Botnet Sniffing by Traffic Analysis

Posted by Keith McMillan

February 20, 2008 | Leave a Comment

Botnets, those pernicious threats to internet life, liberty and pursuit of happiness, may have a new enemy. Researchers at the Georgia Tech are using traffic analysis of IRC and HTTP to try to identify botnets in the wild. The theory is that botnets need to communicate with their command and control infrastructure, and that they tend to look like, well botnets rather than people when they do so.

While my description above is a bit tongue-in-cheek, botnets are really a serious threat. There are estimates that they contribute up to 80% of spam email, and they’re regularly used in denial of service attacks like the one we see ongoing right now with  WordPress.com blogs. They’re particularly difficult to identify, track, and combat, and there are documented instances of hundreds of thousands and over a million botnet zombie computers under the control of a single individual.

While it’s too early to tell if this new approach will help significantly in the fight, any means we have to help combat botnets are welcome at the party.

[Georgia Tech via Ars Technica]


RSS feed | Trackback URI

Comments »

No comments yet.

Name (required)
E-mail (required - never shown publicly)
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> in your comment.