Botmasters Fight to Regain Control of Botnets

27 December 2012

Botnets are a group of infected computers under the control of cybercriminals called botmasters. Botnets play a significant role in spam volumes, as these infected computers are often the source of unwanted emails, which impact everyone from Internet users at home to the largest corporations.

The good news is that international cooperation in policing spam, malware, child exploitation, and illegal pills has directly impacted many big botnets. The bad news is that the savviest botmasters are fighting back, attempting to reestablish control of lost botnets following a takedown. The biggest threat to botmasters is the unrecoverable loss of their botnets. Although the proliferation of botnets is slowing, McAfee Labs predicts botmasters will try to regain control by implementing fail-safes and hardwiring their botnets after a shutdown.

When the largest botnets are shut down, the next largest botnets become the new targets. Botmasters have already reacted to this activity by subdividing botnets and increasing the costs associated with activities that are easily detectable, such as distributed denial-of-service (DDoS) and spam. McAfee Labs expects that it is only a matter of time before botmasters implement fail-safes to reestablish command of a botnet that has lost all of the control servers it usually reports to.

Although, in many cases, whitehat security researchers temporarily gain control of botnets, these takeovers do not lead to new commands reaching the infected hosts. There is a massive liability issue associated with the unauthorized remote operation of systems, even with the best of intentions. Pushing new commands to an old Windows machine serving a hospital could lead to incorrect care or even the death of a patient. Botmasters will take advantage of this reluctance by the good guys to meddle by hardwiring their botnets to reestablish control after a takedown.