Canadian researchers simulate botnet

Share this article:
Scientists in Canada have replicated a botnet to study its behaviour, infecting 3,000 virtual machines with the Waledec malware.

The research, led by a team at the École Polytechnique de Montréal, involved collaborators at Carlton University, Canada. It also enlisted the help of researchers at Nancy University, France, along with anti-malware company ESET.

Scientists used a $1 million, 98-machine server cluster as a platform to create 3,000 virtual machines, each of them simulated with a different IP and email address. They then infected the machines with Waladec to measure statistics including how quickly it spread.

The project, described in MIT's Technology Review, was carried out earlier last year and discussed in December in a paper entitled "The case for in-the-lab botnet experimentation: Creating and taking down a 3,000-node botnet.

One significant finding from the experiment was that the Waledac botnet's weak cryptographic protection in the wild was a necessity. The botnet's command-and-control infrastructure used the same Advanced Encryption Standard (AES) session key for all bots for 10 months.

"We initially thought that this was a design error made by the bad guys, but when implementing the Waledac C&C server it turns out that it was impossible to generate a session key for each bot, because it overloads the server with cryptographic computation," said the paper.

This approach is more ethical than attempting to disrupt botnets in the wild, the researchers said, adding that in some jursidictions it is considered illegal to create elements that join a botnet. It is also possible for sophisticated botnets to launch denial-of-service attacks on domains that they recognise as sources of botnet disruption.
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in SC Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

More in SC Canada

Almost 40 percent of Canada's Justice Department duped by phishing

Almost one in four employees at Canada's Justice Department fell prey to internet phishing in an exercise last December.

Microsoft wavers on Canadian spam fears

Microsoft has reconsidered a move to cease security emails in Canada, following the introduction of an anti-spam law north of the border.

Underinvestment, poor communication plague Canadian cybersecurity

Canadian cybersecurity is languishing due to poor communication and disappointing security investments, according to research from the Ponemon Institute.