Past efforts at killing botnets—the large networks of computers running malicious software to send spam, flood websites with traffic, and steal personal data—have managed to disable the networks by taking down important servers, but they've always stopped short of actually killing the botnet software itself. That's because the companies behind these efforts have no more legal authority to run unauthorized software on users' machines than the botnet owners do—to remove the botnet software would make them just as guilty of hacking as the bad guys are.
The result is that while efforts such as Microsoft's disruption of the Waledac and Rustock botnets were successful, they were far from perfect. These efforts left the malicious software running on the infected PCs—they just removed the command and control servers, the centralized machines that tell the botnet what to do. Should the bot herders regain control of the domain names or IP addresses used by the command-and-control servers, the infected machines will be able to successfully connect to them, and the networks will once again spring into life.
Read the comments on this post
No comments:
Post a Comment