Quicky Analysis of a Proxy/Zombie Network
or... Night of the Slippery Spam
steele of  lowkeysoft.com

Back in April or so it seemed like everyone was reporting on the zombie botnets used by spammers. Slashdot was running a story almost every other day at one point (of course a lot of those were dupes :)

Well, right around the same time I came across a keylogger/screencap trojan. It wasn't very special, however by tearing it apart and following it's trail I was led to an interesting series of servers. It took me a couple of days to gain access, but since then I've been able infilitrate and shut down 4 other networks based on the same setup. Here's the basics of what I've found...

As always there are two sides to a zombie network. The control server and the clients.
The Client     

|Main Page|Projects|Tools|Papers|Links|Contacts|