Searching for Botnet Command & Controls

Orange Eater writes "eWeek has a story about a group of high-profile security researchers intensifying the search for the command-and-control infrastructure used to power botnets for malicious use. The idea is to open up a new reporting mechanism for ISPs and IT administrators to report botnet activity." From the article: "Operating under the theory that if you kill the head, the body will follow, a group of high-profile security researchers is ramping up efforts to find and disable the command-and-control infrastructure that powers millions of zombie drone machines, or bots, hijacked by malicious hackers."

Query string

[Jordan+Catalano]

Just filter traffic looking for the string "Sarah Connor".

Re:What I don't understand

[MustardMan]

Zombies you say? Well, I suppose it depends on the type of zombie. If they are Night of the Living Dead style zombies, then removing the head will indeed kill them. However, if they are Return of the Living Dead type, clearly you need to burn the entire botnet. Of course, the ashy packets would then spread to neighboring datacenters and there'd be hell to pay.

I'd like to report a huge Botnet...

[Dareth]

It is run by this Taco guy...

He uses this website, slash something or other. All he has to do is put the url he wants attacked on its frontpage and all his loyal "bots" go right to work on a DDOS attack.

Most ingenious! And I bet he profits handsomely from it too!

Re:What is ..?

[tomhudson]

It's a Perl script that says "Hello, World!"

... so it IS line noise :-)

FTFA:

Operating under the theory that if you kill the head, the body will follow ... find and disable the command-and-control infrastructure that powers millions of zombie drone machines

Here you go: One Microsoft Way Redmond, WA 98052 Phone: (425) 882-8080 Fax: (425) 706-7329.