A bot network tends to fluctuate such thatthe number of members of the network wax and wane over time. I basethis understanding on my regular observation of modern botnets and theobservations of my peers (please see pg. 41 of ISTR Volume X).In the past, IRC protocol-based botnets fell victim to an “AchillesHeel” situation if the single central server being used to control thenetwork was taken down, because the network without a controller wouldfall apart.
The miscreants that choose to build and control these bot networksbegan to develop innovative methods that could bolster theirreliability. With this goal, Fast-flux DNS tactics were employed toprovide redundancy so that these networks were more difficult to takedown. Trojan.Peacomm (also known as “Storm Worm”) employed the Overnetprotocol – a...
