Botnet Questions

mrmike · Post by **mrmike** » 23 Oct 2007, 02:23

hello all
so i heard in another forum about botnet and i read loads of txts about it now...
i must say,wow im very fastinated of the whole botnet-thingy....

there is one botnet called "stormworm"

What is Storm Worm?
The Storm Worm began infecting thousands of computers (mostly private) in Europe and the United States on Friday, January 19, 2007, using an e-mail message with a subject line about a recent weather disaster, "230 dead as storm batters Europe". During the weekend there were six subsequent waves of the attack. As of Monday, January 22, the Storm Worm accounted for 8% of all infections globally.

zdnet.de says there are over 1`800`000 infectet computers outside,thats more bandwith and power then the 10 best supercomputers in the world TOGETHER!

source:
http://en.wikipedia.org/wiki/Botnet
http://www.pcwelt.de/index.cfm?pid=1740&pk=92562

so now my questions;

1.are the peoples really soo fucking stupid to click every spam they get?

2.how you code such an thing,is it like an very very simple trojan that hides himself and connects to an remotet irc server?

3.how looks a software that the botnet attackers use?have they a GUI or something like that?

4.how works an mass-Remote controll over irc? any papers,tutorials?

Lyecdevf · Post by **Lyecdevf** » 23 Oct 2007, 04:16

A while back I did some research into the trojan called, "Peacomm." It is not even a trojan in the common sense any more.

I believe it too was distributed by an e-mail attachement warning about some floods or some thing. It is very popular to distribute malware in such a way these days.

This trojan was able creat a sort of file sharing service between the infected computer. I do not fully understand this either and to what purpose it was intended for but what I am saying is that it was not a typical trojan. I think that the people in control of this trojan would be able to download any file from this P2P that the trojan created. If you think about it is an much more advanced trojan. It is common practice that you go to the infected computer and look at the stuff that you want but if your trojan creates a P2P network than it makes things even faster and convenient for you. You do not have to go into each infected computer from the thousands and look at what is valuable.

Post by **bad_brain** » 23 Oct 2007, 04:31

1. a big YES!

or like a teacher of mine said: "you can send an infected email attachment, name it virus.exe and write in the email NOT to click on it because it's a virus...some people will still click on it"
it's simply the sheer amount of mails sent, when you send millions of mails there will always be some thousand morons that click on it....and sometimes the lazyness of people is utilized, many are using unpatched email clients and so old flaws can be exploited.

2. yes, either that or you place a bot manually in an IRC channel (have been tried on the suck-o IRC server too already).

3. hm, the ones I know (like Stacheldraht) work on command line...but there are surely GUI versions/plugins too.

4. simply google for the DDoS client names: TFN 2000 (or TFN2k), Trinoo and Stacheldraht, you will find a lot of infos and tuts I guess...the clients itself can be found on packetstormsecurity.

mrmike · Post by **mrmike** » 23 Oct 2007, 05:17

bad_brain wrote:1. a big YES! or like a teacher of mine said: "you can send an infected email attachment, name it virus.exe and write in the email NOT to click on it because it's a virus...some people will still click on it"
it's simply the sheer amount of mails sent, when you send millions of mails there will always be some thousand morons that click on it....and sometimes the lazyness of people is utilized, many are using unpatched email clients and so old flaws can be exploited.

2. yes, either that or you place a bot manually in an IRC channel (have been tried on the suck-o IRC server too already).

3. hm, the ones I know (like Stacheldraht) work on command line...but there are surely GUI versions/plugins too.

4. simply google for the DDoS client names: TFN 2000 (or TFN2k), Trinoo and Stacheldraht, you will find a lot of infos and tuts I guess...the clients itself can be found on packetstormsecurity.

okay thanx a lot =)
i will do some researches about that

hmm but is it not really easy to catch such an botnet? i mean if you find the irc you can take it from the web? are im wrong?

wow its really great what you can do with that botnets....

Lyecdevf · Post by **Lyecdevf** » 23 Oct 2007, 07:12

Yeah it sounds great but bot makers when caught get up to 10 years of prison time. I personally do not like them either and do not care if they rot in jail.

The reason I wrote about the trojan is to show that in the future new and more sophisticated malware are going to be introduced to the internet. I forgot to mention that the trojan was also a worm in the sense that it mailed it self to other people. So in a way the people who wrote it joined elements of the trojan horse, a worm and the P2P. One day there are going send out an virus.exe that is going to be a spyware, botnet and a worm all in one. There is no end to the creativity of these hackers!

mrmike · Post by **mrmike** » 23 Oct 2007, 08:09

hmm yeah thats a good point Lyecdevf, some time ago a trojan was a trojan and a worm a worm, but today we have a mutation of all that f*king badwares, i personaly like that, its a big Challenge for the coders and it became more important to need skills then ever before....

so i think you should not only see the bad thing behind that malicious software, OKAY you CAN do really bad shit and a lot of damage with it, but you can also do good things with it or shake the whole world to a "omfg" moment...

Nerdz · Post by **Nerdz** » 23 Oct 2007, 08:52

What about if they take all these botnet and use them to solve big math or science problem...

mrmike · Post by **mrmike** » 24 Oct 2007, 00:01

nerdzoncrack wrote:What about if they take all these botnet and use them to solve big math or science problem...

i heard from a big projekt, in that you can became a part of a big botnet and they use the bots to Reckon the aids virus....

//EDITED:
http://www.worldcommunitygrid.org/index.jsp
i think thats something like i tell abouth, but im not sure if it works too with a botnet....but i really think thats a fucking good thing..... we should have more and bigger projekts like this..

Post by **bad_brain** » 24 Oct 2007, 05:26

well, if you take part in such projects your box is not becoming a zombie machine, it just gives away resources when the system is idling. here's a NASA project for example where you can take part: http://prime.jsc.nasa.gov/dsc/

and the owners of real botnets are surely not interested in such issues, smaller botnets are used for mental masturbation ("let's take down the little site of a board where I've been banned!"), the large botnets are used for blackmail and can be rented.

TheKingOfHearts · Post by **TheKingOfHearts** » 26 Oct 2007, 15:18

3.how looks a software that the botnet attackers use?have they a GUI or something like that?

i doubt they use a software available for others.
if they can make massive bot networks im sure they can make their own GUI