Mitigating botnet C&Cs has become useless

Gossamer Threads: mitigating botnet C&Cs has become useless

The few hundred *new* IRC-based C&Cs a month (and change), have been
around and static (somewhat) for a while now. At a steady rate of change which
maintains the status quo, plus a bit of new blood.

In this post I ask the community about what you see, against what we have
observed, and try and test my conclusions and numbers against your
findings.

The subject line “why mitigating botnet C&Cs has become useless” is
misleading. It has been useless for a long time, but someone
had to hold back the tide, which several online mitigation communities
have been doing.

Today it has become (close to) completely useless. I will present the case
on why that is in my opinion, in a few bullets, and we can discuss what
alternatives we have, or if perhaps I am misreading what’s going on.
[Read on]