[sph]

These bots you are talking about are not intelligent, they do not find "insecure" servers to break into. They simply brute-force and exploit known bugs on popular services.

There is no botnet targeting web services running on DOS, because no one is running web services on DOS.

[thfuran]

>they do not find "insecure" servers to break into. They simply brute-force and exploit known bugs on popular services.

What exactly is the difference?

[sph]

Finding insecure servers, what human hackers would do, requires persistence, time and a working brain.

Bots, instead, throw shit at a wall and see what sticks. Move your SSH server with credentials root:root on port 1234 and notice how many bots get utterly defeated (only for sake of argument, because OpenSSH has a banner which makes it easy to identify wherever it's running)

[thfuran]

>Bots, instead, throw shit at a wall and see what sticks

And once it sticks, an insecure server has been found. A bot is just a tool someone is using.