We here a lot about the rise of organized crime and the sophistication of the attackers. While this is true, in many cases I still see amateurish type attacks.
While reviewing an IPS I found the following messages. IPS still provides a great way to detect bot-nets and while there is an obvious problem on this network these IRC connections are being blocked by the IPS.
An interesting article related to this can be found here.
IRC Messages
| :nick | :msg | ||||
| #usb | Infected usb drive: E: |
Interesting Nicknames to an IRC channel
VirUs-rigvgunl
VirUs-rflkbvny
VirUs-rexehaxz
VirUs-rcpcmobp
VirUs-rboinhcv
VirUs-raquheuv
VirUs-raozodkn
VirUs-racgucrn
VirUs-quyozuoc
VirUs-qufnunld
VirUs-msubtplz
[03|MEX|XP|981734]
[03|MEX|XP|444546]
| 
| 
| 
| 
| 
| 
It seems like there are more and more ways that botnets are propagating and just IRC channels. Do you know of any other way??