Increasing Botnet Network Pushing Researchers to Take Offensive Approach

As per the news reports released in the second week of January, a botnet was blocked when researchers worked in collaboration with Internet Security Protocols (ISPs) to cut communications to the Lethic spamming botnet, reported darkREADING on January 11, 2010.

Rodel Mendrez, threat analyst with M86 Security, said in a blog posted January 7 that when the botnet was shutdown, the researchers were not sure about the actual size of the Lethic botnet, as per the news published by securecomputing.net.au on January 13, 2010. But as the botnet is at present responsible for nearly 8-10% of spam in the firm's trap, it is figured out by M86 as a sizeable botnet.

He added that majority of command and control (C&C) servers of this botnet are hosted by a Chicago-based ISP.
M86 Security also estimated that after Rustock (32.8%), Mega-D (21.6%) and Bobax (12.1%), Lethic was the fourth most common botnet. The Bagle 2 botnet was accountable for only around 1.9% of spam distributed.

Jose Nazario, security research manager at Arbor Networks, said that there's yet another medium-sized spamming botnet out in the cyber world, sending pharmacy and pill spam, reported ARBOR NETWORKS in the first week of December 2009.

Paul Wood, MessageLabs Intelligence senior analyst at Symantec, also gave his views on Lethic's development and activity. He said that this botnet has been under observance by Symantec Hosted Services since December 31, 2009. The botnet was responsible for 2.5% of total spam volume during the month, reported SCMAGAZINE on January 11, 2010.

Apart from the shutdown of Lethic botnet, FireEye's security experts helped in taking down the MegaD botnet in November 2009. In May 2009, researchers from the University of California at Santa Barbara (USA) revealed how they had adopted an offensive approach by infiltrating Torpig botnet. This was very bold and controversial step taken by the researchers, which gave rise to debate as to what extents the researchers must go to shut down a botnet.

Such an act of shutting down Lethic botnet clearly illustrates the increasing extent of botnet chasers going offensive to stop cyber crooks, primarily by damaging their precious bot infrastructures.

Related article: Increasing Security Breaches in Canada Causing Loss of $637,000 a year

» SPAMfighter News - 1/23/2010