• XSS.stack #1 – первый литературный журнал от юзеров форума

Botnets

Отслеживать
deardexter

deardexter

RAM
Пользователь
Регистрация
25.11.2021
Сообщения
113
Реакции
198
[Image: 81018-200.png]


Botnets
botnets is the Swiss army knife of attack tools. Once a computer has been compromised with bot software, malicious hackers can leverage its bandwidth to send spam, host illegal content or execute distributed denial of service attacks. As Operation Trident Breach showed, they can also be used more covertly, to secretly record keystrokes, stealing banking passwords in order to transfer large sums to the criminals. ZeuS, currently the post popular botnet creation and control tool, is specifically designed to steal passwords and other sensitive data. Remarkably, less than half of ZeuS-based bot variants are detected, on average, by commercial anti-virus software. The 2008-era Conficker botnet is like an active volcano, ready to erupt at any time. This means that any organization, regardless of size, has a responsibility to educate its employees on external risks and proper behavior to mitigate infection and improve the security of the enterprise network.


Quote:“As HTTP botnets use HTML to communicate, naturally they try to blend into normal HTTP traffic, but are HTTP botnets also hosted on legitimate, compromised websites or do they use specially registered domain names for their purpose? Looking at one day of identified HTTP C&Cs in June 2008, we see that 46% used a dedicated domain name. Indeed, it appears that most of
those dedicated domain names were registered for only one purpose ‐ they serve only the HTTP botnet. Perhaps here lies an interesting opportunityto take down some of these nets; flambé the domain name to bring some”
-Team Cymru (02.11.2015)
https://www.team-cymru.com/ReadingRoom/W...otnets.pdf

  1. Ramnit - 3,000,000
  2. BredoLab - 30,000,000
  3. Mariposa - 12,000,000
  4. Conficker - 10,500,000+
  5. TDL4 - 4,500,000
  6. Zeus - 3,600,000 (US only)
  7. Cutwail - 1,500,000
  8. Sality - 1,000,000
  9. Grum - 560,000
  10. Mega-D - 509,000
  11. Kraken - 495,000
  12. Srizbi - 450,000
  13. Lethic - 260,000
  14. Bagle - 230,000
  15. Marina Botnet - 6,215,000
  16. Torpig - 180,000
  17. Storm - 160,000
  18. Rustock - 150,000
  19. Donbot - 125,000
  20. Chameleon - 120,000
  21. Waledec - 80,000
  22. Maazben - 50,000
  23. onewordsub - 40,000
  24. Gheg - 30,000
  25. Loosky - 20,000
  26. Wopla - 20,000
  27. Asprox - 15,000
  28. Spamthru - 12,000
  29. LowSec - 11,000+
  30. dBot - 10,000+ (Europe)
  31. Xarvester - 10,000
  32. Akbot - 1,300,000
  33. Kelihos - 500+ server computers
  34. Boatnet - 200+ server computers
  35. Semalt - 300,000+
[HIDEREPLY]

As seen in this graph botnets have become smaller as time goes by, not because we're more immune, but because there's no need to have a botnet of 1 000 000 bots because it's easier to stay under the radar with a smaller botnet compared to if you own
a “mega-botnet”. This is mainly because law-enforcement and security-
researchers are cracking down on the big brother botnets.
So rather than going for the bigger is better mentality botnet buyers usualy pick a smaller botnet to prevent getting p icked off to quickly.

a few good videos on botnets.


now that you know what a botnet is, let's start with the technical stuff;
there are two main types of botnets, irc- and http- botnets. although irc botnets are dying they are by far better for security although not as feauture packed as http botnets.
irc botnets communicate and get commands through IRC, thus it can be paired with TOR getting a even more secure.
a http botnet communicates through the standard internet protocall and thus can blend into traffic easier, and can also be hosted on legitimate websites.

  • IRC botnet: Botnet master -> Command Channel -> bot will execute command given.
  • HTTP botnet: Botnet Master -> C&C server(s) -> bot will execute command given.
The infected computers connects with the stub (client side software) downloaded or binded with another piece of software, which communicates with the server.
the botnet can be used for nummerous tasks like Ddos'ing, sending spam, click fraud etc, more commonly today a lot of larger focus on Ddos'ing than anything else.

a botnet often uses a rootkit to hide it's presence, as stated in link brings you to my thread about rootkits.
  • Rootkit ring 3= user privileges
  • Rootkit ring 2= Admin privileges
  • Rootkit ring 1= OS privileges
  • Rootkit ring 0= Kernel privileges
  • Rootkit ring-1= Hypervisor privileges
  • Rootkit ring-2= SMM privileges
  • Rootkit ring-3= hardware and firmware privileges
[/HIDEREPLY]
to some, botnets might seem advanced, but fear not all-mighty ddos skids! there's an option for you aswell!
there's a botnet tool for linux named "Ufonet". UFONet - is a tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet.

although you don't keep your bots or don't really do any damage skids will use the all mighty power of tools of this to scare their friends. from testing, it gathers around 300 "bots" and is pretty much useless against any website bigger than 10 users. ufonet is to designed to launch DDoS attacks against a target, using CSRF/XSS vectors via exploiting third party web applications. So, using XSS vulnerable targets as botnet.
[Image: ufonet-schema.png]


FAQ


Q - How do botnets spread?
A - They spread the same way as a RAT, except on a much larger scale, most commonly it's binded to legit software

Q -what does a botnet cost?
A - it's possible to rent a already built botnet for as little as 5usd/hour, however if you wanna buy only the software side of things you can look at anything from 30usd to as much as 1600usd++

Q - what kind of tasks can a botnet perform
A - quite a lot, here's a few:
  • Internet fraud.
  • spying and tracking.
  • Performing malicious Internet activity.
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх