Botnet Command and Control


















Botnet Command and Control
This shows one of the simplest spreading mechanisms bots use: raw executable code included in a simple field (in this case, the topic of a channel). Once connected, the victims computer would then download this code and run it.
Botnet Command and Control - Welcome Message
This is an example of the welcome message from a live botnet IRC session. This is what a victim machine would see -- lots of cryptic data (potentially code), an IRC connect message, and the nickname of the victims computer, shown here as GBR|SP2|XP|#
Botnet Command and Control - Rogue Hosts
This screenshot shows what it actually looks like when you log in to a suspicious channel with rogue hosts. Included is your cryptic controller bot (@x) and you. In this case, the IRC channel is a ghost town, likely moved on to another location, but l
Botnet Command and Control - Bots in Action
This is a sample of what these bots do once they get onto the host machine. This is pulled from a live site (hostname and get tags removed) with referrer URLs from many, many unique IPs (also removed to preserve victim identity). In this sample, you c
Botnet Command and Control - Shellcode Execution
This is a snippet of attempted shellcode execution against cmd.exe.
Botnet Command and Control - Exploit Attempt
This shows an NTLMSSP (NT Lan Manager Secure Service Provider) exploit attempt.
Botnet Command and Control - Eavesdropping
Eavesdroppers listening in on botnet command-and-control communications can see thousands of connected bots waiting for instructions from a bot herder.
Botnet Command and Control - Eric Sites
Eric Sites, vice president of research and development of Sunbelt Software conducts a live demo of communications with a botnet command and control.
Botnet Command and Control - Patrick Jordan
Veteran anti-spyware researcher Patrick Jordan has found a clear connection between the botnet scourge and the upsurge in adware installations.