Experts: Botnets add fault tolerance

Networks of zombie computers sport fault-tolerant architectures to withstand takedown attempts

Security experts contend that a growing number of operators of compromised computer networks (or "botnets") are finding new ways to grow their networks and make them immune to potential shut downs, including sophisticated fault tolerance planning to help ensure that their networks can't be easily wiped out.

As security companies and enterprise customers have gotten better at rooting out hijacked computers, the most savvy and advanced botnet herders have been busy growing and diversifying their operations. Today, those botnet operators are fighting back against takedown attempts using everything from multiple command-and-control centers to moving to peer-to-peer style botnet attacks, said Doug Camplejohn, chief executive of gateway security appliance maker Mi5 Networks.

"We're definitely seeing a degree of fault tolerance built into the most sophisticated botnets, these operators have too much time and effort invested in their networks to let someone take it down all at once; they've tried to make it such that if you cut off one command center, they can simply take control from another," Camplejohn said.

Using a new botnet monitoring tool, Mi5 found that roughly 25 percent of the networks of infected machines it has unearthed use some form of distributed control system.

For example, in order to prevent security researchers and anti-virus applications from detecting their presence, botnet operators are moving rapidly between different banks of infected machines and leveraging programs that lie dormant for longer periods of time to evade behavior monitoring tools.

"We see a lot more of these botnet programs that sit unused for a long period of time to stay hidden until someone wants to use them," Camplejohn said. "They're using every port they can to try to hide any communications taking place with outside command centers, and the communications themselves are cloaked or encrypted to hide their contents from filters."

Cutting-edge botnet attackers are also moving rapidly to adopt a peer-to-peer model for spreading their code that eliminates large central command-and-control centers that are more easily found and more expensive to maintain, according to other botnet trackers.

While most of today's botnets still use a hierarchical design, an increasing number of the systems have smaller, more distributed controllers, said Guillaume Lovet, manager of the EMEA threat response team at security appliance maker Fortinet, also based in Sunnyvale.

By using the peer-to-peer method of control, versus a centralized approach, the expert said the zombie networks are getting harder to nail down all the time.

"Over the last six months, we've entered the second phase of the botnet era, especially with these P2P botnets, where you'd essentially have to shut down every single node in the network to stop it completely, and there might be tens of thousands of infected machines," Lovet said.

Operators rapidly create botnets to fulfill specific duties such as seeding spam campaigns, funneling adware impressions or distributing malware, then move on to new sets of computers. That makes it harder to detect their presence at any time other than when they are actively using their hijacked PCs, Lovet contends.

"This type of attack is truly hard to stop as it moves along so quickly," he said. "If you have a botnet of ten thousand machines you can make a lot of money quickly, wipe it clean, and then move on to the next set. People are already doing this to generate regular income and they're making the systems robust as well as profitable."

Many of the activities carried out by the infected systems are likely the result of botnet rentals by other cyber-criminals, he said.

Lovet said he expects P2P botnets to become the predominant model over the next several years.

As they make their botnets more resilient to attacks, online criminals are also developing enterprising new ways to keep them healthy and growing, according to a recently-published research paper titled "Combating the Botnet Scourge."

In the study, a team of graduate students at Ohio State University concluded that P2P botnet operators are already using online multimedia formats -- specifically adult video-sharing sites -- to further increase the size of their zombie networks. As botnets adopt the rapid propagation mechanisms more commonly associated with malware programs such as worm viruses, the threats will become faster moving and may be harder to trace, the researchers said.

Incidents such as the denial-of-service attacks that took down anti-spamming service Blue Frog in mid-2006 illustrate just how large and powerful botnets can become when operators truly flex their hijacked computing muscle, said Adam Champion, one of the authors of the OSU paper.

"I'm not sure how this problem can be solved easily," he told InfoWorld. "The people who run these networks aren't stupid and they will continue to keep their identity cloaked...In the end not much will change unless popular operating system software becomes fundamentally more secure."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

InfoWorld
Show Comments

Father’s Day Gift Guide

Brand Post

Bitdefender 2019

Bitdefender’s best-in-class security solutions have been awarded Product of the Year. Get cybersecurity that 500 MILLION users already have and trust!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?