[Users] Cambridge professor warns of Skype botnet threat

Fri Jan 27 14:02:12 CST 2006

URL: http://cwflyris.computerworld.com/t/265276/104039/7243/0/

Cambridge professor warns of Skype botnet threat
Academic builds demo system, tears it down again

News Story by Peter Judge

JANUARY 25, 2006 (TECHWORLD.COM) - Voice-over-IP 
applications could be used to cloak networks of 
zombies, used to launch denial-of-service (DoS) 
attacks, a professor at the U.K.'s Cambridge University has warned.

Armies of ordinary PCs that have been infected by 
a virus and put under malicious control, known as 
"botnets," could be controlled and orchestrated 
by messages hidden in VoIP traffic generated by 
programs such as Skype, warned Jon Crowcroft, 
Marconi professor of communications systems at Cambridge University.

DoS attacks are usually shut down by tracing 
control messages, normally sent by chat and IM 
programs. "If someone were to use a VoIP overlay 
as a control tool for attacks, it would be much 
harder to find affected computers and almost 
impossible to trace the criminals behind the 
operation," said Crowcroft, who revealed the 
technique at the Communications Research Network 
(CRN), a networking think-tank funded by the 
Cambridge-MIT Institute, a joint venture between the two universities.

"It would be irresponsible to build something 
that could go out and be used," said Crowcroft, 
but he nevertheless built a demonstration system. 
"It was write once, tear up code. But it was very easy to do -- unfortunately."

Although the attack has not been detected in 
actual use yet, Crowcroft warns it is only a 
matter of time. The CRN's working group on 
Internet Security has raised the issue with VoIP 
providers, before making the issue public.

"There isn't a protocol you can't use as a covert 
signalling channel," responded Kurt Sauer, 
director of security operations at Skype. "Some 
large commercial groupware products have 
encrypted XML streams -- they may not be quite as 
good at firewall traversal, but that's still an opaque data stream."

The attack will add to the unease enterprise IT 
staff already feel about applications, 
particularly the very popular Skype service. Some 
IT managers do not want uncontrolled traffic 
punching holes in their firewalls, and using 
bandwidth, and security vendors have launched specific products to block Skype.

Crowcroft would like Skype to publish its routing 
specifications, so IT managers can work better 
with the application, tracking it and checking 
its behavior. "Skype's routing specification is 
proprietary," he said. "There are a whole bunch 
of reasons why obfuscation is not helpful in the long run."

Although Skype still wants its proprietary edge, 
the issue is up for discussion: "The people who 
own networks and systems have a right to manage 
as they see fit," said Sauer. "To the extent that 
we make it difficult to do that, want to address that in our products."

Reprinted with permission from

Copyright © 2006 Computerworld Inc. All rights 
reserved. Reproduction in whole or in part in any 
form or medium without express written permission 
of Computerworld Inc. is prohibited. 
Computerworld and Computerworld.com and the 
respective logos are trademarks of International Data Group Inc.

Jared Rimer
Business website: http://www.superior-software.com/support
Personal Website: http://www.asmodean.net/jrimer
Music Education Network for the Visually 
Impaired  http://menvi.org a service done through Superior Software level one
WBBY Internet Radio and All In Play team 
up.  Learn more http://www.menvi.org/allinplay
WBBY Internet Radio: www.wbby.us
Check out the Code Amber podcast and Blog.  http://codeamber.wbby.us