To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- the snapshot by websense is similar (web layout, color scheme, and the forms) to the c&c for a bot i previously encountered. for this particular bot, it opens a file on the c&c web server every 5 seconds or so. this file can be found at
/cgi-bin/socks/bot/cmd.txt looks like that file contains the "commands" for the bot to execute, very much the same to the IRC topic commands. unfortunately, i lost the sample (also forgot the detection name) On 4/15/06, Hubbard, Dan <[EMAIL PROTECTED]> wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > > > > We have seen quite a few web-based bot controllers. Here are some > screenshots. > > http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=257 > > > > > > > > ________________________________ > From: David Cheney [mailto:[EMAIL PROTECTED] > Sent: Fri 4/14/2006 3:58 PM > To: Mary Henthorn; [email protected] > Subject: Re: [botnets] Web-Based Bots > > > > > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > I too am interested in botnets whose command and control mechanism is > not IRC. The web and the community seem to be ripe with anecdotal > evidence of elusive networks based on a variety of covert communication > channels, but as of yet I have not seen any real evidence. There is an > analysis of Phatbot which claims it uses a striped down version of > WASTE: > http://www.lurhq.com/phatbot.html > > But I haven't been able to confirm this one yet (looking for a sample). > If anyone finds such a beast, I would greatly appreciate any evidence. > > --dgc > > -----Original Message----- > From: Mary Henthorn [mailto:[EMAIL PROTECTED] > Sent: Friday, April 14, 2006 1:38 PM > To: [email protected] > Subject: Re: [botnets] Web-Based Bots > > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > I haven't seen any response to this, but I'm also interested in > web-based and other non-IRC C&C botnets. I appreciate the ideas people > on this list shared with me and I'll use them when I watch the network > this weekend. I'll let you know if I learn anything new about non-IRC > C&C traffic. > > Mary > > > -----Original Message----- > From: Ken Dunham [mailto:[EMAIL PROTECTED] > Sent: Wednesday, April 05, 2006 2:59 PM > To: [email protected] > Subject: [botnets] Web-Based Bots > > > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > Hi, > I'm going to do a little research on web-based bots to date. Does > anyone have any examples of web-based bots, where they are controlled, > where stats are provide, etc, to an HTTP solution rather than an IRC > solution? > > Thanks, > ken > _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
