Monday, February 4, 2008

Botnet hunting

Digital Intelligence and Security Operations Group (DISOG) has an article up on how to start investigating botnets.

They article contains a number of sections:

  • Section 1, the rules of behavior
  • Section 2, Locating binaries
  • Section 3, extracting information
  • Section 4, putting it all together
  • Section 5, moving on

While tempting to engage in, it is important to keep in mind that most botnets are run by criminals who try to make money. There are several cases where people who were getting between the criminal and their intended money received (plausible) threats to their personal safety, as well as to their family members'.
Also, by engaging in botnets, and connecting to potentially infected machines, you are also conducting criminal acts in many places of the world.
While the article does mention these elements, it continues to elaborate. It kind-of feels like the "oh; I did not know he would actually point the gun at a person and shoot it!"-kind of line of reasoning. My advice: do not do it! Stay away from botnets, and especially from their operators.
Simple, isn't it?

No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.