Tuesday, June 9, 2009

Exploring the Botnet vs. Malware Relationship

There are many misconceptions when it comes to understanding botnets. One of the most significant is the fallacy that a single "new" malware-type (or family) constitutes a single botnet.

For example, Zeus is a very popular family of bot malware. It's created using a commercially available DIY malware creator kit. However, it's not as if it's only purchased by a sole entity and that every infection of Zeus around the world is under the CnC of that individual. Nothing could be further from the truth. Just because the bot agent or piece of malware is of the same family, does not mean that compromised assets belong to the same botnet.

Similar arguments hold true for Conficker. It's amazing to me that so many people are blinkered in to their thinking that there's just one criminal entity behind all the Conficker installations around the work.

In an effort to educate security professionals as to the nature of the real threat, I've written a brand new whitepaper - The Botnet vs. Malware Relationship - covering the mechanics of botnet building based upon the use of popular DIY Malware creator kits. The paper discusses how CnC channels are affected and why botnets don't have a one-to-one relationship with malware.

The paper is designed to be vendor neutral and I've tried to use as plain as language as possible in an effort to explain the dynamics behind botnet building. Feel free to pass the paper along and provide feedback here. There are more educational papers on their way...

1 comment:

  1. thanks for that paper....very interesting blog u got here, u got a loyal reader :)