Full Disclosure mailing list archives
Re: Oh Yeah, botnet communications
From: Siim Põder <windo () p6drad-teel net>
Date: Mon, 23 Feb 2009 11:23:01 +0200
Hi T Biehn wrote:
The point really wasnt this trick (which was about eliminating LEAD-TIME) it was more so to prompt a discussion around various trivial tricks to write a more 'reliable botnet'.
Shortly: use coupious numbers of normal-looking domain names instead of a single obviously random one. Instead of dsfhefadsafkj.cn (pseudo-random-typing string) domain name, output of the HASH(time) should be passed through a humanize() function that would build generate domain names made of words, punctuation, parts of words, etc. Something along the lines of big-mountain-taco.com or yetimanhome.org or whatever. And instead of generating a single domain name for a day, generate more. Either a fixed number (like 25 or so) or generate new ones until you find one that has a CC server set up. The effect would be that you can't blacklist all the domains ahead of time as many of them could be very valid names someone will want to use. You can't blacklist them on the same day either, as the algorithm would generate so many valid domains even for the same day. And you can't pull the plug on the generated domains that we're registered beforehand either, as the algorithm would generate stuff like windows-server.com and computer-repair-shop.com among others, some of which are probably existing sites. Siim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Oh Yeah, botnet communications, (continued)
- Re: Oh Yeah, botnet communications Valdis . Kletnieks (Feb 19)
- Re: Oh Yeah, botnet communications T Biehn (Feb 20)
- Re: Oh Yeah, botnet communications Kurt Buff (Feb 22)
- Re: Oh Yeah, botnet communications John C. A. Bambenek, GCIH, CISSP (Feb 23)
- Re: Oh Yeah, botnet communications James Matthews (Feb 23)
- Re: Oh Yeah, botnet communications T Biehn (Feb 23)
- Re: Oh Yeah, botnet communications T Biehn (Feb 20)
- Re: Oh Yeah, botnet communications Valdis . Kletnieks (Feb 21)
- Re: Oh Yeah, botnet communications T Biehn (Feb 22)
- Re: Oh Yeah, botnet communications Siim Põder (Feb 23)
- Re: Oh Yeah, botnet communications Jordan Bray (Feb 20)