Ryan Naraine at eWeek just wrote a story on botnets and spent some time with our research team as we purposely infected a machine to see a botnet in action.
In a bland cubicle on the 12th floor, Eric Sites stares at the screen of a “dirty box,” a Microsoft Windows machine infected with the self-replicating Wootbot network worm.
Within seconds, there is a significant spike in CPU usage as the infected computer starts scanning the network, looking for vulnerable hosts.
In a cubicle across the hall, Patrick Jordan’s unpatched test machine is hit by the worm, prompting a chuckle from the veteran spyware researcher.
Almost simultaneously, the contaminated machine connects to an IRC (Internet Relay Chat) server and joins a channel to receive commands, which resemble strings of gibberish, from an unknown attacker.
“Welcome to the world of botnets,” said Sites, vice president of research and development at Sunbelt, a company that sells anti-spam and anti-spyware software.
“Basically, this machine is now owned by a criminal. It’s now sitting there in the channel, saying ‘I’m here, ready to accept commands,'” Sites explained.
Alex Eckelberry