Not all botnets communicate the same way. It's disappointing, but true. Yet many of the organizations I deal with struggle to understand the significance of a botnet's communication topology and the tools/services botnet operators typically use to make their botnets resilient to blocking or shutdown.
By understanding how bot agents communicate with their CnC infrastructure, security teams can better adapt and tune their existing protection systems to combat.
This new whitepaper I wrote - "Botnet Communication Topologies" - is a plain language analysis of the CnC topologies commonly seen in the wild. It covers the topologies used today by botnet masters as well as describing the fluxing technologies typically deployed in conjunction - making them more robust to takedown and blocking.
The papers objective is education as to the nature of the threat, and seeks to explain the relative strengths and weaknesses of the botnet topologies - with a view of enabling organizations to make better decisions pertaining to their proposed blocking strategies.