Thursday, May 26, 2011

Fun with Botnets

http://www.abuse.ch/?p=3294


This is an analysis on botnet size captured using a technique called sinkholeing. Looks like an effective method for trashing botnets if it was used effectively.   The article also points out the obvious that the botnets and the malware are no longer that important.  Its other links in the value chain that are more critical to extracting usable value from the exercise.  Essentially a botnet is just illegal infrastructure for a business.  Anything like this needs a whole ecosystem around it to form an economic activity.

I would expect that at some point, some of the botnet systems will ( as suggested in the comments on the article) turn into a cloud service and at some future point, they will start to turn legit by paying the drone computers and selling the service to the highest bidder.  This legitimise the botnet part of the system and push the criminal/illegal parts to a smaller section of the value chain. Eventually the criminal element will be just a contractor and eventually they will move somewhere else and try to exploit a different niche.

The biggest losers from such a transformation will be the ecosystem of security companies that have fed off the fear and uncertainty that the botnets/maleware/virus ecosystem has created.  They were an opportunistic business model at the best of times.  They will transform into a much more specific security service for clients and provide targeted security around assets, probably information assets.  I fully expect to see infosec turn into some sort of cloud service where you check your information in and have a guaranteed access to it anywhere, anytime under a certain level of security.  People like guarantees.

No comments:

Post a Comment