How To Build A Botnet?What is a Botnet?
Sometimes referred to as a “zombie army,” a Botnet is a group of Internet-connected computers, each of which has been maliciously taken over, usually with the assistance of malware like Trojan Horses. Generally without the knowledge of the computers’ rightful owners, these machines are remotely controlled by an external source via standard network protocols, and often used for malicious purposes, most commonly for DDoS attacks.Botnet Definition
Botnet is the generic name given to any collection of compromised PCs controlled by an attacker remotely. Botnets generally are created by a specific attacker or small group of attackers using one piece of malware to infect a large number of machines.
The individual PCs that are part of a botnet often are called “bots” or “zombies” and there is no minimum size for a group of PCs to be called a botnet. Smaller botnets can be in the hundreds or low thousands of infected machines, while larger ones can run into the millions of PCs. Examples of well-known botnets that have emerged in recent years include Conficker, Zeus, Waledac, Mariposa and Kelihos. A botnet is often discussed as a single entity, however the creators of malware such as Zeus will sell their wares to anyone with the money to pay for them, so there can sometimes be dozens of separate botnets using the same piece of malware operating at one time.
The individual PCs that are part of a botnet often are called “bots” or “zombies” and there is no minimum size for a group of PCs to be called a botnet. Smaller botnets can be in the hundreds or low thousands of infected machines, while larger ones can run into the millions of PCs. Examples of well-known botnets that have emerged in recent years include Conficker, Zeus, Waledac, Mariposa and Kelihos. A botnet is often discussed as a single entity, however the creators of malware such as Zeus will sell their wares to anyone with the money to pay for them, so there can sometimes be dozens of separate botnets using the same piece of malware operating at one time.
How To Build A Botnet
Opening his browser, Mullis searched for a botnet builder tool for malware known as Ice IX. Google's top response to his particular query—which I'm not going to reveal here—yielded a site that offered the tool for free. Ice IX is a nasty little piece of malware that injects a fake Facebook page into a victim's browser that collects credit card information under false pretenses.
Any malware, though, would have done just as well. Using methods and tools that can be found online in minutes, a botnet creator can create a central command and control server and then use social engineering to inject malware onto the victim's computer—by, say, emailing an innocuous looking but disguised file, or tricking a user into downloading the file from a compromised website.
After downloading and installing the Ice IX kit software, Mullis started up its bot builder kit and began to set up the parameters for the malware—specifying, for instance, how often the malware would communicate with the command server, what actions it would undertake and even how it would hide from anti-virus scans. Much of this work was simply a matter of filling in appropriate fields in the Ice IX builder kit's straightforward Windows interface.
Some of the rest required editing the Ice IX kit's powerful setup.txt script. Individual command lines in that script might direct the malware to take screenshots of pages that were visited by the zombie machine's browser on a certain domain, such as a bank web site. Or have the malware tell the zombie machine's browser to block sites (such as anti-virus updating sites) altogether. It can also redirect legitimate site URLs to malevolent sites intended to collect critical information—credit card numbers, Social Security numbers, passwords. You name it.
Once he'd set the malware's specifications, including the location of its controlling command server, Mullis uploaded Ice IX-produced files to his LAMP server. And presto—he had a fully configured botnet command server.
No comments:
Post a Comment