Botnet Analytics Blog

Blogging the Science of Botnet Analysis

Busting Botnet-Herders – Behind the Scenes

March 16th, 2010

We have been observing that “busting botnet-herders” is really happening these days starting with the past few incidents, although we need to think about the big picture & behind the scenes. These are the questions that arise after we see such incidents:

  • Are these guys [who get arrested] the real guys behind the scene? Or are these guys Public Representatives for those botnets?
  • What are the botnet-herders doing next, to prevent from being caught?
  • There is an interference/intersection between underground & intelligence groups. How do the intelligence agencies deal with such issues?
  • Technology wise, how are they modifying the following to stay current in evasion techniques:
    • Payloads
    • Propagation
    • Algorithm
    • Implementation
    • DDNS
    • and other stuff
    • The so called “Top botnets” takes the best from each botnet and implements them. Does this make it complicated to detect & prevent it from happening?
    • Antivirus Engines or Security tools can detect only on “Infection Vector” to begin with. Some AV’s quarantine them and some don’t, but later it might catch on Botnet Activity to known hostile IPs or domains. Does this mean that:
      • the users should reimage the host[industry best standards], as soon as they see traffic to possible hostile IPs?
      • the users should consider any Trojan or Backdoor activity as possible botnet command & control activity, as it could possibly lead to them?
      • the users should reimage the host for every malware triggered on the host?
    • Botnet herders code their botnets to spread through the following vectors. Does this help them in expand their zombie networks really fast?
      • Phished websites
      • Malware sites
      • Hosed Webservers
      • DNS Poisoning
      • Client-side attacks
    • What could the next generation botnets do?
    • Is commercializing of botnets anticipated? If the answer is “Yes”, does law enforcement have any response to it.
    • Do the courts all around the world realize that they should modify/work on their law to ensure that these botnet herders get punished, no matter what part of the world they are residing in. Classic example is, “Mariposa” botnet guys were arrested at Spain, even though Spain is lenient in various other aspects of infoSec.
    • Will the  botnet herders mix botnets with real world issues like how phishing guys do:
      • SEO Poisoning
      • Deceptive linking
      • Pharming
      • and other techniques

    Hope this helped in opening your eyes to think more into botnets & its herders. Thank you for choosing Botnet Analytics!

    Posted in Uncategorized

    One Response to “Busting Botnet-Herders – Behind the Scenes”


    1. Busting Botnet-Herders – Behind the Scenes | SSTeam – Security Scene Team

      [...] source : http://botnet.kaffenews.com/?p=225 [...]

      March 19th, 2010 at 6:22 pm

    Leave a Reply