SANS: As the Bot Turns
A bot was seen spreading via AOL Instant Messenger (AIM) earlier today that appears to be using "encrypted" peer-to-peer (P2P - possibly Waste?) as the Command and Control (C&C) mechanism. The bots communicate with each other via port 8/TCP.
The bot does not use DNS to find any C&C. It also does not use any human readable strings in its client/server communication. Therefore, many IDS measures will not help you detect infected hosts on your network. Flow analysis and/or tcpdump looking for mysterious port 8/TCP traffic seems to be the best way to detect these infections on your network. SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System
Back to: PC Security, privacy news