Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Bot controller mimicry InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Bot controller mimicry

Published: 2008-07-15
Last Updated: 2008-07-15 23:10:24 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

For a long time I've advocated the use of security intelligence principles in information security. Often considered merely playful though interesting, increasing our knowledge and understanding of a threat reduces our uncertainty in making a response decision. Using time-tested, validated responses is important, but innovation should not be limited to the offenders only.

Joe Stewart, a researcher at Secureworks, published an interesting piece of research today which is just great afternoon reading. His research of the Coreflood network, a pest for about six years now, has so far covered the "who", "why" and "how" of infection. Today, he is also looking at using the botnet's own command & control channel to remove it from a corporate network.

Whether you favour this type of technique or would discard it out of hand, it definitely makes for a fascinating read.

0 comment(s)
Diary Archives