Hunting for Botnet Command and Controls

Uky writes "Convinced that the recent upswing in virus and Trojan attacks is directly linked to the creation of botnets for nefarious purposes, a group of high-profile security researchers is fighting back, vigilante-style. The objective of the group, which operates on closed, invite-only mailing lists, is to pinpoint and ultimately disable the C&C (command-and-control) infrastructure that sends instructions to millions of zombie drone machines hijacked by malicious hackers." From the article: "Using data from IP flows passing through routers and reverse-engineering tools to peek under the hood of new Trojans, Thompson said the researchers are able to figure out how the botnet owner sends instructions to the compromised machines."

Botnet

[TimeTraveler1884]

Now only if they could do this with Skynet, we might just be able to postpone Judgement Day another 6 years.

Re:C&C attacks work well for military

[CrazyJim1]

C&C attacks are the staple of today's military. An organized, centralized effort should do wonders for laying waste to the economic value (and motivation) behind such behavior.

The best way to lay waste to someone's economic power in C&C is to destroy their harvesters. Make sure not to send infantry units because they'll suffer tiberium poisoning, or merely be run over by the harvester. Another great way to wreak havoc is to send the engineer into the harvesting facility as the harvester is unloading, you'll get the building, harvester and the tiberium thats being unloaded at the time. Of course, many believe engineering cheese is the cheap way to play C&C, but of course there are too many cheesy plays to count in that game. I suggest you play something like Starcraft. Or Starcraft2, which I have a chance of actually helping with.

The new superheroes...(whats their name?)

[droopycom]

... fighting back the internet scumbags all over the planet, vigilante style...

Now if they could just have a cool name, we could have a new hit superheroes movie for this summer.

Any suggestion anyone ?
- The League of Net Shadows
- The League of Extraordinay Nerds
- The Fantastic Fourty

Come on give me something better ...

Re:The new superheroes...(whats their name?)

[UserChrisCanter4]

In honor of one of the common infection vectors: The Active X-Men.

Of course, the need to acknowledge both genders would probably make Active X-Force or Active X-Factor a better choice.

Re:The new superheroes...(whats their name?)

[wowbagger]

The League of Virginal Gentlemen?

The Red Shirt Gang?

Re:Violation of My Privacy?

Your sig is ironic considering your post.

Re:Violation of My Privacy?

[MavEtJu]

That should have been:

Don't worry. Your personal email wasn't that interesting.

Re:Violation of My Privacy?

[puzzled]

I've owned a couple of ISPs and I currently do service for a regional provider. If I cared to look I could see everything - your best defense is the same reason that you don't get dates - what you do is just not that interesting to anyone else.

Typical freeloaders

Using data from IP flows passing through routers and reverse-engineering tools to peek under the hood of new Trojans, Thompson said the researchers are able to figure out how the botnet owner sends instructions to the compromised machines.

This is a blatant violation of the trojans' EULAs if I ever saw one. The authors put a lot of work into writing those trojans. What gives "security researchers" such a sense of entitlement to that code? If they want to analyze malware, they should write their own!

Re:Easy way to catch them.

[edbulldog]

Then load tons of bots in channels pretending to be 'users'. You could even get creative and make them idely chatter with each other..

I... kinda feel someone already did this. It would explain the behavior in some irc networks.