Howdy fellow crackers and hackers alike! Have I got a treat for you? A live botnet.
The other day at work, I encountered a number of machines all attacking other hosts. Normally its just one machine, but this there were several.
We isolated the exe responsible because it was eating up 100% CPU (not exactly subtle). I was curious about what made it tick, so I disassembled it and this is what I found. Normally where I work, we’re hit by botnets, and never get to catch them in the act as tracking down the mothership is difficult.
First things first, I want to know more about the executable, like if its packed, or what have you.
read more.......http://www.gironsec.com/blog/2013/03/reversing-a-botnet/