Just like any other malware, you write a code to do whatever you like.stateofmind76 wrote:How are Botnets coded?
Probably. Thats the first thing that comes to mind.stateofmind76 wrote:Raw sockets?
Spread methods are unrelated to the malware itself. The botnet is the malware's payload and theres a separate system that is responsible for spreading.stateofmind76 wrote:How are most spread?
Possibly.stateofmind76 wrote:Drive by downloads? Network exploits?
Proxy?stateofmind76 wrote:How can a Bot Master prevent himself from being traces
I never heard of protecting a botnet from attack... unless you mean protecting it from anti virus companies and such that want to figure out how to remove it, in which case its just packing\protecting\other anti debugging methods.stateofmind76 wrote:and protect his Botnet from attacks? (Yes, even Botnets have security)
Theres no exact answer... you need to research it and find out how it works, just like any other malware. about tracing the IP address, unless he is retarded and didnt use a good proxy, youre pretty much out of luck.stateofmind76 wrote:and MOST IMPORTANTLY, what is the most effective way to stop a Botnet attack and trace the Bot Master's IP address?
Well...stateofmind76 wrote:I didn't exactly expect a one word answer... more to start a topic of debate. For instance,
"stateofmind76 wrote:How can a Bot Master prevent himself from being traced?
Well, what kind of proxy?
A SOCKS proxy may be enough, but what if he used each of his zombies as a proxy server, making himself almost impossible to trace? And assuming he's running IRC as his C&C center, if he set his name to look like one of the bots, it would be very hard to tell who was the Bot Herder if someone were to intrude his IRC channel, they would have no idea who the Bot Master was. I think just using a basic proxy isn't enough, there are many clever stealth techniques that Bot Net Operators use, and a SOCKS proxy, is thinking inside the box.
Do you expect me to believe the Bot Master of Conficker has just a basic proxy running...
Thanks for your input though!
Users browsing this forum: No registered users and 0 guests