How has the playing field altered? Let’s focus on one particular technology: bots. Back in the days of the nascent consumer Internet, the term bot was used most frequently to describe a software application used to perform automated tasks on the Net—IRC bots and so on. It wasn’t long before more malicious purposes evolved, such as the less-than-benign (but sometimes incredibly amusing) IRC kick bots. Eventually, "bot herds" could be controlled and commanded by an external attacker via mechanisms such as IRC to carry out activities from sending email advertising C!aL1s or Piagra to performing distributed denial-of-service attacks. Recently, the use and abuse of HTTP-based botnets and malware kits such as BlackEnergy and MPack (see Figure 1)—designed, distributed, and sold for profit for the use of low-level computer criminals—has emerged as a growing trend. Unlike their IRC predecessors, such HTTP bots don’t rely on persistent connections, and can make use of proxies and techniques such as fast flux to engage in their voodoo.
Figure 1 An older version of the MPack kit console.
In a comparatively short time period, this technology that once had benign uses has developed a separate malicious strain. This increasing rise in the number of attacks motivated solely by profit is arguably more significant than who is causing these attacks (the Chinese, Al Qaeda, or some other bogeyman of the week). How it’s happening can be analyzed, understood, and mitigated against.