2009
05.04

Taking over the Torpig botnet

Interesting paper about the Torpig botnet. It’s a very accurate report about this botnet, and I suggest this paper to any botnet-researcher. I found very interesting the new technique ( called domain flux in this paper) used by Torpig for C&C discovering.

[..] With domain flux, each bot uses a domain generation algorithm (DGA) to compute
a list of domain names. This list is computed independently
by each bot and is regenerated periodically. Then, the bot attempts
to contact the hosts in the domain list in order until one succeeds,
i.e., the domain resolves to an IP address and the corresponding
server provides a response that is valid in the botnet’s protocol [..]

Here is the project web site.

No Comment.

Add Your Comment

*