"...in this case, not port 80 or 433 because those are web ports and wouldn't normally be used for control of a botnet."
Maybe a dumb question (I'm definitely not a security expert), but why not use ports 80 or 443 to control a botnet? I'd think that by doing so, it'd be easier to get past various firewall restrictions and it'd blend in better with whatever other network traffic noise is on the machine. Also, running over SSL might make it harder for others to pick apart exactly what you are doing.
For OUTGOING requests you'd be correct. However for INCOMING (hosting on a port) most home internet services providers (like COMCAST) block hosting anything on a public IP on port 80 or 443 (also 25 which is mail). This is to limit people from trying to host a web site on their home internet (and a spam mail server in the case of 25).
That makes sense.
We’re a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.