IRC server and enter a chat room • A malware family that spread explosively around 2004 to construct a large botnet [Liang+, 2007] • execute commands sent over IRC • intercepts HTTP / FTP communication to steal login information of PAYPAL[Goel+, 2006]. An image of Backdoor.Win32.Agobot.on, a sample belonging to Worm:Win32/Gaobot, and its attention map obtained. A function to redirect packets to designated destinations to perform DDoS attacks A function to ascertain whether the contents of the intercepted HTTP communication include strings like “PAYPAL”