Communications of the ACM
Botclouds: A Cyberattacker's Dream
Image courtesy of Black in Hat
Delft University researchers are studying how botclouds can be used to launch attacks, send spam, and commit fraud.
There has been a recent outbreak of attacks that could be related to botcloud use, and "as long as cloud service providers are not taking proactive steps to prevent these things, I think this trend will increase," says Delft's Kassidy Clark.
The researchers built a botnet in just minutes by purchasing space in the cloud with stolen credit card details, which greatly accelerates deployment, Clark says. The researchers hired 20 virtual computers and used them to carry out attacks on their own Web server. The botcloud was able to send out 20,000 page requests per second and brought the server down in 10 seconds.
Clark also built a larger botcloud and used it to run a click fraud simulation, and neither botcloud attack was detected or shut down by the cloud provider. The researchers also found that it is possible for a virtual computer in the cloud to become infected by an ordinary botnet, since many cloud users do not usually run antivirus software, says Symantec's Paul Wood.
From New Scientist
View Full Article - May Require Free Registration
No entries found