Syntax errors are the doom of us all, including botnet authors

Larry Cashdollar, principal security intelligence repsonse engineer at Akamai, told DarkReading that almost all KmsdBot activity his firm was tracking has ceased, though the authors may be trying to reinfect systems again. Researchers at Akamai were taking apart KmsdBot and feeding it commands via netcat when they discovered that it had stopped sending attack commands. That was the case until researchers at Akamai Security Research witnessed a novel solution: forgetting to put a space between an IP address and a port in a command.