Battling Against Self-Defending Bots

The battle for the security of the Internet is taking an ominous turn. Now, hackers are creating more sophisticated botnets (roBOT NETworks) to turn millions of compromised computers into “zombie” networks used to send spam and viruses or execute distributed denial of service (DDOS) attacks. Security experts are bracing themselves to combat the growing threat of self-defending bots that are fighting back attempts to track or disable them.

Last year, IBM Corp. (NYSE: IBM) principle security strategist Joshua Corman captured everyone’s attention at the October 2007 InterOp conference when he reported that Storm, the infamous botnet created by a widespread worm/Trojan distributed across the Internet, has successfully launched reprisals against those who try to break it.

A self-defending bot like Storm gains control of a PC and detects when it is scanned by security software. It then sends a message to another area of the botnet to trigger a DDOS attack. During any attempt to immobilize a compromised network, a bot “herder” instructs some or all of the botnet to send a flood of garbage data to the IP address of the scanner. This data flood can knock a Website offline, or take down an Internet connection.