What a botnet looks like.. Purteeee

August 1, 2008


Well, one can’t really discuss the malware space without focusing on Bots, which are basically souped up trojans that get put onto machines due to a innumerable number of attack vectors, typically spam, SQL injection/malicious obfuscated JavaScript/multihop iframe redirections to multistaged malware dropper sites hosted by fast flux networks.  Data, information, and authentication and identity credentials such as passwords, usernames, SSNs get stolen off machines, encrypted and sent through P2P based HTTP outbound ports sent via encrypted proxy services and dumped onto drop site servers where the info is picked up and sold to the highest bidders in the underground for identity theft, more data stealing, and espionage.   Can you say are we having fun yet?!?!  Anyways, 

Heres a great article about what one of these puppies looks like. When you hear about things like Storm… This is what they are talking about. O ya, they are hidden by advanced rootkit technology and their binaries are packed and obfuscated, making effective reverse engineering way more difficult. O yea and they use anti Virtual Machine, anti debugger, tricks as well.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: