[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <867780538CE4AD4BAF3F931D5088A3B79D4CF4FE@es05co>
Date: Sun, 18 Sep 2011 00:10:56 +0000
From: Corey Nachreiner <Corey.Nachreiner@...chguard.com>
To: RandallM <randallm@...mail.com>, "full-disclosure@...ts.grok.org.uk"
<full-disclosure@...ts.grok.org.uk>
Subject: Re: understanding the botnet C&C..
This basic video series may help:
http://www.watchguard.com/tips-resources/video-tutorials/botnets-part-one.asp
http://www.watchguard.com/tips-resources/video-tutorials/botnets-part-two.asp
http://www.watchguard.com/tips-resources/video-tutorials/botnets-part-three.asp
http://www.watchguard.com/tips-resources/video-tutorials/botnet-source-code-for-overachievers.asp
That said, we made that ages ago. It is quite dated. Most modern botnets have started to use HTTP C&C channels, often encrypted. They also sometimes obfuscate their C&C via proxies and p2p. Leaked source code for Zues and spyeye probably would provide a better idea of how modern botnets work.
Cheers,
Corey Nachreiner, CISSP | Senior Network Security Strategist
WatchGuard Technologies, Inc. | www.watchguard.com
206.613-0873 Direct
206.227.6905 Mobile
corey.nachreiner@...chguard.com
Office Hours: 9:15 AM to 6:15 PM Pacific (GMT-8), Mon - Fri
Better be despised for too anxious apprehensions, than ruined by too confident security. - Edmund Burke
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
WatchGuard: Stronger Security, Simply Done
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of RandallM
Sent: Friday, September 16, 2011 8:38 AM
To: full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] understanding the botnet C&C..
hi
an area that I am basically "stupid" on is botnets. Not what they are
but "how" they work through IRC as the control center. Not just that
but the various modern programs used. I am aware for instance LOIC can
be used to connect to an IRC channel.. but, how then does the "herder"
do the job from IRC..how does he issue commands that all the computers
connected act upon, etc. ? My curiosity has just got the best of me
and I would like some pointers to good material that can feed it.
Sorry for the "troll" like post but I really would like to understand
this further. Have done a number of Google searching but have hope
someone here has done personal research.
--
been great, thanks
RandyM
a.k.a System
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists