Don'T Do This At Home: 0Wning Botnets presented at t2 2009

by Felix Leder (University of Bonn ), Tillmann Werner (University of Bonn ),

Tags: Security

Summary : The threat posed by botnets consisting of thousands of interconnected, remote-controlled computers is one of the major challenges at present. Such malicious infrastructures are getting more and more involved in commercially driven or even politically motivated attacks.
This new dimension requires reconsideration of possible actions as classical countermeasures are mostly reactive and conducted as part of incident response. This is often not sufficient. We argue that proactive measures are necessary to mitigate the botnet threat and demonstrate techniques based on different botnet infrastructures.
This talk will cover a structured botnet mitigation approach and discuss several case studies on recent sophisticated malware like Storm, Waledac, and Conficker and discuss prototypes to demonstrate the applicability (live demos included). In all cases mitigation or even takeover was possible. However, while being technically feasible, such actions raise ethical points like disclosure policies. We conclude that many botnets contain weak points that allow for counter-attacks on a technical level.