Social Engineering meets the Bot (Part 3) – All is Revealed

by Don Parker
Sept. 1, 2017 0 comments TechGenix malware

I left off in Part 2 of the article just at the point where we had converted the “ASM” to what it actually is ie: a PERL script. This script as we saw actually created a socket on the local computer, which in turn connected to an IRC server. The ultimate goal of this? In all likelihood to create a bot army that will probably be used in a DDoS attack on some site or online user. When doing this kind of analysis always make sure that you are logging the packets themselves. To that end I would recommend using windump for win32, or tcpdump for Linux. If you do use these programs please remember to also download and install the appropriate winpcap, or libpcap library as well. You will find links to these libraries on the pages of both aforementioned packet capturing programs. This is very important as you will later on want to review exactly what transpired at the packet level.