FireEye Malware Intelligence Lab - Botnet studies

Post by **DNR** » 30 Dec 2009, 10:17

http://blog.fireeye.com/research/2009/0 ... beast.html

"The purpose of this series of articles is very simple, to give our readers an idea about the current geographical distribution of command and control coordinates for the some of the top botnets. Based on this data I'll try to estimate whether it is possible to shutdown these botnets by puling the plug for these servers. The Botnets which will be discussed in these articles are Pushdo, Xarvester, Rustock, Koobface and Ozdok. These stats are based on my sandnet logs for the last 3 months or so."

http://blog.fireeye.com/research/2009/0 ... rt-ii.html

"In this second part of the series I will try to analyze the command and control structure/coordinates for another famous botnet, Koobface. This article is not a detailed analysis of the malware itself but covers mostly its botnet aspect. "

http://blog.fireeye.com/research/2009/1 ... ozdok.html

"In my previous article, I talked about the Ozdok command and control architecture and its fallback mechanisms in great detail. That article was an attempt to highlight different approaches to take down this botnet theoretically. But when it comes to the actual shutdown, it's far more complex than just finding out the command and control server coordinates and fallback mechanisms. An actual shut down attempt requires someone to take the initiative and start a combined effort involving third parties like ISPs, registries, registrars, etc. "

Post by **bad_brain** » 31 Dec 2009, 12:22

nice find man...

here is a very interesting site about botnets:
http://www.shadowserver.org
I've joined them and can now report bots via web iface...