Skype as botnet control tool
p2p news / p2pnet: "Voice-over-IP applications could be used to cloak networks of zombies, used to launch denial-of-service (DoS) attacks," a professor at Brtiain’s Cambridge University has warned, says Computerworld.
Botnets, "could be controlled and orchestrated by messages hidden in VoIP traffic generated by programs such as Skype, warned Jon Crowcroft, Marconi professor of communications systems at Cambridge University," says the story, quoting him as declaring:
"If someone were to use a VoIP overlay as a control tool for attacks, it would be much harder to find affected computers and almost impossible to trace the criminals behind the operation."
Crowcroft revealed the technique at the Communications Research Network (CRN) funded by the Cambridge-MIT Institute, a joint venture between the two universities, says Computerworld.
eBay’s Skype says its traffic is no more dangerous than any other, "but the application has gained a reputation for stealthiness, both in the way it gets onto systems, and in the way it guards the internals of its working," says TechWorld, going on:
"Skype is designed to be easy for inexperienced end users to install, without the benefit of support from their ISPs or IT managers. It has to work unaided – and that means it has to be good at getting past firewalls and other security measures."
This can be a benefit, "but for business, it means an unmanaged hole in a firewall, and an unaudited channel of communications – which in many industries may be against business regulations," says the story. "Skype clients also act as servers, using bandwidth to handle other people’s calls."
Also See:
Computerworld – Cambridge professor warns of Skype botnet threat, January 25, 2006
TechWorld – How bad is the Skype botnet threat?, January 25, 2006
