Our own Pierre-Marc Bureau was heavily quoted in an article by Tom Simonite on the use by the École Polytechnique de Montreal (in collaboration with researchers from Nancy University, France, and Carlton University, Canada), of a cluster of servers used for an experiment with a live botnet.
The article refers to a recent paper on "The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet" by Joan Calvet, Carlton R. Davis, José M. Fernandez, Jean-Yves Marion, Pier-Luc St-Onge, Wadie Guizani, Pierre-Marc Bureau, and Anil Somayaji. The paper presents an alternative approach to botnet research, employing “in the lab” experiments involving at-scale emulated botnets. Specifically, it describes an experiment with an emulated but fully-featured version of a Waledac botnet with close to 3000 nodes, complete with a reproduced command and control (C&C) infrastructure.
The Virus Bulletin paper Large-Scale Malware Experiments: Why, How, and So What?, by Joan Calvet, Jose M. Fernandez, Pierre-Marc Bureau, and Jean-Yves Marion, also addresses these issues in detail.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow