I was contacted by Warren Lee to provide my input on the recent crackdown on 8 botnet herders and their subsequent arrest. From the article:
Security expert Andrew Hay, Manager of Integration Services, Q1 Labs Inc. says over the long haul, the impact of the arrests will be quite small, and he sees a negative effect too.
“I don’t think the arrests will provide the long-term impact that the FBI is expecting. In fact, [they] may actually be a double-edged sword.”
Making such a public example of these botnet herders, he said, may drive their competitors and colleagues further underground.
Experts say financial gain is the big driver behind most bot activity.
As there is a lot of money to be made, organized crime has got involved in a big way. will continue to drive the development of new, and more sophisticated, botnets, Alperovitch notes.
He says botnets are “at the root of nearly all cybercrime activities we see on the Internet today.”
And as Hay points out, botnet herders are already breaking down their larger botnets into smaller, dispersed, and harder-to-track bots. The costs and risks of doing business continue to be quite low for the bot masters.
Also from the article:
Apart from standard defense tools such as firewalls, intrusion detection/prevention, and router access control lists, IT managers can now access a range of newly available services.
These include Trend Micro’s Botnet Identification Service, or managed security services from Arbor Networks or Damballa – both of which specifically target botnet activity.
Andrew Hay of Q1 Labs believes botnets can only be effectively detected by using advanced flow and log correlation network security management products.
“The mixture of logs and network flows allow you to distinguish attacks from a simple increase in normal traffic.”
The full article can be found here. Enjoy!