Experts Question Effectiveness of Botnet Takedowns

This was written by Michael W. Cheek on Tuesday, March 9, 2010, 9:06.

Recently, two major botnets have been brought down through legal channels and arrests. Microsoft used a court order to take out one botnet and Spanish authorities arrested the administrators of the Mariposa botnet. Despite these recent successes, some security researchers have begun to question the how effective taking out a botnet really is, according to an article on TheRegister.co.uk.

Security experts have pointed out that using the current channels to disrupt a botnet may not be effectively hurt cyber criminals.

Rik Ferguson, a security consultant at Trend Micro, said “We have had significant victories against several botnets in the past but that hasn’t stopped the growth in malware or the growth in spam or in information theft.”

“So, while we continue to win significant battles, winning the war will need closer cooperation between governments [and] law enforcement agencies on an ongoing basis rather than on an operational basis,” he said.

The disrupting the domains used by criminals is only temporarily effective. Gunter Ollmann, vice president of Research at Damballa, believes that authorities should concentrate on going after the criminals themselves.

“I’ve found the takedown of the domain names used by the botnet operators to be ineffective. The bad guys simply register new ones and carry on with their business,” he said.