One reason organizations implement honeypots is to identify malicious botnets.  A honeypot, which is a fake network, is designed to attract and analyze botnet activity. In order for the honeypots to educate us with data, we need to develop a better understanding of how botnets achieve their missions. Let’s review potential activities performed by some of the various types of botnets.

1. Distributing Malware
Many times botnets are used to quickly distribute new bots on open networks. For our botnet friends this is actually not very hard to accomplish. The reason this is easy is due to bots being able to potentially implement scripts for downloading and executing any file via HTTP or FTP. This is exactly how email viruses are spread using a replicating botnet. In a very short period of time a self replicating botnet can hook into 10,000 computer hosts. This sets up a staging platform for exponentially spreading a mail virus around the world, in a very short period of time.

Continue reading 5 Lessons that Botnets teach Honeypots

The Georgia Tech Information Security Center (GTISC) released its “Emerging Cyber Threats Report for 2009″, which reported on the top five information security threats for the coming year. The results were notably different from last year’s top five, which were: Web 2.0 and client-side attacks, targeted messaging attacks, botnets, threats targeting mobile convergence, and threats to RFID systems. According to the report, the biggest threats for next year are: malware, botnets, cyber warfare, threats to VoIP and mobile devices, and the evolving cyber crime economy. The report notes that all emerging threats and attacks are data-driven.

Continue reading Cyber threats in 2009