Cody Pierce, security researcher at TippingPoint's DVLabs, told SCMagazineUS on Tuesday that “we set out to see how the bot communicates, see how it decides who to contact, and discover what kinds of commands it can execute. The idea was to see if it was possible to infiltrate these things and shut them down.”
The researchers found that the code can be arbitrarily downloaded and executed on zombie hosts. With that knowledge and a little legwork, they found that a measure of the number of infected machines could be estimated.
According to Pierce, “The bot generates dynamic DNS host names. Those names are registered and the ploy will listen for command and control information. We figured out that if we registered a couple of names that came up when a machine first reboots, we would have a good chance of hitting a lot of bots when they report in. From there we could gather statistics about how large the bot network was.”
The bot is not undefeatable. Pierce said, “We found that whoever was controlling the bot could make changes, so that the code could update itself on affected machines. By investigating and using this mechanism ourselves, we devised a way that the bots could be cleansed from the systems they were on.”
See original article on scmagazineus.com
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
Digital NSW 2025 Showcase
_(1).jpg&h=140&w=231&c=1&s=0)
