PoC XMPP Bot C&C using Google Talk (video)
Earlier this year I put together an outline for a talk to cover how XMPP could be used as a botnet command and control. I just got around to playing around with the stuff and wanted to share some of the information I had and get opinions on what people thought about it all. I see XMPP as a more modern and flexible IRC when it comes to botnets. Features like federation, transports, p2p and client/server communication all make it seem to fit well in this area. Rather then waiting until it actually gets implemented, maybe we should think about what we could do to stop it or detect it now.