To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
I haven't seen any personally, but I've read that some bots won't appear in
netstat because if they're a rootkit, they won't use the NT IP stack and
therefore won't show-up in netstat. I've also personally seen infections where
they replaced the netstat.exe file with one that won't show their connections.
I was creating a webcast to show others how to use netstat when I came across
this information.
Anyone with more expertise care to confirm or deny?
So to answer your question, I believe the only way is to watch the traffic at
the router/gateway. Close all programs and sit and watch for any connections
from that PC to the outside. With all programs closed, you shouldn't see any
traffic, unless it's set to autoupdate.
That's my two cents worth.
________________________________
From: dr cronk [mailto:[EMAIL PROTECTED]
Sent: Fri 1/26/2007 8:43 AM
To: [email protected]
Subject: [botnets] Detecting zombies
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
