republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   News
newer
story category Skype Could Hide Zombies
Cambridge professor's research
(old news - 10:16AM Thursday Jan 26 2006)
tags: security · stats · software
Voice-over-IP apps such as Skype could be used to cloak networks of zombies used to launch denial-of-service attacks, warns a professor at Cambridge University. "If someone were to use a VoIP overlay as a control tool for attacks, it would be much harder to find affected computers and almost impossible to trace the criminals behind the operation," claims professor Jon Crowcroft to Computerworld.

"There isn't a protocol you can't use as a covert signalling channel," says Kurt Sauer, director of security operations at Skype. "Some large commercial groupware products have encrypted XML streams -- they may not be quite as good at firewall traversal, but that's still an opaque data stream."

According to Ciphertrust, hundreds of thousands of new botnet zombies are created each day, with most originating in China, Germany, France, the United States, or Japan. The FTC last year made zombie botnets one of their "highest priorities", launching the Operation Spam Zombie website to educate ISPs (on information most of them already knew).

Related:
  1. ISPs Battle Sober-Z
  2. Symantec: Apple Security Risk Rising
  3. Update Your Browser, Dummy
  4. Tuesday Evening Links
  5. Wednesday Evening Links
  6. FoxNews.com Serving Up Infected Ads?
  7. Android Climbs, But iPhone Remains King
  8. Uh, Mom? The Air Force Just Attacked Our PC
Forums » Skype Could Hide Zombies
view: topics flat text 
Post a:

GOLFnSUN
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
·Sprint Mobile Broa..
·Comcast

No big surprise there; any application can be used

"There isn't a protocol you can't use as a covert signalling channel," responded Kurt Sauer, director of security operations at Skype. "Some large commercial groupware products have encrypted XML streams -- they may not be quite as good at firewall traversal, but that's still an opaque data stream."
The real trick is to not get your PC infected and on a botnet at all. How it is controlled after the PC is taken over is pretty much irrelevant. Maybe the professors Skype control method is harder to track down, but it is still pretty easy to determine if a PC is part of a botnet and is infected. And the corporate solution is still the same in every case - nuke the machine and rebuild it from a wiped hard disk.

And for home users, the solution should be the ISP revoking their access until the machine is cleaned up. But I won't hold my breath waiting for them to do that.
--
--
Join Red Room Forum
My Web Page
permalink · 2006-01-26 12:20:30 · Print · Reply to this

Death2U
Premium
join:2006-01-22

Re: No big surprise there; any application can be

said by GOLFnSUN See Profile :

And for home users, the solution should be the ISP revoking their access until the machine is cleaned up. But I won't hold my breath waiting for them to do that.
ISP should ask the consumer if mass data were transmitted by them at those specific times and if they say no, likely a bot. Your solution seems all good at first, but trust me, traffic from P2P apps look like bots from a network perspective and we don't need to give an ISP any more excuse to throttle/bottle them. Not all bots have to use standard ports, they could just uplink to another computer functioning as a proxy on port of the hacker's choice! The more bounces, the more work the law has to track it down. How would you like your isp to say, "due to high levels of botnets in this area, we will be blocking all but http and certain e-mail traffic". Don't snicker at this because a few isp's in this supposedly free country practically have. It's to the point online games don't work. Trust me I must use an ISP but I am against the industry.
permalink · 2006-01-27 00:10:47 · Print · Reply to this

MichiganTelephone

@130.94.x.x

from:
jester121 See Profile

Sock Puppet Alert!!!

Didn't anyone bother to click over the the About page and notice that "The Communications Research Network" is, and I quote:

A GROUND-BREAKING INITIATIVE SPONSORED BY CMI AND SUPPORTED BY BT

That's BT as in British Telecom. Not that THEY would have any ulterior motive in scaring people away from VoIP!
permalink · 2006-01-26 12:48:52 · Reply to this

moko

join:2002-12-22
Fayetteville, GA

Re: Sock Puppet Alert!!!

your right on the money michigantelephone.......i was thinking the same.
permalink · 2006-01-26 18:32:21 · Reply to this
spiralspirit

join:2005-10-01
Canada

thanks

Well thanks Jon Crowcroft! I was planning my zombie-bot network and I just didnt know what kind of control mechanism to use. NOW THE WORLD WILL BE MINE.
permalink · 2006-01-26 19:55:27 · Reply to this

Death2U
Premium
join:2006-01-22

My Kazaa theory

It's funny I was thinking about how evil the Kazaa app is and came up with "The future of Kazaa". No doubt this thing with all its bundled software can easily be turned into a botnet but get this. Kazaa has constant control over Skype, it could initiate a telemarketer call bot simply by using 3 way conferencing, it calls the telemarketer and the telemarketing victim, hiding the marketer from prosecution from the federal Do not call list! And just think, telemarketing calls to you as well over VOIP! What a nightmare! Evil Sharman is on the way to be the first telemarketing botnet! Can you just see it? Not impossible at all. It frightens me!
permalink · 2006-01-26 23:50:59 · Print · Reply to this
Forums » Skype Could Hide Zombies

Sunday, 08-Nov 16:46:58 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.