Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Oh Yeah, botnet communications

From: "Gary E. Miller" <gem () rellim com>
Date: Fri, 20 Feb 2009 10:48:17 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Travis!

On Thu, 19 Feb 2009, T Biehn wrote:


You know how the current amateur botnet offerings are basing domain lists
off the current time to allow the 'good guys' to prepare?

Why not base the seed off something like a news RSS feed?


Or how about yesterday's close of the S&P 500 or Cisco stock?  Or
maybe yesterday's Lotto numbers.  Maybe a hash of all the above.

This would drive bot hunters nuts.  Until they reverse engineer the
new scheme.  Since the scheme is in every bot it would just take
some reverse engineering.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFJnvr0BmnRqz71OvMRAmJWAKC4kPXM0C6L6d4Tkldw4ypeQuXXmQCgyZH9
xjMzFphho5t9UEeTj4UigE0=
=hUXf
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: