Recently I was monitoring my networking traffic and noticed a lot of incoming connections from around the world on
UDP port 25099. I asked the search engines about UDP port 25099 and found nothing.
Update : (3/7/2007) At some point since this post all traffic on UDP port 25099 has stopped. I imagine the botnet updated its client list and removed me from it since my computer is no longer responding to its commands.
After a bit of investigation I've come to the following conclusion.
Last week my anti-virus program picked up on a trojan and removed it. However this trojan had been in place for a while since it was stored in some backup files. It would have been found sooner but my normal anti-virus program (AVG) didn't detect it.
That trojan made me part of a bot network which uses UDP port 25099 to communicate. The other bots have no idea I've removed the trojan and continue to try and communicate with me.
Judging by the packet data right now the botnet is just trying to stay synced, I can see commands in their packets like
get_peers,
find_node,
announce_peer.
The traffic load is fairly impressive - I would average about 1 request per second from computers around the world who are apart of this botnet.
So if you see a lot of traffic coming in on
UDP port 25099 run a comprehensive virus / trojan scan on your system to make sure you're not infected.
Note : You can use
Ethereal to monitor your traffic.