Botnet communications moving to Web2.0

A great find by Jose Nazario shows how botnets have moved on from relying on old-school communication schemes (usually IRC or direct HTTP connections) to utilizing the tools that Web2.0 provides.

I have been naming this development since it started being discussed in the back-channels, and predicted that these would be the next generation communication methods as they provide not only another layer of separation (anonymity) between the botnet manager and the controlled bots/trojans, but also a layer of scalability to the control scheme.

You can check out the last time I discussed this on my DefCon presentation slides which should be uploaded to the DefCon site soon. In the meantime here is an older presentation (at least 10 months old) where the same subject is being demonstrated (slides 31-32):
Behind the Scenes of E Crime July09

Basically, the Twitter messages are encrypted codes being sent between the command and control and the controlled bots, which is very close to the “homework” I mentioned at the end of my DefCon talk – encouraging researchers to look for “garbage” data on blogs and Web2.0 services which are actually encrypted data being passed over a public medium.

I guess that that’s one more issue to deal with when trying to deal with the growing threat of eCrime and cyberwarfare.

2 thoughts on “Botnet communications moving to Web2.0

  1. Your blog keeps getting better and better! You have a lot of creativity and originality, keep it up!

Leave a Reply