IRC Botnets Becoming A Thing Of The Past?

According to several reports, Botmasters are taking their botnets off of IRC and are now using websites to instruct and control their botnets.

The shift comes as Internet Service Providers increase use of automatic detection systems that block traffic to control IRC servers used by zombies. In addition more and more organizations are deploying firewalls and intrusion detection systems to specifically block IRC traffic altogether.

Botmasters have begun programming their bots to connect to one or more web sites to get their commands instead of connecting to an IRC server. Some of these sites are hosted on compromised servers or computers. A few Botmasters are even using message board forums and blog comments to hide the botnet instructions in plain sight by obscuring the commands in what appears to be "on topic" conversation.

"All the good guys are being challenged here. [Botmasters are] saying: 'You're spotting my traffic. I am going to try and hide it a little better,'" said Rob Fleischman, the chief technology officer at Simplicita. "Hackers know that there is a giant haystack of Web traffic, and if they hide their command-and-control there, it is harder to spot [and block.]"