“The botnet, which appears to be larger than the infamous Storm botnet was in its heyday, has infected machines from some 77 government-owned domains — 51 of which are U.S. government ones, according to Ophir Shalitin, marketing director of Finjan, which recently found the botnet. Shalitin says the botnet is controlled by six individuals and is hosted in Ukraine.

Aside from its massive size and scope, what is also striking about the botnet is what its malware can do to an infected machine. The malware lets an attacker read the victim’s email, communicate via HTTP in the botnet, inject code into other processes, visit Websites without the user knowing, and register as a background service on the infected machine, for instance. The bots communicate with their command and control systems via HTTP.”

Read carefully…especially about the estimation methods adopted for bot counting.
I havent discovered what is the C&C IP that they are talking about, Dorothy’s platform is just traking an Ukraine, maybe is the same C&C?


Evidence suggests first zombie Mac botnet is active – Ars Technica:

“If you let yourself get tempted into installing the pirated versions of iWork or Photoshop CS4 that circulated on Bit Torrent earlier this year, you may have unwittingly turned your Mac into a zombie.”

Interesting,could be a new target for the Dorothy platform, anyone have more details on how could be built a drone? network dump log, or malware binary are welcome!


Hi guys,

I’m apologized for the long-time of inactivity but i have been engaged with the planification about the future of this project.
The Dorothy Project is being evolving to the official Italian Honeynet Chapter, we are waiting for the correct subscription process accomplishment .
Meanwhile, we have formed the official membership of the project.
Currently this project count 5 official members, as soon as possible we will make available our profile for letting you all to meet us better .
We are defining the work to do in the next weeks, and planning the date for the official release of the web platform .

Here will be published every news about the project/chapter progress, and every interesting thing about the project research area (IT Security, Botnet, Malware Analysis, etc) so stay tunes, and post your opinions/comments!

See you soon



Waiting for the full-upload of my research work, i would share with you all the introducion chapter. This can give you an overview about the Project aims and goals.



The introduction (pdf) is available here