THE HUNTER HAS BECOME THE HUNTED as botnet operators have started to set honeypot traps to lure security researchers.
Researchers investigating a piece of malware that's part of the Zeus botnet managed to gain access a remote server used to control the botnet and found the administrative console on the server was a fake. The console was put in place to monitor the activity of researchers in order to understand ways that botnet operators can avoid having their networks shut down.
Many botnets have administrative consoles on their command and control servers to control their tens of thousands of compromised zombie computers. Not only providing control interfaces, such consoles provide those operating the botnets access to statistics such as membership numbers and geographic distribution, all of which is vital information of interest to security researchers.
In the past, researchers had accessed the control interfaces of botnets to try to locate those involved in operating the botnets. Now it seems that the botnet operators are poking fun at the insecurity researchers by creating a dodgy login screen with a weak login and password, and even adding an SQL-injection vulnerability to gleen some insight into the behaviour and methods used by their adversaries.
Honeypots have been used by security researchers in the past to snare would-be hackers, but now that the tables have been turned it will be interesting to see how the researchers react.
Such tricks show that the botnet operators are far from just pesky script-kiddies, and this will mean that researchers will now have to discover some innovative methods for investigating botnets. µ
Slack, hack and crack
A flaw in the protocol affects iOS, macOS and Windows 10
Wig wearer has issue with non-wig-wearer