On Aug 7, 8:20 pm, Chad Etzel <c...@twitter.com> wrote: > > Here is the state of things as we know them: > > - The DDoS attack is still ongoing, and the intensity has not > decreased at all....
Has anyone had a close enough look at the botnet infection to deduce the command channel traffic? For better or worse (time will tell) there are plenty of government grey hats with wiretap-ready Narus access who may not be able to contact you directly, but who would sure know what to do and would be willing to do it if you could describe the botnet command channel characteristics. I remember not very long ago a botnet was described, by one of Felton's students if I remember right, on some blog post, and then a week later someone else who had captured an infection in a vm debugger got to watch as it received a very nicely crafted command to unlink from the host boot sequence and exit. If you want that kind of help from the shadows, you gotta help the spooks figure out the control channel behind the attack. Good luck, and remember it won't be long after it passes before you can look back and laugh, so keep your chins up!
