Lurhq has a fascinating analysis of
phatbot, the latest Windows worm payload.
These zombie networks have
been around for a few years and are responsible for distributed denial
of service attacks and spam distribution. They have sophisticated
control networks.
Note the evolution of these bots:
Phatbot is actually a direct descendant of Agobot, with additional
code rolled in from other sources. These additions have made Phatbot a
more versatile and dangerous threat in the realm of Internet security.
Do they share source? Or binary hacks?
What's most interesting is this is the first big bot network that doesn't use IRC for the control channel. Instead it uses WASTE, bootstrapped by Gnutella. No encryption yet. We've come a long way since The Morris Worm (whose author is now an MIT professor). Stacheldraht was the first of the coordinated worms I learned about; amazing how much further it's come. We're still not quite to the 8 minute nightmare of Warhol worms, although Slammer was close. These things are so powerful, I just wish someone could use them for good. As seen on warmbrain
Thanks to Marc for pointing out how interesting this was |