11. February 2012 · Comments Off on You Can Never Really Get Rid of Botnets · Categories: blog · Tags: , , , , ,

You Can Never Really Get Rid of Botnets.

Gunter Ollmann, the Vice President of Research at Damballa, provides insight into botnets in general and specifically into the Kelihos botnet takedown.

What is lost in these disclosures is an appreciation of number of people and breadth of talent that is needed to build and operate a profitable criminal botnet business.  Piatti and the dotFREE Group were embroiled in the complaint because they inadvertently provisioned the DNS with which the botnet was dependent upon. Other external observers and analysts of the Kelihos botnet believe it to be a relative of the much bigger and more damaging Waledac botnet, going as far as naming a Peter Severa as the mastermind between both botnets.

Botnets are a business. Like any successful business they have their own equivalents of financiers, architects, construction workers and even routes to market.

Past attempts to takedown botnets have focused on shutting down the servers that command the infected zombie computers. Given the agile nature of modern botnet design, the vast majority of attempts have failed. Microsoft’s pursuit of the human operators behind botnets such as Kelihos and Waledac are widely seen as the most viable technique for permanently shutting them down. But, even then, there are problems that still need to be addressed.

While taking down botnet servers is a worthy activity for companies like Microsoft, enterprises still must deal with finding and remediating compromised endpoints.