Skip to Content
Uncategorized

Hunting Down Botnets

Data mining helps security researchers spot Internet addresses linked to compromised computers.
July 30, 2009

To fight malicious attackers on the Internet, it’s important to quickly identify the Internet addresses from which they are operating and to communicate that information to others.

To do that, the Internet Systems Consortium (ISC)–the nonprofit organization that maintains the most popular software for running domain-name servers–collects and analyzes more than 20,000 records per second and stores the results in a massive database, members of the group told attendees at the Black Hat security conference on Wednesday.

“We want to find the badness either before the victims are affected or as the victims are being attacked,” said Andrew Fried, a security researcher with the ISC.

The organization–which runs one of the 13 Internet root-name servers (the F-root)–combines its feed of new domain registrations and changes with reputable blacklists of known bad Internet addresses. In addition, the group searches for domains pointing to multiple IP addresses with low time-to-live intervals (indicating frequent updates to the name server), and addresses that are geographically dispersed. By scoring the results and applying a threshold, the ISC can find Internet addresses that likely host malicious machines.

The analysis technique has helped the ISC and other researchers track the spread of the malicious program Conficker. While Conficker.C–the most prolific variant–has steadily become less prevalent since late March, more than 5 million IP addresses still exhibit signs of infection, Fried said.

According to Chris Lee, a member of the Shadowserver Foundation, China continues to have the lion’s share of computers infected with Conficker, with Russia and Brazil holding second and third place. “This tells us that we are not getting the word out in China [and Russia and Brazil],” said Lee, who also works with the ISC.

The group has also seen signs of Conficker’s peer-to-peer traffic drop off as well.

Keep Reading

Most Popular

mouse engineered to grow human hair
mouse engineered to grow human hair

Going bald? Lab-grown hair cells could be on the way

These biotech companies are reprogramming cells to treat baldness, but it’s still early days.

tonga eruption
tonga eruption

Tonga’s volcano blast cut it off from the world. Here’s what it will take to get it reconnected.

The world is anxiously awaiting news from the island—but on top of the physical destruction, the eruption has disconnected it from the internet.

conceptual illustration showing various women's faces being scanned
conceptual illustration showing various women's faces being scanned

A horrifying new AI app swaps women into porn videos with a click

Deepfake researchers have long feared the day this would arrive.

seeing is believing concept
seeing is believing concept

Our brains exist in a state of “controlled hallucination”

Three new books lay bare the weirdness of how our brains process the world around us.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.