ABSTRACT
Executive Summary As malicious code production has evolved from a hobbyist’s pursuit to a tool of organized crime, malicious code has evolved to meet the demands of its new creators. Previously, most malicious codes made few outbound connections, except for the specific purpose of propagation; the intent of this early malicious code was only to spread. In recent years, the focus of malicious code has changed, becoming much more complex. In addition to propagation and resilience, modern malicious codes often have the capability to send spam, act as a proxy, download and execute additional malicious codes, and have other functionality, all while acting as a node in a large, centrally managed botnet. ese botnets require command channels to communicate to their owners, and these channels almost always use outbound connections from the bot to bypass firewalls that prevent incoming connections (see Figure 14.1).
