• On TechRepublic: Five super-secret features in Windows 7
advertisementGet Smart about Business Spending
October 8, 2008 4:28 PM PDT

How botnets use 'bullet-proof' domains

by Robert Vamosi
  • Font size
  • Print
  • 4 comments

Botnets are proving to more resilient and harder to shut down.

That's largely due to an increased use of methods people use to obscure the domain by constantly mapping to different bots within the network, according to a recently released study (PDF).

The study's authors, Jose Nazario of Arbor Networks and Thorsten Holz of the University of Mannheim, tracked the traffic of 900 fast-flux domain names used by botnets within the first six months of 2008. "Fast-flux" is a term to describe how the botnets use constant changes in the mapping of the hard-coded domain name to different bots within the network. This makes it difficult for law enforcement to identify the main server and shut it down. It also adds a layer of anonymity to those operating the botnet, since the infected computers used can be located worldwide.

The study found that fast-flux botnets were often active for a few hours to a few months. The domains that were used were registered, but sometimes laid dormant for several months. Online fraud and crime most associated with these botnets included phishing sites, pharmacy sites, and malware distribution sites.

The authors also found some botnets to be "promiscuous," harboring hundreds of domain names associated with them.

The information in the report has been shared previously with industry groups such as Forum for Incident Response and Security Teams and Internet Corporation for Assigned Names and Numbers (ICANN). This is the study's first public availability, and it was released to coincide with Malware 2008, which is being held Tuesday and Wednesday in Alexandria, Va.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

News

Tags:

security,

Jose Nazario,

Arbor Networks,

Thorsten Holz,

University of Mannheim,

Fast-flux,

botnets,

domain,

phishing,

pharmacy,

malware,

Malware 2008

Share:
Digg
Del.icio.us
Reddit
advertisement
Click here!
Recent posts from Security
Microsoft patching zero-day Windows 7 SMB hole
RSA reveals details behind re-shipping scam
Expert says Adobe Flash policy is risky
Apple updates Safari for security
Microsoft probing Windows 7 zero-day hole
Security considerations for virtual environments
Eastern Europeans charged in payment processor hack
A child porn-planting virus: Threat or bad defense?
Related
Phishing, worms spike this year, say Microsoft and McAfee
A child porn-planting virus: Threat or bad defense?
Bank Trojan botnet targets Facebook users
Microsoft patching zero-day Windows 7 SMB hole
Corporate bank accounts targeted in online fraud
Windows 7 default user account control worries experts
Spammy scams surfacing on Twitter, Facebook
Week in review: Motorola, Verizon ready the Droid
Add a Comment (Log in or register) (4 Comments)
  • prev
  • 1
  • next
by CmdrRickHunter October 8, 2008 5:02 PM PDT
Botnets are an organic force. You can't use the rock moving tools to move insects off your crops; you can't use static tools to attack organic botnets. In fact, the harder we push, the smarter bot nets become. See Storm's attacks on hosts who were known botnet fighers, DDOSing their servers and uplinks. Even worse, these are organic systems which have truly briliant minds behind them.
Reply to this comment
by Lerianis October 8, 2008 5:50 PM PDT
Yeah, and the thing I don't understand is why these 'brilliant minds' are not putting their intelligence to good use, that would get them more money than a botnet ever would.... oh, I know: because the criminals who are ALREADY in the businesses these people want to break into would try to say that their new inventions are covered by their patents and litigate them into submission.
by n3td3v October 8, 2008 6:03 PM PDT
anti-virus security professionals by day, bot net criminals by night.
Reply to this comment
by spicyloogie October 8, 2008 11:13 PM PDT
Yup, its going to be hell of a fight. Bots are now willing victims that uses those "designer o.s." like windows black edition that they give away with lots of free stuff in it. That black 8th edition doesnt even try to hide whats in it. You can planely see in the registry whats really up.
Reply to this comment
(4 Comments)
  • prev
  • 1
  • next
advertisement

A CNET Conversation with Eric Schmidt

CNET's Tom Krazit and Molly Wood sit down with Google CEO Eric Schmidt to discuss the future of Android, the Chrome OS, the problem of real-time search indexing, and more.

Verizon tests sending RIAA copyright notices

The No. 2 phone company, known for its reluctance to intervene in antipiracy cases, strikes an agreement to forward copyright notices on behalf of the music industry.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET