13:19 The future of botnets or thinking about what we can not wait | |
| Pursuing concurrently with his main work on virus activity, have definite ideas about what we can expect in the near future against botnets (spam, DoS, etc.). They will discuss possible methods of control botnets. Analyzing the latest management techniques botnets can be seen that the emphasis is on DNS. That is, to determine the management server uses specific names registered domains that define the server address (data is based on an analysis of different versions of the virus Kido). This method is no longer effective, because judging by the latest version Kido, the virus generates a special way prepared dns names in the amount of 50,000 pieces daily. Naturally, this method will lead to an increase in DNS traffic, and more easily detectable virusovannoy machines, as well as rapid isolation of the machine to block access to the management server. Everyone knows that the main way of interacting with machines virusovannoy center botnet is a p2p, in some cases it can be ssh or http. The main problem of p2p is that it very easily filtered simple set of rules blocking udp packets and tcp packets outside the allowed range. SSH is not always open the locks out and http / https is very easy to be caught through a proxy server and thus very easily detected control center. Presumably the next step Development control botnets will be profound use of social networking. Most social networking sites (private, public blogs, dating sites, classmates, etc.) provide services that could easily be used to provide hidden botnets interaction with each other. sufficiently bright example of this is twitter . you are registering dozens of names for a given algorithm is not spending money and hardware resources for domain name registration and service dns services. Then simply updates the status on this site you indicate an encrypted address management server or management directives botnet (from that take and what to bring). Because social networks have huge traffic, it is very difficult to control in terms of creating and registering new users or communities. captcha and other protection registration cost by bringing human resources to pay ( of the Internet is already enough). day registration may be several thousand, to update the status already has its own protocols and programs from which these protocols can be otreversit. The result is a flexible system to control the botnet, which is secured by virtually all parties to service the company provides an action this service. Earlier, a popular method for controlling a botnet irc may well be escalated to the use of Jabber as a transport manager. Jabber allows you to encrypt information from the sender to the recipient, and has a pretty strong defense against external intrusion in the form of a normal system authorization interlocutors. T. Fr. managing server becomes virtually invulnerable in terms of invasion of antivirus companies to intercept control. At the moment there are plenty of gateways to work through the Jabber web, it greatly simplifies the task of getting control when filtering ports Jabber service. "Why Jabber?» - You ask. It's very simple. Jabber is gaining momentum, it is open, easy to implement on the client side (xml) and has strong support from the relatively large services such as: Google, Yandex, Livejournal, Mail.ru and others. This information is provided in the form of attempts to show the opposite side of the coin of the modern infrastructure, and inappropriate use of popular services. I have just described here, only 2 versions of misuse of services, but these options tens if not hundreds, including the head in the implementation those or other mechanisms to protect and rastrostraneniya can be incredible and limitless possibilities. | |
|
| |
| Total comments: 0 | |