The Botnet Hunters

They're the Internet equivalent of storm chasers, spending endless hours scanning and sleuthing, looking for the telltale signs of botnets. Here's an inside look at the battle against cybercrime's weapons of mass infection.

A self-proclaimed geek from the age of 14, Andre DiMino had always been interested in computers and networking. But it wasn't until he entered his professional life many years later that he became interested in the security side of that world.

"I was a system administrator for a fairly large network that experienced a significant hacking incident one weekend," said DiMino. "I became consumed with learning about the methods of attack, who might be involved, and where it came from. Right then, I became passionate about all aspects of security, as well as the various groups that carried out the attacks."

And today, in his forties, it is DiMino's interest in the dark side of security that consumes much of his free time. By day, DiMino is a professional digital forensic analyst. By night, he serves as director of an organization known as Shadowserver Foundation, a group of volunteers dedicated to sleuthing out cybercriminals and shutting them down.

DiMino, and another cofounder who is no longer part of the organization, launched Shadowserver in 2004 with the initial mission of tracking malicious activity online and finding some way to make it stop.

"We just kind of started chasing malware, chasing bots," said DiMino. "Mainly we were interested in understanding what malware did, where it went, how it was developed."

A good deal of their time was spent tracking malicious botnets, networks of compromised computers running software that is installed through virus or worms, without the owners' knowledge; these systems are then controlled remotely by a "bot master." They are used for various online crimes, including sending out spam, phishing, committing click fraud and launching denial-of-service (DDoS) attacks. Windows PCs are the typical target, although a Mac botnet was reported earlier this year.

1 2 Page
Insider: How a good CSO confronts inevitable bad news
View Comments
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies