To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Hubbard, Dan wrote: > I am coming late into this one, but what about HTTP/S for C&C ? > > We are seeing this more frequently being used and not only is a nice > alternative to IRC and a better way to control infected clients in the > enterprise.
There are basically two disadvantages as far as I can judged it: - You cannot push commands, but they are polled. So there is no way to force all clients to perform a command right now but it is executed after a certain time, when the client checks the `page' the next time. This might work well for spammers as they don't really care, when exactly their emails are sent out for example. But this is not that nice if you want to steal certain items from a WoW account for example, which probably involves several steps. - Again central point of failure, take the DNS down and the botnet is shut down. I doubt peer-to-peer will be the really next step after IRC, but it should be what we should be most afraid of (think about DNS-covert-p2p-botnet). Prepare to fight P2P! ;) Georg 'oxff' Wicherski _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
