Clubbing Webapps with Botnets

greggles — Thu, 12 Nov 2009 16:31:04 +0000

Gunter Ollmann of Damballa gave a review of several botnet tools and malware tools - covering clients, botnet management tools, and whole botnets.

What can we do with botnets

Application saturation
Brute-forcing & iterative processing
Bypassing threshold protection
Intercepting user credentials
Automating user processes

One of these malware providers offers their software in bronze, silver, and gold levels with the gold including 24x7 support and a 6 month money back guarantee if the software is detected by any antivirus software.

Does your computer and webapp have that kind of support to combat an attack like this?

If you don't want to bother with infecting machines yourself, Botnets can be purchased (for about $3 per bot) or rented for 80,000 bots for 24 hours for $200.

A botnet can create 1.3Gbps or 150m e-mails per hour or 250,000 transactions per second.

Relevance of cutting edge botnets to Drupal?

If someone wants to unleash a botnet on you, your passwords are not good enough and your hosting sysadmin may not be good enough either! After you've got a solid application with good hosting, real-time application request monitoring is probably your best next step (which Damballa, his company, specializes in).

For really important things, applications should be designed to require multiple factors of authentication and "out of channel verification" - like sending an e-mail whenever the account information is changed, or a piece of physical mail to confirm a transaction and require a token from that piece of mail before the transaction is processed.

Cracking Drupal - malware

Clubbing Webapps with Botnets

What can we do with botnets

Relevance of cutting edge botnets to Drupal?