REVIEW: "Botnets: The Killer Web App", Craig A. Schiller et al
- BKBOTNTS.RVW 20070126
"Botnets: The Killer Web App", Craig A. Schiller et al, 2007,
%A Craig A. Schiller craigs@...
%A Jim Binkley
%A David Harley david.a.harley@...
%A Gadi Evron ge@...
%A Tony Bradley tony@...
%A Carsten Willems
%A Michael Cross
%C 800 Hingham Street, Rockland, MA 02370
%G 1-59749-135-7 978-1-59749-135-8
%I Syngress Media, Inc.
%O U$49.95/C$64.95 781-681-5151 fax: 781-681-3585 www.syngress.com
%O Audience i Tech 2 Writing 1 (see revfaq.htm for explanation)
%P 464 p.
%T "Botnets: The Killer Web App"
I'm starting the review of this book sitting in the Baker Room at the
Microsoft Conference Center, attending ISOI II (the second set of
Internet Security Operations and Intelligence meetings). We have just
finished singing along with Gadi Evron (who arranged both the
community and the meetings) to an Israeli pop song from a few years
back (and from a band with the oddly appropriate name of Mashina).
Craig Schiller gave me a copy of the book last night at dinner. (When
I asked Jim Binkley to autograph it for me he was jealous because he
hasn't yet received his own copy.) Carsten Willems was here
yesterday, but I haven't seen him to ask him to sign it this morning.
I'll have to ask for David Harley's autograph the next time he visits
All of which is by way of saying that it may be difficult to be
objective about this book, but ...
The subtitle of chapter one, "A Call to Action," is correct. Normally
one would expect a definition of the topic or technology of botnets,
but the text is more of an exhortation to pay attention to the
problem. The history provided is piecemeal: it does not mention the
early DDoS (Distributed Denial of Service) systems (which were
application-specific botnets) nor the spambotnet wars of 2004. The
definition of botnets in chapter two tends to be technical, rather
than functional, and the descriptions and categories could be grouped
in a more logical and organized manner. A variety of alternative
command and control systems are described in chapter three: the
material is well written. The one weakness is the lack of detail on
the standard IRC (Internet Relay Chat) control system, but this should
probably have been covered more fully in the introductory chapters.
Chapter four describes some of the major botnet "client" software
families. The content is too technical to be of use to the average
computer user, but isn't really all that detailed. Technical
information about a variety of possible indications of botnet activity
is listed in chapter five.
The use of the Ourmon tool for detecting botnet traffic is discussed
in chapters six and seven. (The structure of the text, and the reason
for two chapters, is not completely clear, although six is more on
installation and seven is more on use.) Ourmon's examination of IRC
traffic is covered in chapter eight. Chapter nine deals with more
Using the CWSandbox program for malware analysis is examined in
chapter ten. Software tools, research communities, and other sources
of information are listed in chapter eleven. Chapter twelve is a
(mostly) philosophical look at how we, as a society, should respond to
botnets. There is also a brief section on protecting your own
computer so as not to become part of the problem, although assessment
and use of a number of the recommendations would be beyond the
capabilities of the average user.
Botnets are a significant problem, and one which has not been
adequately addressed in the current security literature. Therefore,
this work is of major importance. The book does provide a good deal
of useful information for network administrators and security
professionals, although better arrangement of the data and more
technical detail would have been even more helpful. (The brief
attempts to address individual users are not successful.) The text is
a decent professional reference, and hopefully it will promote further
attention and activity in this area. (Security activity. We don't
need any more botnet activity.)
copyright Robert M. Slade, 2007 BKBOTNTS.RVW 20070126
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
All persons ought to endeavor to follow what is right, and not
what is established. - Aristotle
Dictionary of Information Security www.syngress.com/catalog/?pid=4150