It's botnet shutdown season

Lately it seems to be botnet-takedown season. For one, Microsoft went the legal route and ask a judge permission to reroute domain name servers related to the Waledac botnet in order to shut it down permanently. Actually, the process is more complicated than that but the domain server procedure was the only non-technical issue that needed external approval.

Then, Panda announced that after a few months of investigation, they provided enough data to the police so they could apprehend three criminals behind a huge botnet managed from Spain. Second takedown of the month and a pretty big one at about 13 million bots involved.

Lately, a few industry researchers followed quite a few Zeus Command and Control servers to a single provider and managed to cut their internet connection, therefore stopping those botnets from working at all. After a few reconnections and counter-attacks by the provider, apparently it's shutting down for good. Third take-down of the month!

These three stories have a single enemy in common: botnets. They have quickly become the biggest enemy of the computer user, but that's not new. What's more recent is the fact that they have become so popular among criminals as a quick way of making money that the criminal underground is steaming with new tools to create and maintain botnets for profit. This "new" software category has become a market that criminals are exploiting to trade with other criminals. Of course there's also fraud in there but who are you going to complain if a fellow criminal scammed you? There are figures like the garant who can verify if the seller is legit. It's some sort of escrow system where some trusted people check the product before the transaction goes through. It's like a real market where malware weapons are being exchanged for money.

Botnet-DIY Kits like Zeus are being sold by thousands of dollars. Piracy is so rampant that the Zeus author has put anti-piracy measures in place. Now, there are some other groups that regularly crack those protections and sell pirated versions of the kit for a lower price. Honor among pirates is a thing of the past and the poor user is the one who will suffer.

The only hope we have is to keep hammering C&C centers, disconnecting them from the internet until they all get the message that letting criminals establish botnets is as bad as being accomplices of the criminal act. This is the only way of getting rid of "bulletproof" hosting providers that ignore abuse complaints and are uncooperative with the police. I hope we keep taking botnets down... it's been a good month.