Sunday, October 25, 2009

What next in Botnets?

For the past few weeks I had been thinking what could be next for Botnets to do C&C. As we have already seen it being having C&C over, IRC in older days, then it came to P2P, and then evolved to HTTP too some time back.

So What next?

Was thinking and thinking and then got it with a flash, how about Simple EMAIL communication is being used as C&C for the bots to receive commands from their bot-masters. That would be mess right, as this would be very difficult to track and stop.

Just think a bot having a bot-masters email ID integrated ( *** there could be more innovative way to have the bot-master ID, I will come to that point latter *** ) and then it calls home just by sending a mail to the bot-master and he responds back by command in the mail body, all encrypted. More over the master need not to run his own C&C server for mails, he could use any of the mail servers available in the internet, like GMail, Yahoo, Hotmail anything he feels like. all bots can respond to those IDs and the bot-master can just issue his commands to all incoming mails from the bots and issue commands, as most of the organizations and client machines will allow mail communication to happen, it will be really tough to stop. There could be more innovative ways to stop being reverse engineering , detection and Bot update mechanism, we all know about it more or less by now, and just think if all those mechanism is integrated, then it could be a big happening in the C&C of botnets.

This is just my thoughts, i am sure people around here in this community may have better thoughts on this concept, I would really appreciate your comments and thoughts on this article and this new future threat, which I think it could be.

All those who agree can please put together your thoughts about some detection mechanism, for this method. And all those who don't agree, I would appreciate to put your line of thoughts too, that will be helpful if i am thinking wrong.

No comments: