Trend Micro solutions architect Rik Ferguson has tried to pin down the history of the botnet and for the first time try and name and shame the first two pieces of malware that started the botnet ball rolling.
Narrowing it down to either Sub7 or Pretty Park -– a Trojan and a Worm, respectively -- Ferguson says that both introduced the concept of the victim machine connecting to an IRC channel to listen for malicious commands.
These two pieces of malware both first surfaced in 1999 and "botnet innovation" as Ferguson called it, has been constant since then.
"Notable points along the botnet timeline are numerous. First up, the emergence of the Global Threat bot, or GTbot, in 2000. GTbot was based on the mIRC client, which meant that it could run custom scripts in response to IRC events and also importantly that it had access to raw TCP and UDP sockets, making it perfect for rudimentary Denial of Service attacks, some attacks went as far as scanning for Sub7 infected hosts and updating them to GTbots," writes Ferguson this week on Business Computing World.
Ferguson goes on to discuss the fact that early bots were aimed at remote control and information theft, but the move toward modularization and open sourcing lead to a huge increase in variants and the expansion of functionality As we know, Ferguson points out that malware authors gradually started to introduce encryption for ransomware as well as HTTP and SOCKS proxies, allowing them to use their victims for onward connection or FTP servers for storing illegal content.
You can read the original article here.