To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- > I am coming late into this one, but what about HTTP/S for C&C ? >>You cannot push commands, but they are polled.
True, in part Georg. But what if you manage multiple domains with multiple variants? It's easier to maintain survivability for a week+ on each one. Then, you can have them auto-update every time via a BHO and FTP. Thus, it's rather rapid and effective for push data via the BHO angle with this server side solution. In fact, it's not that far off from what you'd see if you had an IRC standard setup for bots, but over port 80 and no central point of interference from anti-guys. That's what we see now with Metafisher type bots that are moving to the http/s direction. Cheers, Ken Dunham Director of the Rapid Response Team _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
