Eavesdropping on a Botnet

wild3rbeast writes "Joe Stewart, a senior security researcher with LURHQ's Threat Intelligence Group has figured out a way to silently spy on a botnet's command-and-control infrastructure, and finds that for-profit crackers are clearly winning the cat-and-mouse game against entrenched anti-virus providers. From the article: 'The lesson here is once you get infected, you are completely under the control of the botmaster. He can put whatever he wants on your machine, and there's no way to be 100 percent sure that the machine is clean. The only way to be [completely] sure the system is malware-free is to completely wipe the hard drive and reinstall the operating system.'"

PC Clinic

[Short+Circuit]

At my computer club's PC Clinic, I set up Ethereal on our network gateway computer, to keep track of things. You can easily see this kind of crap going on.

Re:It's a bird. It's a plane. It's TC!

[The+MAZZTer]

Some games use it for CD verification. If you tamper with it (ie remove it) the game will likely fail it's CD check and no longer run.

I have a game that uses it, you probably agree to it in the EULA somewhere. I forget which game it was...

Oh and I can't help but notice, as others have before me, that software pirates are not encumbered by these restrictions and bloatware, while legitimate customers are forced to use it.

Steve Gibson did something akin to this

[BertieBaggio]

I know he may not be the most favourite of people around here, but Steve Gibson was able to spy on the IRC command & control channel of a botnet a few years ago. It was precipitated by a DDoS on his site, which he investigated rather thoroughly.

Link to the article (...long article warning)

Some of the article is quite interesting, some is obvious, some is ego-boosting self-congratulatory statements, and some of it is his "teh XP can create complete 'UNIX sockets' OH NOES!" propaganda. Still worth a read, even if it is a few years old.