eWeek: Botnet Eavesdropping: Inside the Mocbot (MS06-040) Attack
When Joe Stewart spotted a variant of the Mocbot Trojan hijacking unpatched Windows machines for use in IRC-controlled botnets, he immediately went to work trying to pinpoint the motive for the attacks.
ADVERTISEMENT
Stewart, a senior security researcher with LURHQ’s Threat Intelligence Group, set up a way to silently spy on the botnet’s command-and-control infrastructure, and his findings suggest that for-profit spammers are clearly winning the cat-and-mouse game against entrenched anti-virus providers.
“The lesson here is once you get infected, you are completely under the control of the botmaster. He can put whatever he wants on your machine, and there’s no way to be 100 percent sure that the machine is clean,” Stewart said in an interview with eWEEK.
Stewart, a well-respected researcher who specializes in reverse-engineering malware files, echoed a warning issued earlier this year by Microsoft. [Read on]