Hacker-Controlled Computers Hiding Better
If you have control of a network of computers -- by infecting them with some sort of malware -- the hard part is controlling that network. Traditionally, these computers (called zombies) are controlled via IRC. But IRC can be detected and blocked, so the hackers have adapted:
Instead of connecting to an IRC server, newly compromised PCs connect to one or more Web sites to check in with the hackers and get their commands. These Web sites are typically hosted on hacked servers or computers that have been online for a long time. Attackers upload the instructions for download by their bots.
As a result, protection mechanisms, such as blocking IRC traffic, will fail. This could mean that zombies, which so far have mostly been broadband-connected home computers, will be created using systems on business networks.
The trick here is to not let the computer's legitimate owner know that someone else is controlling it. It's an arms race between attacker and defender.
Posted on October 25, 2006 at 12:14 PM • 24 Comments