Botnet takedowns cannot be done by technology alone, and require people, law enforcement and going after criminal networks.
In a speech at the RSA Conference in San Francisco on taking down the world's largest spam botnets, FireEye's Atif Mushtaq asked the audience how many felt it could be done with technology alone, to which there was no audience response. He said: “In my opinion we can win the battle using technology, going after criminal networks and exposing identities of those behind the networks and working with law enforcement to arrest the masterminds. Unless we work on those three fronts at the same time, we cannot solve this problem and the future of cyber warfare means this is how we fight this war.”
Mushtaq said there was a time when spam botnets ruled the internet and pumped millions of spam messages out on a daily basis, and companies spent millions on spam gateways and the security industry tried to combat this problem. Saying that "a few incidents changed everything", he detailed five botnets takedown since 2008, including Rustock and Pushdo and those linked to McColo, which was the 'ceiling' of the command and control (C&C) servers.
He said FireEye had talked with the owner of Pushdo, who had asked why FireEye had wanted to take that botnet down, as there were "a lot of much more dangerous bots in the world than harmless Pushdo". “He said he has an office in Moscow, ten employees and he considers himself to be on the business side,” Mushtaq said.
“We strongly believe in botnet takedowns by the community. Grum was that way, as we worked with Spamhaus, Certs and white hats.”