Using that information to interact with the botnet, however, is dangerous. Suppose that you, with the purest of...
intentions, log into the botnet control channel and issue a command to shut the botnet down or delete the bots. You might inadvertently delete some really important corporate data, or disable a critical server, causing significant financial damage. The large organization that you just affected might turn around and sue you, not the original botnet owner. The attacker might have set up a booby trap so that the botnet goes ballistic if someone else tries to control it. Inadvertently, your actions might cause massive harm.
Beyond that, there is the possibility of retribution. Even if you don't cause damage to the infected machines, there is the not-so-small matter of breaking the bad guy's botnet. The attacker may take this pain out on you by launching a massive flood. One should not trifle with people who manipulate hundreds of thousands of machines and make serious money based on their control.
That said, there is some interesting research being conducted by individuals looking into the actions of large-scale botnets and their operators. I'm not suggesting that such research should be avoided altogether. I am, however, emphasizing that such investigations are not for the faint of heart, must be carried out carefully and could result in some serious negative repercussions. Make sure you consider these issues. For most security people working in most enterprises, such risks aren't worth it.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Ed Skoudis
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ...continue reading
Wi-Fi on airplanes seems like it will be unavoidable in the future, but what security risks does it pose? In this security threats expert response, ...continue reading
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.