Uky writes "Convinced that the recent upswing in virus and Trojan attacks is directly linked to the creation of botnets for nefarious purposes, a group of high-profile security researchers is fighting back, vigilante-style. The objective of the group, which operates on closed, invite-only mailing lists, is to pinpoint and ultimately disable the C&C (command-and-control) infrastructure that sends instructions to millions of zombie drone machines hijacked by malicious hackers." From the article: "Using data from IP flows passing through routers and reverse-engineering tools to peek under the hood of new Trojans, Thompson said the researchers are able to figure out how the botnet owner sends instructions to the compromised machines."

m4dm4n wrote to mention a story running on The Register which describes a coordinated malware attack designed to establish a massive botnet. From the article: "The attack involves three different Trojans - Glieder, Fantibag and Mitglieder - in a co-ordinated assault designed to establish a huge botnet under the control of hackers. Computer Associates reckons that access to the compromised PCs is for sale on a black market, at prices as low as five cents per PC."

Susan Saradon writes "The Honeynet Project has released a new paper which deals with the observation of botnets. "Know Your Enemy: Tracking Botnets" discusses what Botnets are, who is using them, how, and why. It als introduces the tools "mwcollect" and "drone" which can be used for collecting an tracking Botnet activity. Nice to read and looking forward to the release of these tools."

bigtallmofo writes "In a move sure to be applauded by DDoS botnet owners everywhere, news.com.com is reporting that Comcast is raising the speed of its cable Internet offerings. The standard rate will change from 3 Mbps downstream and 256 Kbps upstream to 4 Mbps downstream and 384 Kbps upstream. Customers that currently pay extra for faster service will see a 50% speed increase over what they have today to 6 Mbps downstream and 768 Kbps upstream." Combine this move with the VoIP announcement and the rumblings about more Baby Bell mergers -- we should see an...interesting landscape soon.

Amadaeus writes "According to the latest study by USA Today and Avantgarde, it takes less than 4 minutes for an unpatched Windows XP SP1 system to become part of a botnet. Avantgarde has the statistics in their abstract. Stats of note: Although Macs and PC's got hit with equal opportunity, the XP SP1 machine was hit with 5 LSASS and 4 DCOM exploits while the Mac remained clean. The Linux desktop also was impenetrable, but only was only targeted by 0.26% of all attacks." See also our story on the survival time for unpatched systems.

An anonymous reader writes "VeriSign's principal scientist Phillip Hallam-Baker believes one answer to stopping spammers and even crackers is by using reverse firewalls. He says reverse firewalls should be embedded in every cable modem and wireless access point for home users. "A traditional firewall is designed to stop attacks from the outside coming in; a reverse firewall stops an attack going out," Hallam-Baker said. Apparently, a reverse firewall would reduce the value of recruiting your home PC as a member of a botnet because "normal users have no need to send out floods of e-mail, which reverse firewalls can stop, but they do allow a normal flow of e-mail. ""

Emperor Tiberius asks: "It seems more and more dedicated server companies are turning tail to the idea of hosting IRC machines. Hosts like Rackshack are adding 'no-IRC' rules to their AUPs at the risk of having one's server unplugged. Why is IRC (the once applauded chat medium) being thrown to the dogs? Some might say the horrendous botnets written for the protocol are a part of the problem. However, if we were to shut down the IRC protocol. Isn't it theoretically possible the botnet authors would just migrate to a different protocols like Oscar/AIM, ICQ, ICB, Jabber, just to name a few? If so, how would we manage the problem? Would we shutdown all ICB servers, and cut-off the ICQ network? Are we trying to kill off the problem in the wrong way, or is there a compromise to keep IRC alive, and keep botnets away?"

You asked nmap creator Fyodor many excellent questions, and his answers (below) are just as excellent. You'll want to set aside significant time to read and digest this interview, because Fyodor didn't just toss off a few words, but put some real time and energy into his answers.