Skype to control botnets?!

Thursday, January 26, 2006

Skype to control botnets?!

I just read an article from CNET on how "Skype could provide botnet controls", with which I totally disagree. Skype and VoIP communications can actually provide botner herders with the opportunity to communicate, compared to acting as a platform for malicious attacks.

And old fashioned DDoS attacks the way we know them work damn well as a concept. Years ago, quite some :) linux boxes worming was on the rise the Honeynet Project was conducting outstanding research to build awareness on this fact. These days, with the penetration of broadband, and the thousands of users with ISP like bandwidth make the need to look for bandwidht irrelevant. Instead of breaching into core routers and looking for bandwidth, that DDoS attack power is gathered through the collective breaching of thousands of hundreds unprotected, unaware or naive end users.

Botnet communications are evolving each time a new disrupting technology pops up, on the other hand, botnet herders are having trouble in finding out the exact number of their botnet due to lack of server capacity, and as I've once mentioned in my Malware - future trends research, encryption seems to be the logical move.

And the trade off would eventually be the delays of communication given the size of the botnet and the encryption approaches of course. Bots that lack the weakness of idleness on public IRC servers are already "talking" and trying to act as legit as possible, my point is that the bigger a botnet gets, the harder is to maintain it, that's logical, and it's good news for everyone, until someone standardize a possible communication protocol.

Scary thoughts, but a simple botnet/malware communication protocol could for instance cause a lot of troubles for everyone. Is centralization of botnets a good thing for the industry in respect to tracking them, and how would things evolve? Skype is totally out of the question from my point of view, or is it not?

Some nice insights on botnet communications can be found at :
The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets

Technorati tags :
security,information security,malware,botnets,skype

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com