Botnets to get more intelligent in 2010


Next year, botnets will become more intelligent and autonomous, according to research from Symantec.

Paul Wood, senior analyst at MessageLabs Intelligence, said the criminals who operated botnets wanted to maintain their market share without spending too much time working on them.

Previously, operators would have to manually make more bots or make it harder for the computers they did control to be cleaned up, for example, by using rootkits hiding their presence from operating systems or security software.

Symantec has started to see bots having the capability to take care of themselves, before any intervention is required.

"We've seen social networks and micro-blogging sites being used to host instructions, so the bot will go to that website," Wood said.

"What may appear to be gibberish to a human may have some meaning to a bot."

Lessons have been learned from the McColo server takedown, with criminals re-evaluating and enhancing their command and control backup strategy. This enables recovery to take hours, rather than minutes.

"They've managed to recover in terms of how much spam they're sending out, and in many cases they are sending out more," Wood said.

He also said that CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) breaking tools were increasingly traded on the underground economy.

It means more criminals are able to start creating real accounts to send out spam from webmail, instant messaging and social networking websites.