Quote:
Originally Posted by v00d00101
Also the possibility of getting auth credentials to an irc channel or two would be nice. Gaining control of the botnet would be nicer. First thing i'd do is get every bot to email the fbi (or other law enforcement agency) saying it was a bot, along with whatever information it currently had stored.
|
Hi, if you are thinking about honeypotting those botnets I suggest that you try Nepenthes, that is a low interaction honeypot that even I can use without any problems.
I'm not a very experienced Linux user but I catch about 2-4 botnet cc's every time that I decide to run nepenthes (usually I run it for a week or so when I feel like playing with malware). And it has other nice
features too, it auto dl's (using ftp) malware binaries and submits those to norman sandbox (from there you get botnet cc's and passwords).
http://nepenthes.mwcollect.org/
Mailinglist for botnet reporting.
http://www.whitestar.linuxbox.org/ma...stinfo/botnets
http://www.shadowserver.org/wiki/
Cheers,
/////