2/13/2023 0 Comments Spam botThis method is losing popularity among bot creators and herders since it is generally easy to detect, monitor, and block IRC traffic. Traditionally, botnets have used the Internet Relay Chat (IRC) protocol for command and control . Not only has the number of infected machines grown to catastrophic levels, but the sophistication level of the tools used to infect and control vulnerable systems has also increased. The threat produced by botnets has escalated in recent years. The result is a better understanding of an advanced botnet communications scheme. Part of the discussion involves a method to extract the encryption key from within the malware binary and use that to decrypt the communications. Following the extraction of the spam module we focus our analysis on the steps necessary to decrypt the communications between the command and control server and infected hosts. In this paper we present a case study of the steps leading up to the extraction of the spam bot payload found within a backdoor rootkit known as or Spam-Mailbot.c.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |