The Great Cyberwar



It went un-noticed by most people for a few years. After all, the ones that were affected were just those that were “asking for it”. Where to start. Let’s see, back in the day there were some that sent out messages to other peoples computers and even when people tried to stop getting the messages they kept coming, so a few sites decided that if they could “blacklist” the places that these messages were coming from, they could help people deal with the mass of messages. So they did, and the people sending the unwanted messages were a bit frustrated and improved their distribution a bit, taking over virus infected pcs for sending their messages. The defenders matched and started blacklisting dialup addresses as mail sources. It was frustrating for those doing legitimate mail servers on a dynamic internet address, but there were legitimate ways to fix the problem. But the senders of the messages got mad.


They used the army of spam bots that they had cultivated to attack the blacklisters, from time to time they would deny service to their websites and frustrate the effectiveness of their service. Once, to show the power of a botnet several big name websites were taken down for a better part of a day, then the attack just went away. It was just a flexing of muscle. Of course, THAT made big news for a day or so, then life went back to normal. The attack against spam blacklisters continued off and on, but most people don’t really care about that. OH they hate junkmail, but they just don’t know if blacklisting is the answer. Maybe it’s not anyway.

Occasionally, the botnets were used for other kinds of attacks too. Not against anybody that you’d jump to defend. Mostly against gambling sites. They’d basically say, ok it’s going to take $$$$ to make sure people can still reach your site tomorrow. After all gambling is at the edge of the law in many places, they don’t have much wiggle room to contact authorities. So, again, people didn’t take big note of it.

Then, there was a company that had another idea for getting people out of junk message mailing lists. They would follow the law, which allowed a removal request to be sent for each message received. They had a download client that would automate the process, but stay within the law. The effect was close to a denial of service for some of the big junk mailers. Some quickly conceded and cleaned their lists, but some took the lists and turned on the users of the service, and ultimately there was a massive botnet attack against that service that went on and on, eventually causing them to close up their doors.

Then there was another site. They were dedicated to computer security, to helping people remove viruses and spyware and had started an initiative to take down phishing sites. They were a bit more “mainstream” I suppose than many of the other sites. They got noticed for their work and have fallen under attack.

The above is basically a true (although stylized) narrative of the last few years of online botnet activity. Now, I CAN’T CLAIM that these attacks were all made by the same group, certainly not. BUT, I think this list shows how powerful botnets have become and the threat that they pose to the internet at the moment. Castlecops.com is the site that is the most recent target of a denial of service attack. They seem to be up at the moment, but I am really beginning to think that the internet security community has a BIG problem and a BIG fight on their hands. I think the “take down” of blue security may have given extra confidence to many in the spam/virus/spyware/phishing “community” that they have the upper hand and I ask myself if we might see security related business and communities (like castlecops) targetted one at a time until they’re DOS’ed into submission.

Indeed, blue security talked about the next stage in their fight would have been an escalation and perhaps starting a full scale “war” on the net. So, the question is… how much does our economy depend on the internet? How much power then does a botnet yield that could take out major sites for a period of time? What solutions are there?

Most efforts at taking out botnets have gone after the IRC servers that act as “command and control”. Usually, blocking those is what’s called for. However, I am beginning to wonder if another approach would be better. I’m wondering, given the fact that if you have one trojan on your pc you likely have several…. if it wouldn’t be better to design a “white hat” upgrade to distribute to a trojan, so that on the next connect to the IRC control, it updates and then displays a “YOU NEED TO REMOVE VIRUSES FROM YOUR PC” message and disables all network interfaces (routes everything to 127.0.0.1)

I know many times such “white hat” viruses backfire, but I think there needs to be serious consideration of ways to take out entire legions of botnets at one stroke, rather than cutting off one head and then the bot downloads fresh code from another server.

   Send article as PDF   

Similar Posts