- Your Botnet is My Botnet (PDF) — 2008 USENIX Security paper analysing >70G of data gathered when security researchers hijacked the Torpig botnet. A major limitation of analyzing a botnet from the inside is the limited view. Most current botnets use stripped-down IRC or HTTP servers as their command and control channels, and it is not possible to make reliable statements about other bots. In particular, it is difﬁcult to determine the size of the botnet or the amount and nature of the sensitive data that is stolen. One way to overcome this limitation is to “hijack” the entire botnet, typically by seizing control of the C&C channel. [...] As a result, whenever a bot resolves a domain (or URL) to connect to its C&C server, the connection is redirected or sinkholed. This provides the defender with a complete view of all IPs that attempt to connect to the C&C server as well as interesting information that the bots might send..
- cartographer.js — build thematic maps using Google Maps. To be precise, you can build a choropleth, which is my word of the day. (via Simon Willison)
- Scamville: The Social Gaming Ecosystem of Hell (TechCrunch) — many of those games on Facebook that your friends play are evil. To get in-game money or objects, they’ll let you take a survey but at the end you’re signed up for crap you never wanted. Related: this article on monetizing social networks which talks about social gaming’s business model.
Strata Conference, October 23-26 in New York City. Use code RADAR20 to save 20% on registration.