CPE: McAfee AudioParasitic: Episode 3: Bot and evolution of Bot
length: 00:20:37
discussion with Allysa Myers – one of the most renown bot
expert..
started with macro virus and script virus..
most malware static and most of the static malware are
bot!
purpose of bot: it to control the system
It started as IRC script – one guy try to flood some guy
kocking off the channel- taking down the entire chat room – taking down the
entire server… - they had to get more and more computer to achieve this!!
Using trojan the realize how successful ,then they started
to take down amazon – yahoo!
Find vulnerability – infect the machine
Today - malware is
packed with different packer – not necessary detectable..
Because the malware get repacked – millions of virus to millions
of people…
Packet: it is like winzip – but write the file in memory the uncompress file never actually hit the
disc.
As packer get more popular – AV will make signatures..
Packer variation –
New malware against old existing malware – create a new
malware..
Command and control – C&C infected machine will log
into chat room & provide sysinfo – ide what OS/patch/BW – get pwd/ exec
file
IRC is initially used to control – port 6666 – changing
IRC traffic is changing
HTTP is getting more and more prevalent – still IRC
command more to p2p
P2P – without C&C
-anybody as long as they have the password can control it!!
At this point it is important to understand the risk – it
is known there are people out there who want to cause problem –protect your
assets!!
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home