VoIP threats must be faced
"Tell me what you want, and I'll find a solution. I have many datacentres and options..."
No, this isn't me discussing hosting plans for my new website – I'm talking to someone who is taking part in the latest online boom – botnet hosting.
Advertising via spam, they proudly proclaim: “Tired of being scammed? Downtime? Blocked or blacklisted too fast? Get rid of Asian datacentres and choose a better spam-friendly solution…”
And all for the low, low price of $1,600 per month. Interestingly, the datacentre owner I talked to via IM told me he “wouldn't do scams” (meaning phishing), but was perfectly happy to help push adware, trojans and viruses. Better yet, he said he'd give me a discount if I hosted his botnet.
As you can see, the problem of botnets isn't going to go away. It's hard enough killing them off when hosted on legitimate servers – with outfits like the above on the prowl, the problem grows dramatically.
With the prospect of Skype/VoIP botnets on the horizon (which my datacentre “friend” mentioned as something he'd like to get into), it's crucial that we supply the tools now for a threat that may not become a problem for at least six months or more. At FaceTime, we lock Skype down – despite industry doubts that using it as an attack vector won't catch on due to the increased difficulty in managing a botnet in this way.
I beg to differ – as an industry, we need to face the challenges posed by VoIP now. Otherwise, our spam-happy datacentre owner might just beat us to it.