Botnet expert: Cut cash flow to cybercriminals
Published: 23 Apr 2009 09:31 BST
Technology is not enough to help the security industry keep botnets from stealing people's money and committing denial-of-service attacks, a top botnet researcher said on Wednesday. His suggestion is: stop the flow of money to their coffers.
"We need to disrupt their business model and make it hard for them to carry out their attacks and make money," Joe Stewart, a security researcher at SecureWorks, said in an interview at the RSA 2009 security conference in San Francisco.
"Right now, it's risky to surf the internet with a PC," he said. "I would like to see us return to a time when you could surf the internet and trust that your computer wasn't going to get infected."
Computers can be infected in any number of ways, but typically they get a Trojan or other malicious program downloaded onto them without the owner's knowledge, which happens either from visiting a website with malicious code on it or opening malicious attachments in email.
Once infected, depending on the attack, a computer can be controlled by remote attackers who are able to steal data or instruct the computer and other so-called zombies into sending spam or launching distributed denial-of-service attacks to shut down websites.
Researchers have focused on trying to stop attacks, but once they get a botnet operator kicked offline by shutting down its hosting provider, it is usually not long before the botnet cranks back up with its command-and-control server at a different location, he said.
For example, four months after a major botnet hoster, McColo, was shut down in November, the spam volumes were back up to normal levels.
Specifically, victims should be encouraged to seek reimbursement when they are charged for things such as purchasing software that masquerades as a legitimate antivirus program, said Stewart, who created an ingenious eye-chart program that PC users can use to test whether their computers are infected with the Conficker worm. The eye chart was needed because Conficker blocks access to security sites people would normally visit to check for infection.
The industry should also create teams of researchers that would focus on a single crime group or operation, much like police stay on the trail of a particular real-world organised crime gang until everyone is arrested, Stewart said.
The organisation would need funding, which could possibly come from the companies that seem to be impacted the most from cybercrime, such as credit-card processors, he said.
Law-enforcement efforts are thwarted because officials in other countries where cybergangs are based often cannot be convinced to co-operate, he said. Getting countries to sign a global anti-internet abuse accord would be ideal, he said.
Meanwhile, national Cert (Computer Emergency Readiness Team) organisations should be given authority to fight botnets, by ordering internet service providers to shut down hosting providers, Stewart said.
Stewart is scheduled to give a presentation on his idea during a session on Thursday at RSA and at an upcoming Interpol meeting.
Credit: Botnet expert suggests hitting cybercriminals in pocket book from CNET News
Did you find this article useful?
7 out of 7 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
