
A close look at an operating botnet - conorpp
http://conorpp.com/blog/a-close-look-at-an-operating-botnet/
======
rurban
Looks like a typical perl based botnet from russia used to send spam.
[https://www.korelogic.com/Resources/Presentations/botnets_is...](https://www.korelogic.com/Resources/Presentations/botnets_issa.pdf)

I forgot where I read more about those previously, but my guess is definitely
russia. maybe reddit /netsec has more info.

[edit] they did have. Spanish, not russian

------
coldcode
It would have been interesting to discover who the other "users" were.

------
nuggien
How did the botnet operators discover your server? Were you running any
service/website on it?

~~~
conorpp
I was running the basic web server detailed in the post, but I didn't really
have to do anything else. It's a public IP, notably a Digital Ocean IP.
Internet scanners will pick it up.

