An interesting aspect of botnet study is to attempt to learn the motives behind building a particular botnet or trying to find the intent of the criminal mind controlling all the zombies. When it comes to botnet payloads, many different motives come to mind like DDOS, vulnerability exploitations, key logging, SPAM etc. But not all botnets are capable of doing everything especially when it comes to vulnerability exploitations, DDOS and password stealing. Amazingly most of the biggest botnets in recent times have been dedicated to sending SPAM. Take for example Srizbi, Rustock, Storm(mostly), Grum and now Waledac.
IRC bots were the first breed of malware to build multi-purpose botnets. These IRC Bots started to emerge as the next generation of malware after nifty worm breakouts like Blaster, Sasser and Slammer.
Here at Fire Eye Labs we monitor the communication of different types of bots with their command and control servers in a controlled environment. The fun part of monitoring IRC CnC is that most of the time this communication is real-time, plain text and self descriptive. Most commonly IRC Bot masters communicate their commands using IRC channel topics and/or through Private Messages. Today I will discuss some of these bot commands extracted from my lab logs. Lets see what these puppet masters are trying to do today:
Continue reading "Botnet Classics – Part 1" »
We're sharing our research at the upcoming ISOI6, the US Dept of Defense Cyber Crime conference, Internet2 Joint Techs, and at ShmooCon. If you are attending any of those events, we'd love to meet you in person! Alex talks about McColo, I'll be discussing Web malware in government networks, Stu covers the latest in malware obfusction tactics, and Julia dives into the Srizbi botnet takedown. For Dates, times, topics, & locations, please read on.
Continue reading "Upcoming Jan & Feb events we're presenting research" »
Critical government, military, and civilian networks have been repeatedly infiltrated to steal our intellectual property and national secrets. So, how do we build a modern, national cyber security policy as we enter into the 44th Presidency? The Center for Strategic and International Studies' report weighed in on this topic, but I think they missed the point in their technical recommendations.
Before I go further, I should introduce myself. I'm Ashar Aziz, FireEye's CEO and founder. I'll be chiming in to write about the big picture security issues that are facing CIO/CISO's, businesses, our national cyber infrastructure, and essentially anyone who does anything on the Internet these days.
Continue reading "Barbarians Inside the Cyber Gates" »
While examining some events from the past couple weeks, I noticed an interesting anomaly - there was a specific grouping of exploits that only occurred on the weekend!
Continue reading "A weekend warrior web exploit?" »
