Editing Botnet (section)

===IRC===
IRC networks use simple, low bandwidth communication methods, making them widely used to host botnets. They tend to be relatively simple in construction and have been used with moderate success for coordinating DDoS attacks and spam campaigns while being able to continually switch channels to avoid being taken down. However, in some cases, merely blocking of certain keywords has proven effective in stopping IRC-based botnets. The RFC 1459 ([[Internet Relay Chat|IRC]]) standard is popular with botnets. The first known popular botnet controller script, "MaXiTE Bot" was using IRC XDCC protocol for private control commands.

One problem with using IRC is that each bot client must know the IRC server, port, and channel to be of any use to the botnet. Anti-malware organizations can detect and shut down these servers and channels, effectively halting the botnet attack. If this happens, clients are still infected, but they typically lie dormant since they have no way of receiving instructions.<ref name=":0" /> To mitigate this problem, a botnet can consist of several servers or channels. If one of the servers or channels becomes disabled, the botnet simply switches to another. It is still possible to detect and disrupt additional botnet servers or channels by sniffing IRC traffic. A botnet adversary can even potentially gain knowledge of the control scheme and imitate the bot herder by issuing commands correctly.<ref>{{Cite book |doi=10.1016/B978-159749135-8/50005-6 |title= Botnets|last1=Schiller |first1=Craig A. |last2= Binkley |first2=Jim |last3=Harley |first3= David | last4=Evron |first4=Gadi |last5= Bradley |first5=Tony |last6=Willems |first6= Carsten |last7= Cross |first7= Michael |chapter= Alternative Botnet C&Cs|date= January 1, 2007 |isbn= 978-159749135-8 |publisher=Syngress|location= Burlington, Virginia |pages= 77–95}}</ref>