to the point of near uselessness. Previosuly considered a way of foiling the mass creation of email account to channel spam and get around reputation services based on trusting a whitelist of domains, CAPTCHA was now being defeated by individuals in sweat shops paid small sums to manually create accounts.


http://news.techworld.com/security/3208358/report-predicts-rise-of-self-defending-botnets/?olo=rss
 
1 - 1 of 1 Posts
Status
Not open for further replies.
Top