Social engineering meets the bot (part 3) - all is revealed
I left off in Part 2 of the article just at the point where we had converted the “ASM” to what it actually is ie: a PERL script. This script as we saw actually created a socket on the local computer, which in turn connected to an IRC server. The ultimate goal of this? In all likelihood to create a bot army that will probably be used in a DDoS attack on some site or online user.
When doing this kind of analysis always make sure that you are logging the packets themselves. To that end I would recommend using windump for win32, or tcpdump for Linux.
By Don Parker at WindowSecurity.com
[ Read more ]