BlackEnergy is an HTTP-based botnet used primarily for DDoS attacks. Unlike most common bots, this bot does not communicate with the botnet master using IRC. Also, we do not see any exploit activities from this bot, unlike a traditional IRC bot. This is a small (under 50KB) binary for the Windows platform that uses a simple grammar to communicate. Most of the botnets we have been tracking (over 30 at present) are located in Malaysian and Russian IP address space and have targeted Russian sites with their DDoS attacks.
