Friday, January 13, 2012

CPE: McAfee AudioParasitic: Episode 3: Bot and evolution of Bot

length: 00:20:37

discussion with Allysa Myers – one of the most renown bot expert..
started with macro virus and script virus..

most malware static and most of the static malware are bot!

purpose of bot: it to control the system

It started as IRC script – one guy try to flood some guy kocking off the channel- taking down the entire chat room – taking down the entire server… - they had to get more and more computer to achieve this!!

Using trojan the realize how successful ,then they started to take down amazon – yahoo!

Find vulnerability – infect the machine

Today  - malware is packed with different packer – not necessary detectable..
Because the malware get repacked – millions of virus to millions of people…

Packet: it is like winzip – but write the file in memory  the uncompress file never actually hit the disc.

As packer get more popular – AV will make signatures..

Packer variation –
New malware against old existing malware – create a new malware..

Command and control – C&C infected machine will log into chat room & provide sysinfo – ide what OS/patch/BW – get pwd/ exec file

IRC is initially used to control – port 6666 – changing
IRC traffic is changing
HTTP is getting more and more prevalent – still IRC command more to p2p

P2P – without C&C  -anybody as long as they have the password can control it!!

At this point it is important to understand the risk – it is known there are people out there who want to cause problem –protect your assets!!

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home