Google Bot-Net Stopper?

Reddit It | Digg This | Add to your: del.icio.us, Google, Yahoo

With an idea like GoogleDNS widely in use, Google would be in a position to detect Bot-Nets. Many computers (estimated to be 1 in 4) have been taken over and made part of a Bot-Net to do the hackers' bidding. Quite often, these computers are used to serve as hosts for impossible to detect/track web sites.

If a scam artist wanted to run an "example.com" web site and provide purchase and payment instructions, but not get caught doing it, they would pay a hacker to have it hosted by a bot-net. When the user clicks on the example.com link, a dynamic DNS entry would dole out an IP address for some poor individual whose machine has been compromised. The scammer's web page would be served up, and no one would be able to track down the scammer. The next time someone went to example.com, the IP address would be someone else's compromised computer. The IP addresses for example.com would appear to bounce around all over the world. Law enforcement is left trying to "follow the money" to catch the scammer, since they can't track them down via the web site.

A GoogleDNS solution would allow Google to detect DNS resolution oddities such as a bot-net would exhibit. As the user attempts to visit example.com, Google could provide the user with warnings or outright blocking of the site based on the user's preferences.

Unfortunately there is a possible work-around for hackers to avoid immediate detection. Hackers would want to make their bot-net web site "clusters" act like respectable authentic web site clusters. Many web sites exhibit this DNS resolution behavior as they load balance their web site across the country, or across the world. I am convinced though, that there are detectable differences in this behavior that the clever people at Google can use. For example, bot-nets would likely need a larger number of sites, or higher turnover, to do the same thing as a "respectable" cluster... or the hosts of the web site could be resolved to be on home cable networks.

Google is in a unique position to offer protection from bot-nets that few services could detect or provide.