A News.com article reports that bots will include encryption to hide their presence.
In the near future, bots will include encryption to hide their presence from security and network sniffing tools often used to detect their presence, said Adam Meyers, an information assurance engineer at SRA International speaking at the Computer Security Institute conference here.
I’m not a bot expert, but I thought this was already common practice, controlling bots over encrypted IRC channels.
The bot writers have a choice of a variety of encryption technologies, according to Meyers. They could use SSH, SSL (Secure Sockets Layer), ROT-13 or a proprietary method, Meyers said. Such a bot would be harder to craft than today’s bots, but worthwhile, he said.
ROT13? That’ll slow down the cryptanalysis…not. But perhaps enough to fool the IDS.