Eavesdropping on Bots Preparing to Attack

By | August 21, 2006

When Joe Stewart spotted a variant of the Mocbot Trojan hijacking unpatched Windows machines for use in IRC-controlled botnets, he immediately went to work trying to pinpoint the motive for the attacks.

Stewart, a senior security researcher with LURHQ´s Threat Intelligence Group, set up a way to silently spy on the botnet´s command-and-control infrastructure, and his findings suggest that for-profit spammers are clearly winning the cat-and-mouse game against entrenched anti-virus providers.

“The lesson here is once you get infected, you are completely under the control of the botmaster. He can put whatever he wants on your machine, and there´s no way to be 100 percent sure that the machine is clean,” Stewart said in an interview with eWEEK.Read Full Story

Leave a Reply