Over the weekend Stuart Hicks emailed the OSI about an odd statement made by McAfee in its white paper on botnets [PDF]:
Taking the bot controller ofﬂine may kill a botnet. As a result, many bots use a Dynamic Domain Name System (DDNS) or have a list of backup IP addresses to survive such an event. Bot technology is rapidly evolving, often aided and abetted, unfortunately, by the open-source movement. [Emphasis mine.]
Huh? No justification is made for this statement. No follow-on, explanatory comments are made.
Someone at McAfee thinks that the correlation between botnets and open source is clear, but I am struggling to grasp any connection between the two. Perhaps this is just one more example of McAfee's dubious grasp on reality when it comes to open source. Remember its statement that open-source licensing is a threat to its business?
Consider the definition of a botnet:
While the term "botnet" can be used to refer to any group of bots, such as IRC bots, the word is generally used to refer to a collection of compromised computers (called zombie computers) running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure. The majority of these computers are running Microsoft Windows operating systems, but other operating systems can be affected. A botnet's originator (aka "bot herder") can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes.
See any open source in there? I suppose it's possible that the programs used to manage the zombies could be open source, but the zombies themselves are generally Windows computers. Apparently open-source Linux is more impervious to bot attacks. Or maybe its users are simply not as gullible. Or something.
Regardless, McAfee needs to come clean and own up to its ignorance on open source. It's starting to look ridiculous. Too bad it can't keep that proprietary. No one likes to see their ignorance open sourced.