Re:Really? (Score 2)

This definitely isn't the first time this has been done. Maybe it's the first time anybody has done it with an unnecessarily large cluster of 3000 (all infected) computers. I also think this study is flawed and mostly pointless. First of all, command and control-style botnets are getting easier and easier to mitigate. The real threat is from peer-to-peer botnets. The most useful research taking place as of late is not being done in a closed environment cut off from the rest of the world on a botnet that hasn't been a threat for several months. That research is being done by taking over or infiltrating known botnets that are using newer peer-to-peer botnet protocols [T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling. "Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm." In USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2008.] and [B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna. "Your Botnet is My Botnet: Analysis of a Botnet Takeover." Technical report, University of California, May 2009.] Also, instead of infected every single computer on the cluster, they should have studied more about the ways the botnet spreads by only infecting 25% or so of the network. Other useful projects related to peer-to-peer botnets is in trying to be one step ahead of the botnet developers. These kind of projects predict what the new peer-to-peer botnet protocols will be so they can better protect computers against being infected by them [Günther Starnberger, Christopher Kruegel, and Engin Kirda. "Overbot: A Botnet Protocol Based on Kademlia." In Proceedings of the 4th Conference on Security and Privacy in Communication Networks (SecureComm’08), pages 1–9, 2008.] I just think this "research" project is getting more press than it should while others that are doing more aren't getting as much.