IDG News Service - Researchers are hoping to get a better insight on botnets after taking down part of Pushdo, one of the top five networks of hacked computers responsible for most of the world's spam.
Thorsten Holz, an assistant professor of computer science at Ruhr-University in Bochum, Germany, said his group is working on an academic paper focused on methods to figure out what type of malicious spamming software is on a computer that sent a particular spam e-mail.
They looked at several of the major spamming botnets, including Mega-D, Lethic, Rustock as well as Pushdo and Cutwail, two kinds of malware that appear to sometimes work together as part of the same botnet.
Holz said they found that Pushdo had a special characteristic in that more than half of its command-and-control servers were concentrated within one hosting company. Botnets use command-and-control servers to issue instructions to the infected PC, such as uploading spam templates and the target e-mail addresses to send spam.
About 15 of Pushdo's 30 servers were with that one hosting provider, which has now taken those servers offline and shared the data contained within them with Holz and his team. Their analysis is still ongoing, but they uncovered some 78 GB of plain text e-mail addresses, and that up to 40% of the infected computers were in India, a finding Holz said was surprising.
Other data within those servers should shed greater light on how Pushdo works. "We will analyze all the log data we have because I think we can provide a good overview of a modern spam operation," Holz said.
Of the eight hosting providers that had Pushdo's command-and-control servers, six took action to shut Pushdo down. But two hosting providers based in China did not respond to e-mail requests to turn off Pushdo or even acknowledged that they had received a complaint, Holz said. Although the spam volume from Pushdo has dropped, it is likely that its operators will be able to ratchet it up again.
But Holz and his team now know which computers are infected with Pushdo. They're in the process of contacting the ISPs connect those computers to the Internet. The ISPs can then notify those customers that their computers are infected and take steps to help them clean up their machines, Holz said.
Although it is likely Pushdo's operators will be able to use the remaining servers that are still online to reconstitute the botnet, "if we can notify the victims of the compromised machines and get them cleaned, it still has a long-term impact," Holz said.
Identifying which machines are infected and then remediating those computers is seen as crucial to fighting botnets. In Germany, the government has launched an initiative that involves eight major ISPs collaborating to send e-mails to their customers notifying them that their machines may be infected with botnet code, Holz said.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Binary Option: Neustar SiteProtect Case Study Learn how Neustar helped Top10optionbinaire.com protect against DDoS attacks with SiteProtect DDoS mitigation technology.
- Four Ways DNS Can Accelerate Business Growth This DNS eBook describes how DNS has developed over the years to support business growth as new needs have emerged, for example, advanced...
- Architecting the Network of the Future Networks need to change, as does the way IT thinks about and manages them. In addition to reliability, IT must now add higher...
- Ecommerce Site Needs Protection Against Cyber 'Pirate' Learn how a Neustar customer thwarted 'Blackbeard,' a self-styled DDoS Pirate. Using Neustar SiteProtect, a cloud-based DDoS mitigation service, this everyday IT hero...
- Tales from the Trenches - Industry Risks and Examples of DDoS Watch Neustar experts as they discuss how DDoS impacts technology companies including online gaming, e-commerce and more. All Network Security White Papers | Webcasts