Botnet Beaten, But Now What?
eWeek (05/05/08) Vol. 25, No. 14, P. 13; Naraine, Ryan
TippingPoint Digital Vaccine Laboratories software security researchers Cody Pierce and Pedram Amini have devised a way to crack into the Kraken botnet by reverse-engineering the encryption routines and working out the communication structure between the botnet owner and the commandeered computers. "We basically have the ability to create a fake Kraken server capable of overtaking a redirected zombie," Pierce says. However, this breakthrough places TippingPoint in the middle of an ethical dilemma concerning whether compromised computers employed in denial-of-service attacks and spam runs should be purged without the permission of the systems' owners. Amini advocates this practice as a tool for impeding the botnet epidemic, arguing that "we never hear from the infected system again and neither can the actual botnet owner's command-and-control servers." Pierce agrees with Amini's argument, and supports an industry-wide dialogue on more proactive, vigilante-style anti-botnet tactics. Opposed is TippingPoint director of security research David Endler, who entertains the possibility that system cleansing without consent could endanger the operations of end-user systems with critical functions, such as life support. He notes that the issue of liability is one reason why TippingPoint decided not to modify an infected computer within the botnet.
Click Here to View Full Article
No comments:
Post a Comment