A while back I did some research on the same; and I found tons of Keyloggers and Backdoor Softwares that had holes and backdoors in the client.

I recently encountered a Remote Administration software, on reverse engineering we found that by sending the client a series of packets in a predefined order; it was possible to have the server run on that particular system.

I personally use Sandboxie (http://www.sandboxie.com), to analyze any unknown or suspect worthy files.

it could be too easy to backtrack a hacker out the hole he came in.
imagine breaking into storm or kraken and using them against the builder of the botnet., or just that little script kiddie who keeps bothering you. the possibilities are almost endless.

same kind of idea as honeytraps really; at the end of the day right enough – if you’re using a machine to remote control another machine, then you’re also most likely using existing tools to mask your ID while you do that, and that means as long as the link is active it’s certainly probable.

It’s trickier to resolve the originator if there’s no head node(s), and if they’ve written their own specialist hiding configs on a control node.

Still though, when it comes to finding who’s behind a spam-ad blight….they could just check the addresses of where the products are mailed from, and how you go about ordering them in the first place. You won’t necessarily locate the computer people, but you’ll find someone that hired them.

And if no to that last bit – well, can I get a safe place like that to order ganj from then? Well?