Botnet Eavesdropping: Inside the Mocbot (MS06-040) Attack
When Joe Stewart spotted a variant of the Mocbot Trojan hijacking unpatched Windows machines for use in IRC-controlled botnets, he immediately went to work trying to pinpoint the motive for the attacks. Stewart, a senior security researcher with LURHQ’s Threat Intelligence Group, set up a way to silently spy on the botnet’s command-and-control infrastructure, and his findings suggest that for-profit spammers are clearly winning the cat-and-mouse game against entrenched anti-virus providers. Full Story