Malicious software and obfuscatory legalese – two bad tastes that, I imagine, taste even worse together. [image by j l t]
Thankfully, as I’m not in the business of trying to turn a profit by building botnets, it’s not a flavour combo I’ve encountered myself, but there are reports that such things really do exist. Caught with the same economic problem as legitimate software houses – an infinite good, easily reproduced – malware crews are including EULAs with their program packages.
Of course, a malware author can’t fall back on the courts to enforce the terms of the agreement, and so the threatened actions are a little more, er, direct – basically, if you mess with the code they’ll rat you out to the antivirus companies. But, in the words of Mike Masnick at TechDirt:
“… we already know that almost no one reads normal software EULAs, so I somehow doubt that the online scammers using this software are bothering with the fine print either.”
I can’t say I’m feeling too sad about that.
They may be off the news radar at the moment, but botnets are still a serious bugbear for computer security professionals – it’s hard work trying to defeat something that fights back, after all. [image by Rodrigo Senna]
So here’s a new idea from the University of Washington – why not fight fire with fire, and build a white hat botnet to defend against the DDoS attacks af the black hat botnets?
“Their system, called Phalanx, uses its own large network of computers to shield the protected server. Instead of the server being accessed directly, all information must pass through the swarm of “mailbox” computers.
The many mailboxes do not simply relay information to the server like a funnel – they only pass on information when the server requests it. That allows the server to work at its own pace, without being swamped.”
Sounds like a good plan. It’s beyond my knowledge levels, but the guys at Techdirt seem to think it’s a creative approach.
As a recent convert to Linux, this is the part where I smugly remind everyone that if certain commercially ubiquitous operating systems weren’t so riddled with security flaws, botnets wouldn’t be a problem anyway …
OK, I might be stretching the point with "semi-sentient", but it still has all the hallmarks of a bad AI thriller movie plot. The infamous and still-growing botnet created by the Storm worm virus is able to detect when its command and control structure is being probed by computer security types, and launch denial-of-service attacks at them in retaliation. While some experts believe that Storm has pretty much run its course, others estimate that it may be sitting on a power-base of more than 15 million infected machines, waiting to be hired out to the highest bidder. It’s a long step from the golden era of the Christmas Tree and Friday The Thirteenth viruses. [Via BoingBoing] [Image by RileyRoxx]
[tags]computer, security, Storm, virus, botnet[/tags]