Up next: Cellular botnets, cyber militias
- — 20 October, 2008 08:30
Tools are already available for crafting exploits for the iPhone, said Tom Cross, a security researcher with IBM's Internet Security Systems, X-Force security team and a contributor to the GTISC report. It's just a matter of time before the same kinds of tools become available for every major mobile phone platform, he said. The only reason it hasn't happened already is because mobile phones are not viewed as being especially attractive targets by malicious attackers, he said.
One of the big questions that needs to be answered before the attacks start is who should be responsible for addressing the issue -- the users, with potentially battery-draining third-party fixes, device manufacturers or the service providers, Cross said. "We think that the impact that botnets of infected smart devices will have on the performance and reliability of telecommunications networks will affect the decision-making process," he said.
Smarter 'headless' botnets
Botnets, which are large clusters of compromised computers that can be controlled centrally from a remote location, have become the delivery mechanism of choice for cybercrooks that want to distribute spam and other sorts of malicious code. Though such networks have been very efficient at distributing malware they have become relative easy to neutralize by tracking and taking down the command and control servers that control them.
"Bot masters have been relatively stupid so far," said Mustaque Ahamad, director of the GTISC. "There are a variety of interesting ways to detect bot activities fairly quickly," he said. That's already changing, however, as cybercriminals put more effort into hiding bot activity by, among other things, disguising bot traffic as normal traffic, he said.
Another technique gaining favor in the botnet world is the use of so-called fast-flux networks, said Jon Ramsey, chief technology officer at security vendor SecureWorks and also a report contributor. Such networks allow compromised systems in a botnet to be controlled by multiple command and control servers instead of just one system as is the case today. These "headless" botnets are going to be a lot harder to shut down than today's typical hierarchical models, Ramsey predicted.