Forgot your password?
typodupeerror
Botnet Canada The Internet Technology

Raising a Botnet In Captivity 60

Posted by timothy
from the cute-until-they-escape dept.
holy_calamity writes "Technology Review reports that researchers installed 3000 copies of Windows XP on a high performance cluster at a Canadian university and set loose the Waledac botnet on them. It's the first time researchers have built and operated their own botnet as a strategy to better understand those at large on the internet. Doing it inside an experimental computing cluster removes the legal and ethical complications of experimenting with live botnets that control innocent users' machines."
This discussion has been archived. No new comments can be posted.

Raising a Botnet In Captivity

Comments Filter:
  • by Anonymous Coward

    I'm not quite sure why they chosen to do that; where is the fun in running a botnet in a simulated environment? Wouldn't it be much better to do it in real environment?

    • by easyTree (1042254)

      I'm not quite sure why they chosen to do that

      I guess it's one more string to their bow. Now they're able to offer students experience with botnets - ready for the real world where they can go on to become some of the best botnet authours around :D

      PS. I'm sure you can do better than seven banner ads per eight-paragraph page. Please try harder.

  • by NickFortune (613926) on Saturday December 18, 2010 @06:07AM (#34598438) Homepage Journal
  • Were they.. (Score:2, Insightful)

    by Anonymous Coward

    licensed copies?

    • by AndGodSed (968378) on Saturday December 18, 2010 @06:46AM (#34598574) Homepage Journal

      Where They...

      *Puts on Sunglasses*

      Licensed Copies?

      YYYEEAAAAHHHHHhhhhh!

    • by fahlenkp (1939942)
      At a large University, Windows XP licenses are trivally cheap. I believe at my last job $5. If you tell them you are running an experiment like this, it is even cheaper. People give M$ a bad rap on licensing. A lot of times it is cheaper than Red Hat when you have a number of computers.
      • by AHuxley (892839)
        XP would be fine for this as the University has paid for "MS XP" for all over a set time.
        MS has learned from this "friendly" era and now likes the idea of a 24/7 on site computer system to count the "number of computers" using MS products and then count much more $ flowing back.
        The bad rap on licensing is getting more real, the past was just playing 'nice' to get MS products on site.
        A real fun study would be some pretty 'graph' of total cost of ownership/longterm rental/cleanup/admin teams for 3000 copie
    • by X0563511 (793323)

      You should learn what a MAK [wikipedia.org] is for.

  • by internet-redstar (552612) on Saturday December 18, 2010 @06:27AM (#34598506) Homepage
    ... and they discovered it's utterly uselessness?
    • by BSAtHome (455370)

      it is called Windows Genuine Advantage...

  • After effects, more research needed. Cylon sentience attained on the first day. They keep it running until Tricia Helfer steps out of their 3D printer.

    • They keep it running until Tricia Helfer steps out of their 3D printer.

      Why the hell would you stop then?

  • by yerktoader (413167) on Saturday December 18, 2010 @08:16AM (#34598800) Homepage
    This is the FIRST time a botnet has been studied in captivity? Did they need an excuse? A hall pass?

    Anyone got a good reason why it took this long to study a botnet in captivity when researchers have been able to purchase these tools on black hat sites for as long as they have? Otherwise I call shenanigans. [ebaumsworld.com] Red tape, bureaucracy, what have you.
    • by Anonymous Coward

      I have personally built clusters to test out viruses and botnets. In fact, I'd be willing to bet that almost every single botnet is born in an environment like this. 3000? that's just a waste of money. I wrote my own personal botnet (for late night take overs to run automated tests) using a collection of VMs (6) on my desktop. Once it felt good I just installed it somewhere. What do they really hope to gain by watching the same thing happen 3000 times?

      What a waste of resources, hope they at least made

    • by AHuxley (892839)
      Could be some fine print in the 'for edu use only' bulk discount?
      You get to study using the OS, not so much study the workings of the OS?
    • This project, which started some 7 years ago, was delayed while waiting for the 3000 XP PC's to catch up with automatic updates.

      • by owlstead (636356)

        Quickly, somebody mod this up! I want to see how this ends before I need to restart my computer - it just finished downloading them automatic updates.

    • by JMonty42 (1961510)
      This definitely isn't the first time this has been done. Maybe it's the first time anybody has done it with an unnecessarily large cluster of 3000 (all infected) computers. I also think this study is flawed and mostly pointless. First of all, command and control-style botnets are getting easier and easier to mitigate. The real threat is from peer-to-peer botnets. The most useful research taking place as of late is not being done in a closed environment cut off from the rest of the world on a botnet that
    • by dbIII (701233)
      Until relatively recently MS had never heard of clusters so doing this would have been a huge time wasting pain. It probably is one of the first times this has been done at such a scale. Even now it's a case of "ok, so I can cluster MS Windows now - but WTF can I run that can make use of it being a cluster?". Without the software to run on the things they are rare.
  • by Anonymous Coward
    I think it's interesting that our software mechanisms have become so advanced that we can't dissect them to understand what they are doing, we have to observe them in their environments to understand how they work or perhaps they just couldn't be bothered to sink resources into better analysis techniques of bytecode...
  • It would be far more beneficial to (almost) everyone if they studied the people involved in creating botnets in captivity. If not for the legal issues involved with that idea...
    • A corroborative study would involve PC users, in captivity, with such expert tests as: flashing ads promoting free stuff, click to clean your infected PC, and chatting with horny single females in your area (now!).

  • "It was [...] something of a challenge to convince the owner of a cluster worth around $1 million that installing malware onto it was a good idea." The question remains: is he referring to Waledac or Windows xp?

FORTRAN is a good example of a language which is easier to parse using ad hoc techniques. -- D. Gries [What's good about it? Ed.]

Working...