I am having far too much fun for a Sunday night. I ‘m at work tending to the datacenter when I receive a notice of an outgoing DoS attack. I scramble to find an ircbot/DoS perl script on the servers /tmp dir. It was most likely placed there through a crappiply coded web app.
I decide to view the source of the file and figure out what it does. Its coded in Spanish. I dont speek spanish but this isnt a huge deal. Its almost like reverse engineering a virus or worm. You have to assume that the variables are named to be misleading or vauge to make it harder on the person reverse engineering it.
So I figured out the irc server, port, name sceme and chans that it connects to and I configured iRCN to connect to them disguised as a part of the botnet.
Once connected I kill the pid for the bot on the infected server and watch it drop off in the bot net channel. How neat.
Now Im waiting for commands to be issued to me to start DoSing people. 🙂