Ryan W Smith

Although it was announced on April 1st, it was no joke that I’ll be mentoring an Android Malware analysis project for Google Summer of Code.

It’s been an interesting experience and trial by fire for my first time ever being involved in a Google Summer of Code project. The first few weeks were spent answering innumerable questions from prospective students either clarifying the project requirements or requesting feedback on their proposals. Now that the submission deadline has past, things have quieted down a bit, but I fear it’s only the quiet before the storm. Once students are selected on April 25th, and with any luck I’ll be paired with my requested student, I expect that we’ll hit the ground running to start architecting and designing an Android static analysis tool that the student can complete by the end of the Summer.

I may post some updates on the project here from time to time, and I’m sure there will be regular status updates by myself and the student on an official google code site. Stay tuned for results, and with any luck we’ll have a functional static analysis tools with an IDA-like UI by the end of the Summer.

I was recently at a talk on the topic of cyber warfare and international relations, and I heard a rather odd comment from a member of the audience. I didn’t catch the exact wording, but the gist of it was that there’s a growing community that believes that botnets are becoming a thing of the past, and we should be less concerned about them. My first question was: who is this community? The answer was that they are people who have worked with on several of the recent CRS reports on illicit cyber activity. These are people who do research and write reports and recommendations for Congress, so they have a relatively large amount of influence in the policy community. It should be noted that this is not a pervasive view, but it is said to be established and growing.

I’m not saying that this view is wrong, but it will take quite a bit of evidence to the contrary to get me to change my opinion. In my opinion botnets aren’t going to go away, but they will certainly evolve. No longer will they be used for simple denial of service (although that probably won’t go away entirely), but they’ll also be used for financial gain, distributed computing, distributed storage, and wide scale subversion. We saw the beginnings of this many years ago when an underground credit card ring was caught by The Honeynet Project. The bottom line is, people will never cease to find new ways to use thousands or millions of computers under their illicit control, and botnets provide them that ability.

That said, botnets of today will wane as the technology progresses, becoming the toys of the script kiddies. New botnets will have better command and control structure, will have diverse methods of propagation, will themselves be more secure (see: Conficker), and will be less detectible. So long as there are large numbers of vulnerable computers, botnets won’t die, they’ll evolve.