Full Disclosure mailing list archives
Re: understanding the botnet C&C..
From: Valdis.Kletnieks () vt edu
Date: Fri, 16 Sep 2011 11:53:43 -0400
On Fri, 16 Sep 2011 10:38:16 CDT, RandallM said:
hi an area that I am basically "stupid" on is botnets. Not what they are but "how" they work through IRC as the control center. Not just that but the various modern programs used. I am aware for instance LOIC can be used to connect to an IRC channel.. but, how then does the "herder" do the job from IRC..how does he issue commands that all the computers connected act upon, etc. ? My curiosity has just got the best of me and I would like some pointers to good material that can feed it.
Quick summary: 1) botherder gets on channel #my_botnet_C&C 2) Bots all joing #my_botnet_C&C 3) Botherder sends a message to channel "<secret_pw> crispy_critter nn.nn.nn.nn" 4) Bots receive the message, and contain code that says: if (word1 == expected_pw) && (word2 == "crispy_critter") then ddos(word3);
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- understanding the botnet C&C.. RandallM (Sep 16)
- Re: understanding the botnet C&C.. Jeffrey Walton (Sep 16)
- Re: understanding the botnet C&C.. Tillmann Werner (Sep 16)
- Re: understanding the botnet C&C.. Valdis . Kletnieks (Sep 16)
- Re: understanding the botnet C&C.. Corey Nachreiner (Sep 18)
- Re: understanding the botnet C&C.. T Biehn (Sep 20)