Insights From the Inside: A View of Botnet Management From Infiltration
Recent work has leveraged botnet infiltration techniques to track the activities of bots over time, particularly with regard to spam campaigns. Building the authors' previous success in reverse-engineering C&C protocols, they have conducted a 4-month infiltration of the MegaD botnet, beginning in October 2009. Their infiltration provides one with constant feeds on MegaD's complex and evolving C&C architecture as well as its spam operations, and provides an opportunity to analyze the botmasters' operations. In particular, they collect significant evidence on the MegaD infrastructure being managed by multiple botmasters.