Here’s an idea for aspiring anti-botnet researchers:
Hook up with someone like the OpenBox creators or VMware and perhaps the guys at Malware Bytes. Create some Virtual Machine environments with all the security ripped out, that can be distributed with the intent of remotely (and deliberately) getting botnetted “in the wild”, but under controlled circumstances while running like one of those “@ Home” applications on volunteer systems.
One of the problems with today’s BotNet infections is the sheer size of the network they have to play with creates a security shield for the controllers.
I guess what I’m suggesting is to fight fire with fire: Virtual Machine Honey Pots (VMHPs, ‘vee-muhps’).
Don’t make it a user-interactive VM, so that it is a very controlled environment. Only run the guest operating system in “come and get me mode” for fairly short periods (half an hour to an hour). Because it’s not interactive, that limits what can go on inside, with the @ Home part of the app downloading instructions for what things to do. After it’s finished, it would switch to a scan-mode that can check for unexpected changes…
It could also help in triangulating/tracking the botnet controllers…
Recent Comments