Akamai Diversity

The Akamai Blog

Long Live the Botnet

Botnets are, in many ways, living organisms. They are formed by their creators - both malicious and benign - and then roam the internet. Much has been written about good and bad bots, but not much as been written about the lifecycle of the bot. Do Bots die? If so, when? What is the average life-span of a good bot? A bad bot?
Nine months ago The Akamai Threat Research Team published a detailed blog post describing a botnet which targeted vulnerable web applications. This particular bot was exploiting an already known vulnerability in a Joomla Content Editor (JCE) plug-in that enables the upload of unauthorized malicious files.

Nine months later the subject of our post lives on. The Threat Research team continues to observe the abnormal malicious activity through the Akamai Cloud Security Intelligence initiative.

You might think that being exposed in a security blog post might bring shame to a bot, and that at the very least it might spend some time underground. To the contrary - we have found that not only are some of the botnet members still active, but that this particular botnet is evolving and targeting also other Content Management Systems (CMS), such as WordPress.

So what to do about this flagrant disregard for internet decency by our little Bot friend? Is there anything we can do? Or are we doomed to only observe facts about our bot as it continues to "long live".

Continue reading on "InfoSec Island": http://www.infosecisland.com/blogview/24441-Long-Live-the-Botnet.html