About Me

Allysa Myers

Allysa Myers

Read More

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

Botnets Jump the Shark

Monday, December 17, 2007 at 4:29pm by Allysa Myers
Allysa Myers

Once upon a time, a “botnet” was a network of infected computers controlled from a central command and control (C&C) channel. This was a very clear, simple definition.

Cut to early 2007, after the release of Nuwar, a.k.a. the Storm Worm. Suddenly the term botnet had to account for things that were not controlled by a central C&C but managed by a hydra-headed control network. There was no longer a single head to be cut off to kill a botnet; now a network had several heads, which could be replaced as quickly as one was removed. The definition of botnet broadened to describe only the network of infected computers, exclusive of having a central C&C.

Now the term has broadened again, to include any functionality used by a botnet, including things such as password stealing and sending phishing emails or spam. The FBI warns that botnets “threaten online-shopper security,” but it seems to me they’re really warning against an increase in the prevalence and sophistication of Internet crime that is facilitated by botnets.

So I direct this discussion to you, dear reader: Has the definition of botnet become so watered down that it loses any meaning? If so, do we need to find some new term to replace what used to specify a distinct group of malware? Or do we need to broaden our warnings to include all crimeware–including botnets, password stealers, remote-access Trojans, phishing, and spam?

Bookmark and Share

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (3)

  • Allysa Myers December 19, 2007 12:16PM

    At this point there really is no one culprit to tell people to be on the lookout for. That used to be the case, certainly. But now malware variants are coming at such a rapid pace, we can’t say “look out for the guy in the red hoodie with a large gun” because they’ll miss the guy in the blue t-shirt with a grenade or the gal in the green sweater with a cannon.

    Reply
  • asdf December 18, 2007 7:34AM

    If you broaden your warnings to include all manners of “crimeware”, you turn into Chicken Little and lose the ability to educate people on what the risks really are. Botnet as a term, is sufficient when describing a network of machines acting as one network – regardless of the threat posed as those threats will ever evolve.

    Think about it. When a physical crime occurs and the perpetrator is still on the lose, the news doesn’t report, “Folks, you’ll need to be on the lookout for a bad guy as we just had reports of a crime”. The warnings need to be contextualized.

    In the example of the news alert above, it would be more appropriate (and is vetted through experience by flipping on your local news broadcast) to issue a warning such as, “A home invasion robbery occured in Mytown, USA and the gunman is still on the lose. He is described as a 5’4″ Hispanic wearing blue jeans and a gray hoody. If you see him, call 911″.

    Lets not reinvent the wheel here.

    Reply
  • James December 18, 2007 1:41AM

    The FBI is like an onion, loads of external flesh and a small strong core. The public face is the outer skin and must present what the public expect to hear and take the bruises. I’d not expect 100% terminology correctness 100% of the time from the public face.

    Botnets acting as web servers and drop zones is probably beyond their scope for instance.

    Reply