funsec mailing list archives
Nugache
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Wed, 2 Jan 2008 10:35:29 -0500
I know this is old news, but I just love these two paragraphs: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1286808,00.html But with this network, in lieu of one C&C server, there were a number of peers around the network that were sending out commands and serving as download sites for various pieces of the network. So if one of the peers in the network that the attacker is using to issue commands to the rest of the network is shut down, the attacker could simply begin sending orders through another peer. This made the entire network of compromised PCs equal partners and made the prospect of disabling the network incredibly daunting. As troubling as this new development was, more troubling was the fact that the peers sending out the commands changed on the fly and, as Dittrich watched, various members of the network would drop off botnet, only to reappear days or weeks later. So the shape and size of the botnet was changing almost constantly, with entire branches going dark for extended periods of time and peers jumping from one portion of the network to another seemingly on a whim. And, to add to the pile of bad news, the bots were communicating with each other over an encrypted channel, making it all but impossible to listen in on their conversations. And to hammer the point home: http://www.theregister.co.uk/2007/12/31/vxer_scene_rip/ :-( -JP<who will miss the viruses that turn up your volume and scream "THIS GUY IS LOOKING AT PRON!"> _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Nugache Dude VanWinkle (Jan 02)