Navigation



Productive Botnets

Last updated: September 9, 2015 | 3,775 views

Outsmart Malicious Hackers


We all know what botnets are (think so), but anyway let’s see a proper definition of botnets taken from shadowserver… and I quote:

A botnet is a collection of computers, connected to the internet, that interact to accomplish some distributed task. Although such a collection of computers can be used for useful and constructive applications, the term botnet typically refers to such a system designed and used for illegal purposes. Such systems are composed of compromised machines that are assimilated without their owner’s knowlege.

Among the DDoS usage of botnets there are also know usages like:

Keylogging

Keylogging is perhaps the most threatening botnet feature to an individual’s privacy. Many bots listen for keyboard activity and report the keystrokes upstream to the bot herder. Some bots have builtin triggers to look for web visits to particular websites where passwords or bank account information is entered. This gives the herder unprecendented ability to gain access to personal information and accounts belonging to thousands of people.

Warez

Botnets can be used to steal, store, or propogate warez. Warez constitutes any illegally obtained and/or pirated software. Bots can search hard drives for software and licenses installed on a victims machine, and the herder can easily transfer it off for duplication and distribution. Furthermore, drones are used to archive copies of warez found from other sources. As a whole, a botnet has a great deal of storage capacity.

Spam

Botnets often are used as a mechanism of propogating spam. Compromised drones can forward spam emails or phish scams to many 3rd party victims. Furthermore, instant messaging accounts can be utilized to forward malicious links or advertisements to every contact in the victim’s address book. By spreading spam-related materials through a botnet, a herder can mitigate the threat of being caught as it is thousands of individual computers that are taking on the brunt of the dirty work.

and the one I’m gonna focus on (well, something derived from it) -> Click Fraud

Botnets can be used to engage in Click Fraud, where the bot software is used to visit web pages and automatically “click” on advertisement banners. Herders have been using this mechanism to steal large sums of money from online advertising firms that pay a small reward for each page visit. With a botnet of thousands of drones, each clicking only a few times, the returns can be quite large. Since the clicks are each coming from seperate machines scattered accross the globe, it looks like legitimate traffic to the untrained investigator.

My point is that many herders (botnet organizers) use a pretty raw Click Fraud mechanism, mainly just issue the command to the bot to retrieve the page and it’s advertisement and rebuild a query string to the advertisers website with the referer header set… as mentioned in the definition this may seem sometimes legitimate traffic to some, but big advertising companies would notice that something isn’t right, stuff like hundreds of clicks at (almost) the same time and similar scenario’s…

The new approach (better) would be to generate only website traffic at random hours because highly visited websites use pay-per-post campaigns (more info about pay-per-post)… and there are also other advertising systems like simple banner/ad placement on the website/blog and via the traffic stats you get paid…

How could botnets help? Well botnets would act as general users/viewers of the blog/website thus making legitimate traffic… masked by a randomized visit system… a general scenario:

  • the herder issues the command to visit a website
  • each bot receives the command, enters a random delay before executing it (in minutes) (ex: rand(60))
  • the bot finally executes the visit and resets the delay time before revisit adding a day to it also

A very raw implementation could be easily implemented but varying from botnets to botnets, because some botnets are simple IRC based while others not…

So many live hits and no subscribers? Nooooo, I think that netvibes got the solution to this issue…

It’s unethical… to whom?! to advertising companies only…

Share
+1
Share
Shares 0
Posted in: Malware, Spammers & Scammers

, , , , ,


Latest Posts:


snallygaster - Scan For Secret Files On HTTP Servers snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s
April 17, 2018 - 165 Shares
Portspoof - Spoof All Ports Open & Emulate Valid Services Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
April 7, 2018 - 205 Shares
Cambridge Analytica Facebook Data Scandal Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
March 25, 2018 - 115 Shares
GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
March 19, 2018 - 261 Shares
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.
March 13, 2018 - 211 Shares
QualysGuard - Vulnerability Management Tool QualysGuard – Vulnerability Management Tool
QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service.
March 11, 2018 - 122 Shares


5 Responses to Productive Botnets

  1. Morgan Storey September 3, 2008 at 1:18 am #

    Another one to add to the list is de-hashing and de-crypting. I have seen some tools that a hearder can deploy to their botnet from a central web server that allow distributed brute forcing and even building rainbow tables.
    It is incredible when you put this kind of computing power in the hands of essentially a skiddie, if power corrupts, and they are already corrupt then it leads to the un-thinkable. /drama

  2. backbone September 3, 2008 at 7:40 am #

    yes I’ve seen that kinds of botnets also, but they are not productive… I mean what are you going to do? sell rainbow tables ? (grin)…
    where spam, warez, click fraud and DDoS can get very profitable very fast…

  3. Morgan Storey September 4, 2008 at 12:34 am #

    They are productive, it may not be monetary, all though if you have some captured encrypted data that can be sold, decrypt it and it could be worth more than thousands of credit cards, see industrial espionage.

  4. backbone September 4, 2008 at 7:15 am #

    very true, but such scenarios may be rather rare… imho

  5. Navin September 4, 2008 at 2:58 pm #

    Nice article….some Darkhatting after a pretty long time!! :)

    Its a nice picture u’ve painted there Morgan…..think abt it….Ur own computer may be part of a system whose sole aim is to decrypt Ur own data!! Speak about Ironies!