.I don't know why I neglected to link this from here earlier, but here is a two-part analysis (high and low level) on the Kraken botnet and it's functionality that Cody and I put together:
http://dvlabs.tippingpoint.com/blog/2008/04/28/kraken-botnet-infiltration
http://dvlabs.tippingpoint.com/blog/2008/04/28/owning-kraken-zombies
The second article (Owning Kraken Zombies) is probably of more interest to the readers here. It contains the more technical tidbits.
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}