Technical botnet takedowns useless. Technical controls needed.

TrendMicro’s 2010 in Review: No Recession for Cybercrime notes the ineffectiveness of several of the publicized botnet takedowns.

The futility of takedowns was seen when Pushdo/Cutwail was taken down earlier this year. Within days, it was back in business. Similarly, security researchers were able to take down the Waledac botnet in March but, as we noted at the time, the spam levels remained unchanged.

The lesson is that shutting down a botnet by purely technical means doesn’t do anything in the long term; arresting the people responsible is key to fixing the cybercrime threat.

What does this mean to the enterprise? You are on your own. Given the ease with which new botnets can be created and their geographic distribution, the arrests will be interesting but will not significantly reduce the botnet threat.

Cymbel provides three complementary solutions which help you mitigate the risks of botnets:

  • Palo Alto NetworksNext Generation Firewall with integrated Intrusion Prevention, URL Filtering, and botnet command and control communications detection.
  • FireEye – Heuristics-based malware detection with sandboxed suspicious code execution to minimize false positives.
  • Seculert – SaaS-based, External Threat Intelligence which alerts you on your compromised systems by monitoring the botnets themselves.