BKBOTNTS.RVW 20070126 "Botnets: The Killer Web App", Craig A. Schiller et al, 2007, 1-59749-135-7,U$49.95/C$64.95 %A Craig A. Schiller craigs@pdx.edu %A Jim Binkley %A David Harley david.a.harley@gmail.com %A Gadi Evron ge@linuxbox.org %A Tony Bradley tony@s3kur3.com %A Carsten Willems %A Michael Cross %C 800 Hingham Street, Rockland, MA 02370 %D 2007 %G 1-59749-135-7 978-1-59749-135-8 %I Syngress Media, Inc. %O U$49.95/C$64.95 781-681-5151 fax: 781-681-3585 www.syngress.com %O http://www.amazon.com/exec/obidos/ASIN/1597491357/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1597491357/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1597491357/robsladesin03-20 %O Audience i Tech 2 Writing 1 (see revfaq.htm for explanation) %P 464 p. %T "Botnets: The Killer Web App" I'm starting the review of this book sitting in the Baker Room at the Microsoft Conference Center, attending ISOI II (the second set of Internet Security Operations and Intelligence meetings). We have just finished singing along with Gadi Evron (who arranged both the community and the meetings) to an Israeli pop song from a few years back (and from a band with the oddly appropriate name of Mashina). Craig Schiller gave me a copy of the book last night at dinner. (When I asked Jim Binkley to autograph it for me he was jealous because he hasn't yet received his own copy.) Carsten Willems was here yesterday, but I haven't seen him to ask him to sign it this morning. I'll have to ask for David Harley's autograph the next time he visits Vancouver. All of which is by way of saying that it may be difficult to be objective about this book, but ... The subtitle of chapter one, "A Call to Action," is correct. Normally one would expect a definition of the topic or technology of botnets, but the text is more of an exhortation to pay attention to the problem. The history provided is piecemeal: it does not mention the early DDoS (Distributed Denial of Service) systems (which were application-specific botnets) nor the spambotnet wars of 2004. The definition of botnets in chapter two tends to be technical, rather than functional, and the descriptions and categories could be grouped in a more logical and organized manner. A variety of alternative command and control systems are described in chapter three: the material is well written. The one weakness is the lack of detail on the standard IRC (Internet Relay Chat) control system, but this should probably have been covered more fully in the introductory chapters. Chapter four describes some of the major botnet "client" software families. The content is too technical to be of use to the average computer user, but isn't really all that detailed. Technical information about a variety of possible indications of botnet activity is listed in chapter five. The use of the Ourmon tool for detecting botnet traffic is discussed in chapters six and seven. (The structure of the text, and the reason for two chapters, is not completely clear, although six is more on installation and seven is more on use.) Ourmon's examination of IRC traffic is covered in chapter eight. Chapter nine deals with more advanced techniques. Using the CWSandbox program for malware analysis is examined in chapter ten. Software tools, research communities, and other sources of information are listed in chapter eleven. Chapter twelve is a (mostly) philosophical look at how we, as a society, should respond to botnets. There is also a brief section on protecting your own computer so as not to become part of the problem, although assessment and use of a number of the recommendations would be beyond the capabilities of the average user. Botnets are a significant problem, and one which has not been adequately addressed in the current security literature. Therefore, this work is of major importance. The book does provide a good deal of useful information for network administrators and security professionals, although better arrangement of the data and more technical detail would have been even more helpful. (The brief attempts to address individual users are not successful.) The text is a decent professional reference, and hopefully it will promote further attention and activity in this area. (Security activity. We don't need any more botnet activity.) copyright Robert M. Slade, 2007 BKBOTNTS.RVW 20070126