Hacker-Controlled Computers Hiding Better
If you have control of a network of computers—by infecting them with some sort of malware—the hard part is controlling that network. Traditionally, these computers (called zombies) are controlled via IRC. But IRC can be detected and blocked, so the hackers have adapted:
Instead of connecting to an IRC server, newly compromised PCs connect to one or more Web sites to check in with the hackers and get their commands. These Web sites are typically hosted on hacked servers or computers that have been online for a long time. Attackers upload the instructions for download by their bots.
As a result, protection mechanisms, such as blocking IRC traffic, will fail. This could mean that zombies, which so far have mostly been broadband-connected home computers, will be created using systems on business networks.
The trick here is to not let the computer’s legitimate owner know that someone else is controlling it. It’s an arms race between attacker and defender.
Chase Venters • October 25, 2006 12:51 PM
Frankly, I think these bot nets are tremendously low-tech. I’m very surprised I haven’t ever heard of anyone deploying a P2P network as the infection spreads and using PGP-signed commands inserted at any point in the network to control it.
Maybe the real answer is that programmers are lazy, and lazy people do just enough to get by.