Control Infrastructure

• Increased use of IRC networks and protocols
  • IRC server replaces the handler
    • common, ‘legit’ service ports (e.g., 6667/tcp)
    • commands are buried in ‘legit’ traffic
    • no agent listeners; outbound connections only
  • More ‘survivable’ infrastructure
    • reduction in address lists maintained
    • disposable, easy to obtain agents
    • makes use of public IRC networks
    • private servers are also used

Previous slide

Next slide

Back to first slide

View graphic version