Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Botnet Herders Can Hide Behind VoIP

Internet telephone applications like Skype and Vonage could become hacker hideouts, a group of technologists and academics funded by MIT and Cambridge University said Thursday.

According to the Communications Research Network (CRN), voice-over-Internet (VoIP) software could give perfect cover for launching denial-of-service (DoS) attacks.

Jon Crowcroft, a Cambridge professor and the lead CRN researcher on the problem, noted that if botnet "herders," the term given to attackers who control large numbers of bot-infected PCs, turn to VoIP applications for command and control, security experts might find it impossible to trace back an attack to the perpetrator.

Current practice by most botnet herders is to issue commands to their armies of "zombie" machines over IRC (Internet Relay Chat) channels, or less frequently, via instant messaging (IM).

Crowcroft argued that attackers could use VoIP's ability to dial in and out of its overlays to make their tracks impossible to trace. In addition, proprietary protocols -- in some cases used by VoIP software to ensure ISPs can't block their applications -- make it tough for providers to track DoS attacks. Ditto for the encryption these applications offer and their peer-to-peer approach to routing packets.

  • 1