VeeshanVault

Recently while reading about the "Storm" botnet, I came across this article (kinda old) that explains the whole concept and extrapolates it out quite a ways...

http://www.securiteam.com/securityrevie ... 1P5PY.html

And this more recent paper which covers fast flux dns.. a method of hiding the source.. modern botnets are implementing this, making it even harder to track.

http://www.honeynet.org/papers/ff/fast-flux.html

I am fascinated by this type of stuff... When I was reading the first paper my reaction was "i want to build one!" but it's a good thing I'm a lazy p.o.s! It just seems like such fun to play around with, if you're not too evil about it..

Botnets have been around for ages, the oldest ones i can remember would be Trin00 and Stacheldraht.

( wich was usually found bundled up with fast range scanners and other misc tools under the /dev/ arch. )

And yeah, back during my shadier days on IRCnet, i knew people ( irl that is, and yeah, they were scriptkiddies ) with 2k+ node botnet's, they could basicly drop any server they wanted. Although they mostly used them for synflooding IRC server to takeover the IRC channels they wanted.