Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

To catch a criminal, sometimes you have to think like one.

So researchers on the trail of cybercrooks that use armies of infected computers, known as botnets, to send out spam e-mail or to attack websites are building botnets of their own. Fortunately, the new approach is being tested using a high-powered computing cluster that is safely isolated from the Internet.

“We set up what we thought would be the closest to a botnet in the wild,” says Pierre-Marc Bureau, a researcher with computer security firm ESET, part of the project led by a team at Ecole Polytechnique de Montreal with collaborators at Nancy University, France, and Carlton University, Canada. “To our knowledge, this is the first such realistic experiment,” he says.

Over 3,000 copies of Windows XP were installed on a cluster of 98 servers at Ecole Polytechnique. Each virtual computer system was wrapped in software that linked it up to the others as if it were an individual computer connected to the Internet or a local network. Every system was also infected with the Waledac worm, a piece of now well understood and largely vanquished software that at the start of 2010 was estimated by Microsoft to control hundreds of thousands of computers and to send out 1.5 billion spam messages a day.

The team mimicked the control structure needed to take charge of a Waledac botnet, in which a central command-and-control server sends orders to a handful of bots that then spread those instructions to other machines.

In recent years, researchers have developed techniques to eavesdrop on live botnet communications and even to inject messages into these communications. Building a complete botnet in an experimental environment allows much more freedom, though, says Bureau. “When you experiment on a live botnet, you may provoke a bad reaction from its owner that harms infected machines,” he explains, and then “you are also potentially controlling the machines of innocent users, which has ethical and legal problems.”

Having their own botnet also gave the researchers the luxury of being able to observe it inside and out as it operated normally or was attacked by someone trying to disable the network, and also to run multiple trials that yielded statistically significant results.

It was, Bureau says, something of a challenge to convince the owner of a cluster worth around $1 million that installing malware onto it was a good idea.

0 comments about this story. Start the discussion »

Credit: Technology Review

Tagged: Computing, security, hackers, malware, spam, cyber security, botnet, viruses

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me