If you are interested in a real-world botnet analysis, take a look at the work being done with Torpig at UC Santa Barbara.
This botnet is used for the normal activities of harvesting sensitive information from computers that are controlled. Using Domain Flux, the botnet generates lists of servers for drive-by spreading by using information from Twitter trends. Pretty clever.
If you are interested in the details, be sure to download The Report.
Thanks to my bro, Steve for pointing this project out to me.
- Dan
