Some security researchers prefer that sinkholing be used more for intelligence and research purposes and not for botnet takedowns. But most agree that the aggressive dismantlement method will remain the main tool for now for ultimately getting to the bad guys behind the curtain and guiding the botnet operation.
Microsoft and other security firms acknowledge that a botnet takedown may only be a temporary fix, but that the idea is to disrupt the bad guys and gather intelligence about them to get to the real actors behind the botnet. But, as always, arresting and convicting the major players behind the cybercrime is the biggest challenge.
Botnet takedowns are a bit like drug busts, Schouwenberg explains. "I think takedowns are a great way to disrupt the business. I equate them to drug busts, where a few hundred pounds of cocaine get confiscated," he says. "So, while a very powerful tool, it's not quite the same as actually putting these actors behind bars."
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.