BotnetsThe last year has seen a string of takedowns of botnet command-and-control servers, malware drop zones, spam operations and other pieces of the crimeware infrastructure, each of which made a dent in one way or another. But the question of whether the takedowns have had any lasting effect on the overall level of crime and fraud online is a more complicated one.

The most recent operation that’s gained notice is the takedown of VolgaHost, a hosting provider in Russia that had attracted a lot of attention from researchers for allegedly hosting hundreds of malicious URLs and botnet servers. VolgaHost was rated by HostExploit as the worst hosting provider on the Internet in terms of the amount of crimeware on its platform, and last week the company was effectively taken offline when its upstream provider de-peered it.

That action cut VolgaHost off from the Internet and killed the connectivity for all of its customers, as well, eliminating a number of C&C servers used by the Zeus botnet. However, online fraud and crime is a worldwide industry and removing one hosting provider–however large and active it may be–from the equation is of inherently limited value. It’s a never-ending game of whack-a-mole in which researchers or hosting providers or law enforcement officials knock down a few servers, only to see them pop up again somewhere else a day or a week later.

Zeus, which has been known publicly for more than a year, is a prime example. Though it’s often referred to as a botnet, Zeus is more precisely a crimeware kit that is available for purchase by anyone, giving each customer the ability to create his own small malware operation. Taking down a few servers being used by one Zeus operation to control compromised machines is, unfortunately, only going to be effective in cutting off that specific operation. Any other Zeus networks not connected to that operation will be unaffected.

This has held true for most botnet takedowns in recent years, whether it be Waledac, Pushdo or any other network. Those operations had a major effect on the volume of spam in the short term, but after a quick respite, levels usually have returned to where they were before the takedown. The action that’s made the biggest difference in the volume of spam of late is the closure of a major spam affiliate program known as Spamit late last year. That closure, combined with some other factors, has effectively slashed the volume of spam by nearly three-quarters.

But while spam and other forms of online crime, such as botnets, identity theft and phishing, are closely intertwined, attackers can survive and do their damage without spam. The work that ISPs and legitimate hosting providers are doing to address
the problem is valuable and absolutely necessary and more of it would
be welcome. But unfortunately, the scope of the worldwide online crime and fraud problem is so massive that no one takedown operation or combination of actions is likely to have any lasting, measurable effect on it.

Categories: Malware, Web Security

Comments (4)

  1. Anonymous

    At least they’re trying, and it does momentarily remind people why we can’t back down. I believe too many people have forgotten what the ambitions of men like Patton have done for us. You don’t just sit down and let the enemy walk all over you; you get up and you keep running them down until they know who they’re messing with. I hope these takedowns do continue to occur, and that maybe someday these organizations will find themselves incapable of functioning.

  2. Anonymous

    Riiiight.  Just like the War On Drugs yes?  Because we all know how well that’s going!

  3. Steve B

    I believe the only way to stop crime on the net is to create a financial dissincentive.  If a private org with unlimited funds could persue civil action for damages against the bad actors in time (if effective) the perpatrators would be forced to stop once they where not making oodles of money

  4. P Crowley

    While I don’t think the cybercrime battle can be won, it is important to keep up the pressure.  For the most part, being able to sit at home and get money from people anonymously is a huge temptation and one that sidesteps many people’s sense of it being wrong.  People will do this who would never think of taking someone’s wallet or holding up a store.  But the belief they can do this in the security and privacy of their home means almost anything goes.

    Part of the problem could be solved by eliminating the anonymous nature of online interactions, but this carries some risk as well.  It isn’t a complete solution because such identification is unlikely to be foolproof, but it would remove some, if not all of the security of doing criminal acts online.

Comments are closed.