« Software Decoys: Intrusion Detection and Countermeasures | Main | And you thought you were safe after SLAMMER, not so, Swarms not Zombies present the greatest risk to our national internet infrastructure »
Aim For Bot Coordination
A paper from this year's Virus Bulletin conference that explores IM-based botnet communication channels. While not too long (only 3 pages), it highlights some of the attractive features about the AIM protocol Oscar that could be useful for bots.In the last few years, there has been increasing interest within the virus-writing community in Internet Relay Chat (IRC) based malware, due to the power afforded by the IRC scripting language and the ease of coordinating infected machines from a chat-room type of structure. What has developed is a very modular, open-source sort of threat which is very rapidly adapted to include new functionality and new infection vectors. More recently, there has also been an increase in the number of threats spreading through Instant Messaging (IM) clients, particularly OSCAR-based clients like AOL Instant Messenger (AIM). IRC bots have begun using this functionality to spread, but there is more capability available within OSCAR than is currently being exploited.Source: Aim For Bot Coordination, Lysa Myers, from Virus Bulletin 2006.As there has also been an increase in the number of bots using Command and Control (C&C) channels that utilize something other than IRC (primarily web-based currently), it stands to reason that there may be a possibility of virus-writers using OSCAR as a means of control. This paper looks to explore the capabilities of OSCAR for being used in C&C scenarios, and what steps could be taken to mitigate this proactively.
October 28, 2006 in new trends, papers | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
Protection for your computer.
Search-and-destroy Antispyware is one of the best options available when you are searching for protection for your computer that you can trust. I know because I have tried many different types of scans in the past and the biggest difference I have found between them is the price. I found the antispyware solution from Search-and-destroy to be a great option that is affordable and easy to use. Visit http://www.Search-and-destroy.com to learn more about this scan and what it can do for you. If you are like me, you will be glad that you took the time to check it out.
Posted by: Chezy | May 9, 2009 5:03:34 AM
The comments to this entry are closed.
