Dark Reading - Evil Bytes: Botnets: Coming To A Social Network Near You

/Home/Internet Security: Blogs/Internet Security: Dark Reading blog/Dark Reading: Evil Bytes

I've dealt with a lot of different types of bots. The communication channels among them have varied from unsophisticated IRC command and control (C&C) servers to advanced peer-to-peer (P2P) protocols. For botnet herders, the challenge is flying under the radar of network security professionals who are monitoring their networks and looking for anomalies. The infosec pros who know their networks inside and out are likely to pick up on strange protocols pretty quickly -- which is one of the reasons HTTP bots have been so effective.

by John Sawyer
Apr 17, 2009

Blocking HTTP is impractical for many organizations, opening up the opportunity for bots to reach out to their HTTP C&C servers. Zeus and Conficker are two examples of bots that have used HTTP. Malware researchers have published a list of known Zeus HTTP C&Cs, and that's where Conficker has upped the ante, making it much harder to track because it can check a huge list of domains generated daily and still communicate via P2P.

Click the URL above to read the full article