Botnet Command and Control

1
2
3
4
5
6
7
8
9
1 of 9

Botnet Command and Control

This shows one of the simplest spreading mechanisms bots use: raw executable code included in a simple field (in this case, the topic of a channel). Once connected, the victims computer would then download this code and run it.

2 of 9

Botnet Command and Control - Welcome Message

This is an example of the welcome message from a live botnet IRC session. This is what a victim machine would see -- lots of cryptic data (potentially code), an IRC connect message, and the nickname of the victims computer, shown here as GBR|SP2|XP|#

3 of 9

Botnet Command and Control - Rogue Hosts

This screenshot shows what it actually looks like when you log in to a suspicious channel with rogue hosts. Included is your cryptic controller bot (@x) and you. In this case, the IRC channel is a ghost town, likely moved on to another location, but l

4 of 9

Botnet Command and Control - Bots in Action

This is a sample of what these bots do once they get onto the host machine. This is pulled from a live site (hostname and get tags removed) with referrer URLs from many, many unique IPs (also removed to preserve victim identity). In this sample, you c

5 of 9

Botnet Command and Control - Shellcode Execution

This is a snippet of attempted shellcode execution against cmd.exe.

6 of 9

Botnet Command and Control - Exploit Attempt

This shows an NTLMSSP (NT Lan Manager Secure Service Provider) exploit attempt.

7 of 9

Botnet Command and Control - Eavesdropping

Eavesdroppers listening in on botnet command-and-control communications can see thousands of connected bots waiting for instructions from a bot herder.

8 of 9

Botnet Command and Control - Eric Sites

Eric Sites, vice president of research and development of Sunbelt Software conducts a live demo of communications with a botnet command and control.

9 of 9

Botnet Command and Control - Patrick Jordan

Veteran anti-spyware researcher Patrick Jordan has found a clear connection between the botnet scourge and the upsurge in adware installations.

Top White Papers and Webcasts