Two steps forward, one step back – controling botnets…

Just stumbled across this: http://www.symantec.com/connect/blogs/google-groups-trojan – basically, botnets are utilizing Google groups (could have been any other mailing list system for the sake of argument) to communicate between the bots (trojans) and their command and control centers.

Funny how technology sometimes is way simpler than you imagine it would be. As per the new twitter based botnet channels, and the fancy web2.0 communications that are available for usage (see older post at here), utilizing the age-old mechanism of anonymously posing messages on a newsgroup is humbling.

Nevertheless, it’s the same new story (Google groups were chosen because of the web interface and the uptime reputation), just dressed up in old clothes (pun intended…). The same advice that I gave 2 years ago, which I gave last year, and again 3 months ago, is still valid – forget about putting out fires (that’s your off-the-shelf AV). Focus on proper mitigation, a solution that shows you how the technology is an extension of the company’s research, and forward thinking attitude. Look for solutions that are more behavioral in nature in order to identify mal-intent communications, and act proactively based on the predictions and research done.

Basically – don’t settle for mediocracy!

Stay safe.

One thought on “Two steps forward, one step back – controling botnets…

Leave a Reply