Sykes pointed out to us that the report also contains a “futures section”. Sykes said that “basically we are calling out Vista, Web 2.0 and the new collaborative environments we are working in as classic territory for the bad guys”. He also called out the dangers to enterprise customers when he said that “Closely linked is the enterprise side of the business – with virtualization – and we’ve seen some proof of concept – if you can virtualize the data, you can virtualize the threats – we expect to see more targeted [attacks] in the future”.

Spam and phishing was also on the rise. Sykes explained that “half to 2/3rd of the world’s email is spam, and now the attention is turning to SMS and MMS picture messages”. He said that instead of getting those pump and dump scams in your email, they are now “turning up on people’s phones”, especially as “they become more 3G enabled. History will repeat and the same will occur in intelligent handheld devices – that area serves to play to the whole user issue – if someone sends you a stock tip as an obvious spam email – but when you receive an SMS from your friend Debbie recommending a stock, you might think ‘ok I’ll go for that’.”

Sykes said that when online, “Nothing is sacred, nothing is safe. One big danger area in the future is “online gaming”, which Sykes said is a target because hackers are “trying to compromise the serious gameplayer who has a big PC, is online 24x7, and has a powerful computer loaded up to the max”. The hackers running botnets can then “harness the grunt and use it as a bot or zombie – while also a taking part in the black market in the tools and weapons that people have and re-sell it and make some money online, which is seeing some young people becoming very distressed as their gaming experiences are ruined” by the bad guys.

One question we posed to Sykes was: “Seeing as you know where some of these underground servers are, what are doing to shut them down, whether it’s by yourself or with others? What are you doing to shut them down?”

Sykes responded that: “The first assumption is that we can shut them down – but it’s like a whack-a-mole. We don’t believe we are close to the tip of the iceberg – it’s a bit like a honey pot environment – we are attempting to monitor and understand it. The same philiosophy applies to command and controls with botnets – shut one down and another pops up – and worse, some bots are working p2p”.

He continued that “We are saying for the first time that we can identify, understand and learn about them before they can be knocked them out”. Doing otherwise, Sykes said, would be the equivalent of “Just spitting into the ocean”.

When pressed on what kind of global efforts could be co-ordinated to shut down botnets, Sykes said that “I can’t comment on what law enforcement or industry bodies [will do], but we share this info around the place to the relevant parties. Right now having just reported it for the very first time in 11 reports, we want to spend some time getting to understand it and figure out ways from stopping it from growing rather than knocking it on the head”.

Sykes continues that “On the report we don’t disclose how many there are, or how we know [that criminal servers are up and running as] it is a proprietary analysis, but many are well known, disguised as chat room, or not even hidden at all. Just type in ‘credit cards’ into Google and you’ll see sites that claim to sell personal information [like credit card details and more]. Knocking two or three over isn’t going to make a contribution to the problem – we need to understand hwo to cut them off at the knees rather than a couple of fingers”.

The last question posed to Sykes concerned using the bad guys tactics to help us all fight the botnets. We aksed, couldn’t Norton 360, Norton Internet Security 2007 and other security products from different companies work in p2p mode to be create a ‘good’ botnet to fight all the bad bots?

Sykes responded that it was an interesting question on how the threat may well soon be fought. He said that “If [the bad guys] can do that for the botnet threats, we can do that for the protection – and we’re working on it. Good solid broadband availability [will be required]. [We will also need] people’s conscious willingness to allow a degree of intrusive behavior in their world. A bot is not deliberately consentual. For us to do the same thing, people must give us a degree of trust to intrude on some of their habits”.

Sykes concluded that “We want to take the big footprints and multiple functions [of today’s security products] and bring them down to bot environments to protect against evolving threats. We are definitely looking to learn [from the bad guys and use some of their own tactics against them!].
{moscomment}