Botnet Takedowns Can Incur Collateral Damage

Microsoft Zeus botnet case demonstrates risks, challenges associated with takedowns when multiple groups are tracking the same botnet
There's also the problem of different laws in different countries, Ollmann and other experts say. "Most botnets have victims in multiple countries. So what's legal in one country may be illegal in another," Kaspersky's Schouwenberg says.

Some security researchers prefer that sinkholing be used more for intelligence and research purposes and not for botnet takedowns. But most agree that the aggressive dismantlement method will remain the main tool for now for ultimately getting to the bad guys behind the curtain and guiding the botnet operation.

Microsoft and other security firms acknowledge that a botnet takedown may only be a temporary fix, but that the idea is to disrupt the bad guys and gather intelligence about them to get to the real actors behind the botnet. But, as always, arresting and convicting the major players behind the cybercrime is the biggest challenge.

Botnet takedowns are a bit like drug busts, Schouwenberg explains. "I think takedowns are a great way to disrupt the business. I equate them to drug busts, where a few hundred pounds of cocaine get confiscated," he says. "So, while a very powerful tool, it's not quite the same as actually putting these actors behind bars."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading