Spying on Botnets Becoming Harder
Robert Lemos writes on SecurityFocus:
The workings of bot nets will become more difficult to divine in the future, because the people who control the networks are moving away from using Internet relay chat (IRC) rooms to link the compromised computers together, a security researcher told attendees at the Virus Bulletin 2006 conference.More here.
José Nazario, a senior security researcher for Arbor Networks, spent more than six months delving into the chat rooms typically used by bot herders as the central command posts for their compromised networks. The research, which was part of a project dubbed "Bladerunner," used a mock bot that Nazario and an intern at Arbor coded using Perl.
The researchers found that the command and control channels are increasingly becoming encrypted and are increasing moving away from chat rooms to Web servers.