Penetration Testing mailing list archives
RE: Botnets
From: Wong Yu Liang <wong.yuliang () vads com>
Date: Tue, 31 Mar 2009 11:13:09 +0800
. How are commands issued via IRC? Eg . phatbot <User> .commands.list <BoT> -[ command list ]- <BoT> 1. / "commands.list" / "Lists all available commands" <BoT> 2. / "cvar.list" / "prints a list of all cvars" (and more to folllow...) -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Laurens Vets Sent: Friday, March 27, 2009 4:06 PM To: pen-test () securityfocus com Subject: Re: Botnets Hello Munyaradzi,
Can someone please explain to me how botnets use IRC? I want to make a presentation to my group demonstrating this in my lab which comprises of 4 winxp boxes. Unpatched. How are commands issued via IRC?
Simply put, as soon as your pc is infected, it will open an IRC connection to some IRC server just like a real life person would do... One example of how this happens can be read here: http://www.honeynet.org/node/54 Do a search for "tracking botnets" on Google and you'll see lots of papers and articles about how bots communicate which each other. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute No time or budget for traveling to a training course in this fiscal year? Check out the online penetration testing courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need as well: CEH, CPT, CEPT, ECSA, LPT. http://www.infosecinstitute.com/request_online_training.html ------------------------------------------------------------------------ DISCLAIMER This message may contain confidential and privileged information for its intended recipient(s) only. If you are not an intended recipient, you are hereby notified that any review, dissemination and distribution, printing or copying of this message or any part thereof is strictly prohibited. Please delete the entire message and inform the sender of the error. Any opinions, conclusions and other information in this message that are unrelated to the official business of VADS Berhad are those of the individual sender and shall be understood as neither explicitly given nor endorsed by VADS Berhad. VADS Berhad does not authorise any of its employees to make any defamatory or seditious statements which is contrary to the laws of Malaysia. Any such communications by such employees are outside their scope of employment and VADS Berhad shall not be liable for such communications. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute No time or budget for traveling to a training course in this fiscal year? Check out the online penetration testing courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need as well: CEH, CPT, CEPT, ECSA, LPT. http://www.infosecinstitute.com/request_online_training.html ------------------------------------------------------------------------
Current thread:
- RE: Botnets Wong Yu Liang (Apr 03)
- RE: Botnets R. DuFresne (Apr 14)
- <Possible follow-ups>
- Re: Botnets M.D.Mufambisi (Apr 03)
- Re: Botnets Renaud Bidou (Apr 03)
- Re: Botnets R. DuFresne (Apr 03)
- Re: Botnets Aarón Mizrachi (Apr 03)
- Message not available
- Re: Botnets Aarón Mizrachi (Apr 14)
- --++[Preventing the spread of USB malware]++-- Marcus Vinicius (Apr 14)
- Re: --++[Preventing the spread of USB malware]++-- Shreyas Zare (Apr 14)
- Re: --++[Preventing the spread of USB malware]++-- Nathan Sportsman (Apr 15)
- Message not available
- Re: --++[Preventing the spread of USB malware]++-- Marcus Vinicius (Apr 15)
- Re: Botnets Aarón Mizrachi (Apr 03)