Tracing Botnets Becoming More Difficult

According to computer scientists, honeypot traps that are set up to safeguard PCs off botnets' clutches can now be attacked due to sophistications in botnet programs. Botnets are utilized for executing spurious and criminal operations online.

Reportedly, the leaders of the computer scientists' team are University of Florida's Cliff Zou and colleagues.

Their research indicates that online crooks manage to find out the PCs inside the botnets that are unable to follow commands like pushing out spam. Subsequently, on discovering a honeypot, these crooks configure the command-and-control server such that the honeypot systems are eluded or disabled, preventing researchers to access crucial data.

Said Zou that security researchers still considerably found it valuable to research and install honeypots. According to him, the current paper would likely reiterate to honeypot researchers how significant it was to study the methods for constructing clandestine honeypots as also the security impediments involved in their installation. However, it shouldn't be still as simple to spot honeypots, as they were currently, the scientists noted. The New Internet reported this on March 3, 2010.

In the meantime, according to anti-virus and other security companies, they are already dealing with the problem.

Technical Director Luis Corrons of PandaLabs at Panda Security the Spanish anti-virus company elucidated that while researchers should necessarily filter all e-mail traffic produced from the honeypot's bot, they could filter to choose that which they would and wouldn't allow passage. For instance, in case the bot-controller told the bot that it must distribute spam, researchers could allow the instruction to come to the bot along with even allowing it to dispatch the spam, however, diverting the messages via a proxy so that they didn't go to any victim. TheRegister reported this on March 2, 2010.

In another suggestion, CTO Amichai Shulman at Imperva the database security company said that instead of following infected systems' activities, cyber-criminals could try detecting virtual PCs. Honeypot systems mostly relied on virtualization environments, usually VMWare. If malware developers could recognize that attribute pertaining to the contaminated environment, they might effectively spot a lot of honeypots in existence, Shulman pointed out. TheRegister reported this.

Related article: Trojans to Target VoIP in 2006

» SPAMfighter News - 3/11/2010