Tuesday, April 29, 2008

Kraken Botnet Infiltration

When the Kraken botnet was "exposed" at the RSA conference this year, alot of controversy surrounded it within the MA community. Was this really a new botnet? Was it really as big as the speakers were saying it was? Why weren't samples shared before hand? And so on.

Despite this controversy, there has been alot of interesting information about it. One of the most interesting pieces I've read is from two analysts at TippingPoint who infiltrated the Kraken botnet. Yesterday, they posted two blog entries which discuss how they did it - from both a high level and a technical level.

They are very good reads and I recommend reading them.

Kraken Botnet Infiltration
(high level)
Owning Kraken Zombies, a Detailed Discussion (technical)

No comments: