Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Bot controller mimicry - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Bot controller mimicry

For a long time I've advocated the use of security intelligence principles in information security. Often considered merely playful though interesting, increasing our knowledge and understanding of a threat reduces our uncertainty in making a response decision. Using time-tested, validated responses is important, but innovation should not be limited to the offenders only.

Joe Stewart, a researcher at Secureworks, published an interesting piece of research today which is just great afternoon reading. His research of the Coreflood network, a pest for about six years now, has so far covered the "who", "why" and "how" of infection. Today, he is also looking at using the botnet's own command & control channel to remove it from a corporate network.

Whether you favour this type of technique or would discard it out of hand, it definitely makes for a fascinating read.


158 Posts
Jul 15th 2008

Sign Up for Free or Log In to start participating in the conversation!