The economics of Botnets

[Triple Zero]

The Economics of Botnets In the past ten years, botnets have evolved from small networks of a dozen PCs controlled from a single C&C (command and control center) into sophisticated distributed systems comprising millions of computers with decentralized control. Why are these enormous zombie networks created? The answer can be given in a single word: money. Read the article: http://www.viruslist.com/analysis?pubid=204792068

[BabylonHoruv]

heh, that article reads more as a "why aren't you running a bot net?" than it does as a call to combat them.

[Captain Utopia]

I don't think this problem will be solved until we start getting a bit more radical in our approaches to security.

E.g. An open source botnet running in VM that takes orders via encrypted channels and can be set to take orders from "friends" or "friends of friends" or specific agents, that maintains a distributed transactional system of currency linked to traded stock market commodity, such that an individual can "cash out" or "cash in" if they want to perform some action. Oh, and there's also another few hypervisor layers such that the botnet can update and repair itself and attack other botnets which would seek to compromise it.

So basically, I could choose to earn some credit by supporting an attack against GoDaddy, and there's nothing anyone could do about it because the system would always be in a state of flux, and it'd be impossible to tell if I did it out of self-interest or if my machine was just compromised at that moment. However, GoDaddy might offer free hosting to anyone who commits to an hour of CPU time, rDDoS'ing the IP addresses which are currently flooding it - they just sign the offer themselves and put it out on the market.

Whether it could be made to work, and whether it could be successfully argued for are two separate questions.

The only thing which doesn't seem to be in question is that the current security models are hopelessly broken.