DNS request for large TCT record;
spoof victim’s IP
Open recursive DNS Servers(anyone can query)
Botnet command and control
Botnet is a network of compromised comuters that the “botmaster” uses for malicious purposes
– There needs to be command & control(C&C) from the botmaster to the bots
Example: a bot reports to the botmaster its status, is directed to a site to download a malware(botcode) update, and/or receives instructions to spam/phish/DDos, etc.
Botnet C&C problem
Naively, we could have victims contact us..
suppose we create malware(vx)
– download vx code; fiddle; compile
– uses email propagation/social engineering
Spreading is easy, but what if we want to use the compromised computers(victims)?
Naively, we could have victims contact us…
problems:VX must include author’s address(not stealthy)
single rallying point(not robust)
VX has hard-coded address(not mobile)