LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Open source Mule takes the "donkey work" out of ESB (IT Manager's Journal)

Open source Mule takes the "donkey work" out of ESB (IT Manager's Journal)

Posted Apr 13, 2007 14:18 UTC (Fri) by drag (subscriber, #31333)
In reply to: Open source Mule takes the "donkey work" out of ESB (IT Manager's Journal) by lacostej
Parent article: Open source Mule takes the "donkey work" out of ESB (IT Manager's Journal)

> How does that scale with regard to distribute big deployement ?

I would expect that it scales very well.

This IRC control technique is how people control massive amounts computers in illegal botnets.

They'd find a Linux server (or similar) somewhere with a good pipe and bad administrator, hack it, install their rootkits and IRC servers to remotely manage their Windows-based botnets.

They'd setup a IRC bot as a sort of ringleader on that server.

Then they'd modify some old worm using some Windows exploit.

As the worm roams around the internet, the infected machines then seek out the IRC server, or one of it's mirrors, to get instructions.

The ringleader IRC bot would then provide uploads or additional instructions for those hacked machines.

Then when the script kiddie sells off the botnet or rents out it's services all they have to do is log into their illegal IRC server, update the ringleader bot with new instructions. The Windows-based rootkits check in, upload the new spammer email program or whatever and then they are off spamming massive amounts of email.

So over the internet this sort of thing easily scales to thousands of clients. Tens of thousands or maybe even hundreds. Who knows.

This is just what I understand personally about it, details probably differ from realities, but I don't think it's far off.

It's the first thing that jumped into my head when the other person mentioned they used IRC to coordinate stuff. (maybe some of the lead IT folks wore darker hats in their previous lives, eh?)

From what I understand this is getting less popular. It's to easy to detect IRC servers. Nowadays people use encryption and such that runs over highjacked Apache servers or something like that. Run the botnet herding it over http or https ports and have it encrypted. It's not unusual to have encrypted web traffic, so the illicit activities are harder to notice. Plus most people already have holes punched through their firewalls for web servers and such. But I can see how this would be handy for administrators.

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds