Botnets!

The constant threat: viruses, trojans, spyware, ... the list goes on

Botnets!

Post by stateofmind76 on Sun Jun 21, 2009 6:12 pm
([msg=25705]see Botnets![/msg])

Hi everyone,
I didn't see any topics on Botnets, so I decided to add one!

NOTE: I do not support illegal activity and neither does this topic. This topic is about the study of Botnets, how they are made? can they be used for good? and most importantly how can they be stopped?

Please post any of your opinions or anything you know on Botnets and their Bot Masters.

There are supposedly good Botnets, developed by hackers that exploit systems, then proceed to patch that exploit...
saving the user from future attacks (If Jesus was a hacker, he would do this) Is this just a myth, or are their really good Bot Masters out there?

Some sites distribute (with consent of the user to download) a good Botnet that, in times of stress on the server (Dos or DDos attacks), uses the CPU power of those clients, to survive the attack, and even keep the site up. Would it be ethical, however, to keep your site up using hidden Botnets (no consent to download) to do the same thing?

How are Botnets coded? Raw sockets? How are most spread? Drive by downloads? Network exploits?
How can a Bot Master prevent himself from being traces, and protect his Botnet from attacks? (Yes, even Botnets have security)
and MOST IMPORTANTLY, what is the most effective way to stop a Botnet attack and trace the Bot Master's IP address?

Post away :D
stateofmind76
New User
New User
 
Posts: 7
Joined: Wed Jun 03, 2009 7:02 pm
Blog: View Blog (0)


Re: Botnets!

Post by haha01haha01 on Mon Jun 22, 2009 2:25 pm
([msg=25754]see Re: Botnets![/msg])

stateofmind76 wrote:How are Botnets coded?
Just like any other malware, you write a code to do whatever you like.
stateofmind76 wrote:Raw sockets?
Probably. Thats the first thing that comes to mind.
stateofmind76 wrote:How are most spread?
Spread methods are unrelated to the malware itself. The botnet is the malware's payload and theres a separate system that is responsible for spreading.
stateofmind76 wrote:Drive by downloads? Network exploits?
Possibly.
stateofmind76 wrote:How can a Bot Master prevent himself from being traces
Proxy?
stateofmind76 wrote:and protect his Botnet from attacks? (Yes, even Botnets have security)
I never heard of protecting a botnet from attack... unless you mean protecting it from anti virus companies and such that want to figure out how to remove it, in which case its just packing\protecting\other anti debugging methods.
stateofmind76 wrote:and MOST IMPORTANTLY, what is the most effective way to stop a Botnet attack and trace the Bot Master's IP address?
Theres no exact answer... you need to research it and find out how it works, just like any other malware. about tracing the IP address, unless he is retarded and didnt use a good proxy, youre pretty much out of luck.
There are 11 types of people in the world - those who understand binary, those who don't and those who already heard this joke.
User avatar
haha01haha01
Poster
Poster
 
Posts: 133
Joined: Tue Jan 13, 2009 10:08 am
Location: HackThisSite.org
Blog: View Blog (0)


Re: Botnets!

Post by stateofmind76 on Wed Jun 24, 2009 7:20 am
([msg=25864]see Re: Botnets![/msg])

I didn't exactly expect a one word answer... more to start a topic of debate. For instance,

"stateofmind76 wrote:How can a Bot Master prevent himself from being traced?

Proxy?"

Well, what kind of proxy?

A SOCKS proxy may be enough, but what if he used each of his zombies as a proxy server, making himself almost impossible to trace? And assuming he's running IRC as his C&C center, if he set his name to look like one of the bots, it would be very hard to tell who was the Bot Herder if someone were to intrude his IRC channel, they would have no idea who the Bot Master was. I think just using a basic proxy isn't enough, there are many clever stealth techniques that Bot Net Operators use, and a SOCKS proxy, is thinking inside the box.

Do you expect me to believe the Bot Master of Conficker has just a basic proxy running...

Thanks for your input though!
stateofmind76
New User
New User
 
Posts: 7
Joined: Wed Jun 03, 2009 7:02 pm
Blog: View Blog (0)


Re: Botnets!

Post by insomaniacal on Wed Jun 24, 2009 8:15 am
([msg=25865]see Re: Botnets![/msg])

You can technically steal someone's botnet, and so they do have their own kind of "security", but it applies more to making sure that whatever irc server you are using is properly configured and that you are the only one who has the ability of type anything in the channel.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Re: Botnets!

Post by haha01haha01 on Thu Jul 02, 2009 2:30 pm
([msg=26143]see Re: Botnets![/msg])

stateofmind76 wrote:I didn't exactly expect a one word answer... more to start a topic of debate. For instance,

"stateofmind76 wrote:How can a Bot Master prevent himself from being traced?

Proxy?"

Well, what kind of proxy?

A SOCKS proxy may be enough, but what if he used each of his zombies as a proxy server, making himself almost impossible to trace? And assuming he's running IRC as his C&C center, if he set his name to look like one of the bots, it would be very hard to tell who was the Bot Herder if someone were to intrude his IRC channel, they would have no idea who the Bot Master was. I think just using a basic proxy isn't enough, there are many clever stealth techniques that Bot Net Operators use, and a SOCKS proxy, is thinking inside the box.

Do you expect me to believe the Bot Master of Conficker has just a basic proxy running...

Thanks for your input though!
Well...
1.Take an IRC server
2.Connect to it with your botnet
3.Use an IRC proxy to control the bot on the server

Conficker wasn't such an amazing malware, really. It just gained much popularity because of the creators being attention wh0res and screaming all over the internet.
There are 11 types of people in the world - those who understand binary, those who don't and those who already heard this joke.
User avatar
haha01haha01
Poster
Poster
 
Posts: 133
Joined: Tue Jan 13, 2009 10:08 am
Location: HackThisSite.org
Blog: View Blog (0)


Re: Botnets!

Post by bartuuin on Thu Nov 26, 2009 8:23 pm
([msg=30777]see Re: Botnets![/msg])

To go more into detail about can a botnet be stopped?
The answer is no if it is coded properly and there is enough coding a botnet can be set up to penetrate the best of security on its own without any help from a human.But it would take a highly skilled programmer.A botnet in my oppion is the biggest computer security threat out there.A botnet can be programmed to break encryption, get into networks unauthorized and even to create larger and more advanced botnets.
bartuuin
New User
New User
 
Posts: 32
Joined: Thu Feb 12, 2009 9:31 am
Blog: View Blog (0)



Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests