Full Disclosure mailing list archives

Re: understanding the botnet C&C..

From: Valdis.Kletnieks () vt edu
Date: Fri, 16 Sep 2011 11:53:43 -0400

On Fri, 16 Sep 2011 10:38:16 CDT, RandallM said:

hi
an area that I am basically "stupid" on is botnets. Not what they are
but "how" they work through IRC as the control center. Not just that
but the various modern programs used. I am aware for instance LOIC can
be used to connect to an IRC channel.. but, how then does the "herder"
do the job from IRC..how does he issue commands that all the computers
connected act upon, etc. ? My curiosity has just got the best of me
and I would like some pointers to good material that can feed it.


Quick summary:

1) botherder gets on channel #my_botnet_C&C
2) Bots all joing #my_botnet_C&C
3) Botherder sends a message to channel "<secret_pw> crispy_critter nn.nn.nn.nn"
4) Bots receive the message, and contain code that says:
if (word1 == expected_pw) && (word2 == "crispy_critter") then ddos(word3);

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

understanding the botnet C&C.. RandallM (Sep 16)
- Re: understanding the botnet C&C.. Jeffrey Walton (Sep 16)
- Re: understanding the botnet C&C.. Tillmann Werner (Sep 16)
- Re: understanding the botnet C&C.. Valdis . Kletnieks (Sep 16)
- Re: understanding the botnet C&C.. Corey Nachreiner (Sep 18)
  - Re: understanding the botnet C&C.. T Biehn (Sep 20)