Eavesdropping on Bots Preparing to Attack
When Joe Stewart spotted a variant of the Mocbot Trojan hijacking unpatched Windows machines for use in IRC-controlled botnets, he immediately went to work trying to pinpoint the motive for the attacks.
Stewart, a senior security researcher with LURHQ´s Threat Intelligence Group, set up a way to silently spy on the botnet´s command-and-control infrastructure, and his findings suggest that for-profit spammers are clearly winning the cat-and-mouse game against entrenched anti-virus providers.
“The lesson here is once you get infected, you are completely under the control of the botmaster. He can put whatever he wants on your machine, and there´s no way to be 100 percent sure that the machine is clean,” Stewart said in an interview with eWEEK.Read Full Story