Autonomously spreading malware has been a global threat to the Internet Community ever since the existence of the Internet as a large-scale computer network. A specialization of this threat are botnets; recent trends towards commercialization of botnets made the situation even worse. This document outlines the weaknesses of different existing approaches to catch malware – especially bots – and shows how Medium Interaction Honeypots solved these problems. It evaluates the success of Medium Interaction Honeypots so far and additionally points out some other related work. 1 The Problem: Botnets One of the biggest problems the Internet is facing today – besides spam – is autonomously spreading malware. Some malware was written solely for proof of concept or education of the author, other malware was written with solely destructive intentions in mind. The biggest threat is however posed by remotely controllable backdoors. They not only allow commercial industry espionage on a highly advanced level, recent threats have become critical even to the end customer’s computer. Controllable networks of many infected nodes are currently referred to as botnets  as most of these are even today still based upon the IRC control and an early term for non-human, controllable IRC servants (even though not malicious) was bot. However, new protocols are now emerging for command and control of such botnets, with the most widespread alternative to IRC being HTTP. Another interesting trend is to use DNS as command and control protocol, although this is not in widespread use yet. Botnets pose a severe threat to today’s Interne
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.