Bot controller mimicry
Last Updated: 2008-07-15 23:10:24 UTC
by Maarten Van Horenbeeck (Version: 1)
For a long time I've advocated the use of security intelligence principles in information security. Often considered merely playful though interesting, increasing our knowledge and understanding of a threat reduces our uncertainty in making a response decision. Using time-tested, validated responses is important, but innovation should not be limited to the offenders only.
Joe Stewart, a researcher at Secureworks, published an interesting piece of research today which is just great afternoon reading. His research of the Coreflood network, a pest for about six years now, has so far covered the "who", "why" and "how" of infection. Today, he is also looking at using the botnet's own command & control channel to remove it from a corporate network.
Whether you favour this type of technique or would discard it out of hand, it definitely makes for a fascinating read.