By Joab Jackson
Aug 10, 2009
Starting in October, a huge botnet will be run not by nefarious
underground figures but by the Energy Department's Sandia National
Laboratories. The lab's Thunderbird supercomputer will periodically run
a million virtual machines all at once, all with botnet client software.
By setting this large network of systems into operation, the
researchers, Ron Minnich and Don Rudish, hope to better understand how
"If you want to take a look at what is really threatening the Internet,
we have to talk about the scale of the network we are working with,"
Rudish said. "One million gets us pretty close to understanding these
Typically used by spammers, botnets are comprised of thousands or even
millions of Internet-connected PCs. The owners of such machines are
typically unaware that their machines have been infected with secret
programs that do the bidding of the botnet operator. Botnet operators
tend to deploy their creations for spamming, distributed
denial-of-service attacks, and other nefarious activities.
Botnets are difficult to study in the wild because the computers are
geographically dispersed. By approximating the size of a good-sized
botnet, the researchers can understand how botnets operate and the
effects they have.
Visit and Submit to the Defcon Memory Repository