CCP's War On Bots: Zeroing In On Eve Pilot

Last week CCP Stillman told me over Twitter that I might notice a new trend in what botters were crying over insofar as Team Security's actions were concerned.  I thought that he meant all the negative balances I kept reading about.  But just in case I missed something, I started reading the various botting forums again looking for anything unusual.  And I found it.

A theory that I have heard on the Eve Online forums and even in the comments on the blog is that Team Security is ignoring the little guy running single bots and concentrating on the botters running large scale operations designed to fuel illicit RMT rings.  Apparently that belief was prevalent amongst users of the Eve Pilot family of bots.  The following exchange I just found from the end of April is why I wrote "was prevalant".

28 April 2012

Famine:  "But i think Slav has mentioned that single users of his program have not been banned since the middle of 2011 or something."

Slav2 (developer of Eve Pilot):  "This statement was true before resent bans. Pre festival time has traditionally higher risk of a ban, when CCP collecting statistics to show in graphs. I think CCP made some changes in bot detection after festival. Some new ideas could appear when GMs collected statistics. Now single bots who use VMWare may be banned too."

I've heard mention of using VMWare to disguise a botter's IP address and to run multiple bots.  I've also caught other mentions where users of VMWare are getting caught, although I've intentionally shied away from spelling out avoidance methods in great detail.  If using VMWare is a practice that is likely to get a botter noticed, then I'm anxious to watch the tears flow.  The botters know that Team Security uses IP addresses to ban players so they use VMWare to disguise them.  But if VMWare is a red flag, what's a botter to do, go straight?  That's crazy talk!
What appears is occurring is that Team Security's technical detection methods were first extremely reliable detecting botting fleets or people stupid enough to bot longer than 12 hours a day, so that is what was banned.  As time moved on and the detection methods improved, VMWare users of Eve Pilot are now detectable even if botting by themselves.  No grand strategy of going after the illicit RMT trade first involved.  CCP was just picking off the low hanging fruit and they now have brought out a ladder and are reaching a little higher.
 
Now if only we can get a new Security dev blog with an update.  CCP Sreegs showed the CSM some fascinating stuff and I'd really like to hear the unclassified version.