These exploits are probably child's play for most security programmers, but I haven't the first clue how these are built, deployed, C&C'd and it just blows my mind how cool all these stages of control happen.
Are there any recommended 'Hacking for Dummies' book for learning more how these things work? It's like a code version of Ocean's 11 to me!
I'm by no means an expert but these are some of the links/books I've found informative.
Smashing The Stack For Fun And Profit [1]
Reversing: Secrets of Reverse Engineering [2]
The IDA Pro Book [3]
The iOS Hacker's Handbook [4] was interesting as a sort of case study on exploiting and hacking embedded hardware.
Mostly what I've found, though, is just starting with a question and googling the answer yield the most results. For example, see mention of a stack overflow attack google how and why stack overflow attacks work (or don't) and once that side of things is understood the thought process behind finding them becomes easier to understand, although not really easier to do (for me, at least).
I'm a network security analyst. Either of these two books would be a good place to start. Also, if you are looking for a decent community for this type of thing, visit reddit.com/r/netsec.
This next site is basically Youtube for security conferences. They also offer some online courses on writing exploits in assembly and python, but not all of them are free.
What I find interesting is that the specifics of how the hack works are usually less interesting than the concept. Like in this case - the exploit I'm sure has been built on a lot of previous exploit-thinking and they simply found a little avenue to get a toehold onto these systems. All the really interesting stuff comes next, from the uniqueness of how complicated and resilient the attack is. Most malware is a numbers game and simply blasts computers in order to install toolbars for profit or whatever. Targeted malware like this is interesting because you can suss out the intent from the choices made.
For example: they really, really didn't want to be detected. Carefully constructed PDFs made to look as innocent as possible. Custom code for every computer makes the hack harder to profile. Tiny, tiny downloader.
Second, the command center approach. Command centers started out as IRC channels for botnets, but are easy to break up once you know the IRC channel name. So there was a lot of thought put into making the command center resilient to shutdown or takeover attempts. In other words, each node can be controlled and rerouted separately. The one error was the log that allowed the security people to see a list of controlled computers - that is a mistake that will probably be fixed in the future.
So for me this is interesting to watch at each step how the hacks are getting more complicated on all levels: the exploit, the control center and the unseen side of it - data gathering/analysis.
Are there any recommended 'Hacking for Dummies' book for learning more how these things work? It's like a code version of Ocean's 11 to me!