http://blog.fireeye.com/research/2009/0 ... beast.html
"The purpose of this series of articles is very simple, to give our readers an idea about the current geographical distribution of command and control coordinates for the some of the top botnets. Based on this data I'll try to estimate whether it is possible to shutdown these botnets by puling the plug for these servers. The Botnets which will be discussed in these articles are Pushdo, Xarvester, Rustock, Koobface and Ozdok. These stats are based on my sandnet logs for the last 3 months or so."
http://blog.fireeye.com/research/2009/0 ... rt-ii.html
"In this second part of the series I will try to analyze the command and control structure/coordinates for another famous botnet, Koobface. This article is not a detailed analysis of the malware itself but covers mostly its botnet aspect. "
http://blog.fireeye.com/research/2009/1 ... ozdok.html
"In my previous article, I talked about the Ozdok command and control architecture and its fallback mechanisms in great detail. That article was an attempt to highlight different approaches to take down this botnet theoretically. But when it comes to the actual shutdown, it's far more complex than just finding out the command and control server coordinates and fallback mechanisms. An actual shut down attempt requires someone to take the initiative and start a combined effort involving third parties like ISPs, registries, registrars, etc. "
FireEye Malware Intelligence Lab - Botnet studies
FireEye Malware Intelligence Lab - Botnet studies
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
nice find man...
here is a very interesting site about botnets:
http://www.shadowserver.org
I've joined them and can now report bots via web iface...
here is a very interesting site about botnets:
http://www.shadowserver.org
I've joined them and can now report bots via web iface...