![]() It is worth mentioning that in order to acquire a control server address list, the bot uses the search service at, and - as a search query - specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date. It sends a request to a remote site to acquire a list of control servers, and then connects to the remote servers and waits for instructions. Then opens a port on an infected computer and awaits an incoming connection. Fascinatingly, compromised computers receive commands from servers under the control of botmasters, using information posted in messages on Reddit as a navigational aid:
0 Comments
Leave a Reply. |