IRC vs HTTP

Well, there is a significance to the switch to HTTP, that the author didn't hit on (which is quite surprising, actually).

the Reason that the bot herders are using tcp 80 isn;t nessecarilly about the interface or capacity of the controller server. it may play a part but as a white hat, I can;t back that up with expirence. What i can back up is that it is easy to block IRC on a firewallbox or router.

the problem with http (and the reason the hackers are useing it) is that you don't have the info needed to block tcp 80 to malware, while simultaneously allowing legitimate http traffic. if you have a software firewall that can operate at all layers of the OSI, then you could restrict tcp 80 outbound to just allow specific executables like your browser/mail client, without completely blocking the port, but software firewalls are not common on enterprise end systems. the only way I can think of to block that kind of traffic selectively, is with a black list service, and we all know how annoying those can be.