Botnets are the scorge of the Internet. These webs of remotely controlled “zombie” computers are used to send huge amounts of spam and bring websites to their knees via DDoS attacks. It’s long been known that they are created by getting unsuspecting users to click on bogus links in an email. This in turn downloads a malicious code that allows the hacker to take control of the PC, most of the time without the owner ever knowing. What wasn’t known was how to stop them-until now.

Researchers at DV Labs have managed to infiltrate the infamous Kraken botnet, and that’s not all-they also found a way to shut it down remotely. They did this by discovering that the code can be downloaded and executed on a zombie host. After doing so they were able to estimate the number of infected PC’s in the botnet.

         “The bot generates dynamic DNS host names. Those names are registered and the ploy will listen for command and control information. We figured out that if we registered a couple of names that came up when a machine first reboots, we would have a good chance of hitting a lot of bots when they report in. From there we could gather statistics about how large the bot network was,” said Cody Pierce, a security researcher at the lab, “We found that whoever was controlling the bot could make changes, so that the code could update itself on affected machines. By investigating and using this mechanism ourselves, we devised a way that the bots could be cleansed from the systems they were on.”

There’s no word yet if the same technique works on other bots like Storm, but it will be exciting to find out. This discovery is an IT and Sys Admin’s dream and a hackers worst nightmare-at least for now. Knowing hackers, they’ll find away to defeat the new infiltration technique, but having discovered one at all should put them on notice that the battle against cybercrime won’t be ending any time soon-in fact, our armor may now be stronger than ever.