[funsec] Cambridge Professor Warns of Skype Botnet Threat
Paul Schmehl
pauls at utdallas.edu
Wed Jan 25 15:42:18 CST 2006
--On Wednesday, January 25, 2006 15:19:18 +0000 Fergie
<fergdawg at netzero.net> wrote:
> I see Jon's busy stirring things up. :-)
>
> Via TechWorld.
>
> [snip]
>
> Voice-over-IP apps could be used to cloak networks of zombies, used to
> launch denial of service attacks, a Cambridge professor has warned.
>
> Armies of ordinary PCs - "botnets" - that have been infected by a virus
> and put under malicious control, could be controlled and orchestrated by
> messages hidden in VoIP traffic generated by programs such as Skype,
> warned Jon Crowcroft, Marconi professor of communications systems at
> Cambridge University.
>
> [snip]
>
> More here:
> http://www.techworld.com/news/index.cfm?NewsID=5232
>
I dunno. Maybe I'm dense. How is this different from any other method of
control once you encrypt the traffic? (And please don't tell me that IM or
IRC can't be encrypted.) The issue isn't the protocol being used. It's
the behavior. And how does encrypting the traffic *hide* the botmaster?
Scenario:
100,000 bot network
10,000 "sub" controllers
1000 "master" controllers
All traffic between these 100,000 bots is encrypted Skype, and the traffic
patterns match DDoS or spam runs. Gee. I wonder what's going on there?
But we can't tell because {{{gasp}}} it's encrypted!
Huh? What am I missing?
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
More information about the funsec
mailing list