If they're using their own algorithm and then AES, what's the point? They're worrying about AES being broken? But yeah, you're right.
Seems like it would be better to spend time on the implementation of other parts of their botnet (like ... public key cryptography instead of using domain names as a key?).
Seems like it would be better to spend time on the implementation of other parts of their botnet (like ... public key cryptography instead of using domain names as a key?).