Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: SysAdMini on November 09, 2009, 08:21:40 am

Title: How to Disrupt a Botnet
Post by: SysAdMini on November 09, 2009, 08:21:40 am
http://blogs.sans.org/computer-forensics/2009/11/08/how-to-disrupt-a-botnet/

Quote
The following note is inspired by the steps the folks at FireEye Malware Intelligence Lab took to disable the Mega-d/Ozdok bot network. People often wonder what it takes to shut down a botnet. Here are the key steps, which apply to “traditional” botnets, which don’t rely heavily on peer-to-peer protocols for their command and control (C&C) implementation; the number of hosts and domains that such botnets use can be sufficiently small that a group or an individual can disrupt the botnet by getting these IPs or domain names shut down.