Still, as I stated earlier, I believe that this is a bad idea, for two reasons. First, think about how hard it is to secure existing systems. Now, expand that by a few thousand systems directly accessible from the Internet. This scenario leads directly to my second fear: control. Imagine the public relations nightmare should your good botnet be taken over and used to DoS someone else's network.
I propose that instead of building counter-botnets, security professionals could better spend their time tracking the patch-installation success rate for the systems they currently have. Leave the bot-herding to the bad guys.
- Learn more about fast-flux botnets and the threats they pose.
- How risky is it to log into a botnet control channel? Learn about the possible security threats.
This was first published in July 2008