Monday, December 28, 2009

Good Guys Bring Down the Mega-D Botnet

Chalk up one for the defenders. Here’s how a trio of security researchers used a three-step attack to defeat a 250,000-pronged botnet.

For two years as a researcher with security company FireEye, Atif Mushtaq worked to keep Mega-D bot malware from infecting clients' networks. In the process, he learned how its controllers operated it. Last June, he began publishing his findings online. In November, he suddenly switched from de­­fense to offense. And Mega-D--a powerful, resilient botnet that had forced 250,000 PCs to do its bidding--went down.

Targeting Controllers

Mushtaq and two FireEye colleagues went after Mega-D's command infrastructure. A botnet's first wave of attack uses e-mail attachments, Web-based offensives, and other distribution methods to infect huge numbers of PCs with malicious bot programs.

The bots receive marching orders from online command and control (C&C) servers, but those servers are the botnet's Achilles' heel: Isolate them, and the undirected bots will sit idle. Mega-D's controllers used a far-flung array of C&C servers, however, and every bot in its army had been assigned a list of additional destinations to try if it couldn't reach its primary command server. So taking down Mega-D would require a carefully coordinated attack. pcworld

No comments:

Post a Comment