Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Chinese botnets were poorly constructed and riddled with errors, according to security researchers.
Jeff Edwards and Jose Nazario, researchers at denial of service (DoS) prevention firm Arbor Networks, said Trojan malware used in the botnets contained flaws and were not concealed.
They told the Virus Bulletin 2011 conference in Barcelona that blatant flaws in the used DoS attack botnets were duplicated by rival botnets that stole the source code.
Sophisticated modern botnets often used rootkits to conceal presence, were encrypted and could be difficult to trace and eradicate. The botnets also used varied DoS tactics such as low rate denial of service attacks (pdf).
But Edwards and Nazario said Chinese botnets lacked the technology and conducted only simple DoS attacks such as SYN, TCP and HTTP floods.
They found about 40 Chinese-based botnet families of which about 20 were distinct malware families, including Darkshell, IMDDOS, Rincux, NetBot Attacker and YoyoDDoS families the researchers said.
The botnets targeted specific victims. The Darkshell botnet attacked the industrial food processing industry, IMDDOS attacked gambling websites, Rincux attacked the mining sector, and versions of Netbot Attacker had in 2008 targeted US news site CNN.
“We were surprised when we discovered that its operators have such a propensity for attacking one particular commercial market segment,” he said in a blog post.
All of the studied botnets were thought to be built in China or were controlled primarily from Chinese IP addresses.
Copyright © SC Magazine, Australia
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.