One of the scarier realities about malicious software is that these programs leave ultimate control over victim machines in the hands of the attacker, who could simply decide to order all of the infected machines to self-destruct. Most security experts will tell you that while this so-called "nuclear option" is an available feature in some malware, it is hardly ever used. Disabling infected systems is counterproductive for attackers, who generally focus on hoovering as much personal and financial data as they can from the PCs they control.
But try telling that to Roman Hüssy, a 21-year-old Swiss information technology expert, who last month witnessed a collection of more than 100,000 hacked Microsoft Windows systems tearing themselves apart at the command of their cyber criminal overlords.http://voices.washingtonpost.com/securityfix/2009/05/zeustracker_and_the_nuclear_op.htmlThis is bad. I see it as a sign that the botnet wars are heating up, and botnet designers would rather destroy their networks than have them fall into "enemy" hands.http://www.schneier.com/blog/archives/2009/05/zeus_trojan_has.html
To the contrary; this is the best thing to happen in the botnet wars in a long, long time. Like any parasitic organism, the most successful computer viruses are the ones that do not cause significant harm to their hosts. (You know why Ebola Zaire can't seem to get out of Africa? Because it kills its carriers long before they can ever get on an airplane!)
If self-destructing botnets become pervasive, two things to happen: A) It'll make people take their computer's security a lot more seriously. When they get a virus that wipes their entire computer and utterly fucks them over, people will start to sit up and take notice. (They might even (GASP!) start websurfing with JavaShit turned off! Nah, only kidding. Nobody will EVER do that. I mean, it's free
and it actually works
- why would anyone take that approach??) B) People will learn the costly lesson that if you don't have backups, then you'd better not store anything you care about on your computer - cause a trojan will destroy your machine any day now.
To reiterate, the long-term consequences are: People will improve their security (making it harder to infect them), people will make backups so their data isn't lost when their machine is wiped, and they will in general start paying more attention to the threats posed by trojans and botnets. These are not good trends if you're a botnet creator. Your botnets will self-destruct one by one, and the number of new infections will go down drastically.
This really is a zen thing for the botnet creators. The less harmful you make your trojans, the more successful they will be. The more control botnet creators attempt to wield over their botnets, the more reaction they will provoke, and the more they get wiped out. "Scorched earth" tactics are pretty much the ultimate in calling attention to yourself and will guarantee, in the long run, that your trojan and botnet will receive the first and most attention from the people who want to wipe it out. The most successful trojans/botnets will be the ones that both cloak themselves as effectively as possible (basically, cause the least possible change
to infected machines) as well as actively kicking off all other viruses and malware on the machine (essentially becoming like an immune system for the infected machine).