On 2 Jun 2014, at 13:03, Leo Vegoda <[email protected]> wrote: > David Derrick wrote: > > [...] > >> Sounds like 2 weeks is how long the security guys reckon it will take >> the botnet operators to deploy new C&C machines. > > That long?
If I was running a botnet, I'd have pools of infected/tested suitable machines sitting idle ready for automated deployment of things like C&C controllers, and I'd make controller identification by bots nice and agile with signalling through intermediary systems (like the DNS, or flag words in comments on third-party blogs, etc). Either we should be relieved that actual botnet operators are not very good, or this two week thing is nonsense. Joe
