Monday, November 16, 2009

Breaking the Botnet Code

UC Berkeley Professor Dawn Song co-presented a talk on Malware and Bots at the Association for Computing Machinery's Conference on Computer and Communications Security this week.

Networks of compromised computers controlled by a central server, known as 'botnets' can be used to systematically spew spam, host malicious code, or flood a network to cut off its access to the Web. Researchers presented a tool at the conference that can decipher the structure and purpose of communications between a control server and its bots through automatic reverse engineering. The researchers parlayed the technique into a tool called Dispatcher that will analyze botnet network communications and even inject new information into the communications stream.

The researchers note that such automated tools are not yet needed for analyzing most malware since more than 90 percent of all botnets use easy-to-break encryption with their communications, making manual techniques rather easy and fast.

Yet botnets will continue to evolve, says UC Professor Song. "Botnet programs are becoming more complicated," she says. "They are using various obfuscation techniques and so on. So maybe manual analysis can work for now, but in the future, we will need better tools."

See article in Technology Review.