Navigation



Productive Botnets

Last updated: September 9, 2015 | 3,779 views

Use Netsparker


We all know what botnets are (think so), but anyway let’s see a proper definition of botnets taken from shadowserver… and I quote:

A botnet is a collection of computers, connected to the internet, that interact to accomplish some distributed task. Although such a collection of computers can be used for useful and constructive applications, the term botnet typically refers to such a system designed and used for illegal purposes. Such systems are composed of compromised machines that are assimilated without their owner’s knowlege.

Among the DDoS usage of botnets there are also know usages like:

Keylogging

Keylogging is perhaps the most threatening botnet feature to an individual’s privacy. Many bots listen for keyboard activity and report the keystrokes upstream to the bot herder. Some bots have builtin triggers to look for web visits to particular websites where passwords or bank account information is entered. This gives the herder unprecendented ability to gain access to personal information and accounts belonging to thousands of people.

Warez

Botnets can be used to steal, store, or propogate warez. Warez constitutes any illegally obtained and/or pirated software. Bots can search hard drives for software and licenses installed on a victims machine, and the herder can easily transfer it off for duplication and distribution. Furthermore, drones are used to archive copies of warez found from other sources. As a whole, a botnet has a great deal of storage capacity.

Spam

Botnets often are used as a mechanism of propogating spam. Compromised drones can forward spam emails or phish scams to many 3rd party victims. Furthermore, instant messaging accounts can be utilized to forward malicious links or advertisements to every contact in the victim’s address book. By spreading spam-related materials through a botnet, a herder can mitigate the threat of being caught as it is thousands of individual computers that are taking on the brunt of the dirty work.

and the one I’m gonna focus on (well, something derived from it) -> Click Fraud

Botnets can be used to engage in Click Fraud, where the bot software is used to visit web pages and automatically “click” on advertisement banners. Herders have been using this mechanism to steal large sums of money from online advertising firms that pay a small reward for each page visit. With a botnet of thousands of drones, each clicking only a few times, the returns can be quite large. Since the clicks are each coming from seperate machines scattered accross the globe, it looks like legitimate traffic to the untrained investigator.

My point is that many herders (botnet organizers) use a pretty raw Click Fraud mechanism, mainly just issue the command to the bot to retrieve the page and it’s advertisement and rebuild a query string to the advertisers website with the referer header set… as mentioned in the definition this may seem sometimes legitimate traffic to some, but big advertising companies would notice that something isn’t right, stuff like hundreds of clicks at (almost) the same time and similar scenario’s…

The new approach (better) would be to generate only website traffic at random hours because highly visited websites use pay-per-post campaigns (more info about pay-per-post)… and there are also other advertising systems like simple banner/ad placement on the website/blog and via the traffic stats you get paid…

How could botnets help? Well botnets would act as general users/viewers of the blog/website thus making legitimate traffic… masked by a randomized visit system… a general scenario:

  • the herder issues the command to visit a website
  • each bot receives the command, enters a random delay before executing it (in minutes) (ex: rand(60))
  • the bot finally executes the visit and resets the delay time before revisit adding a day to it also

A very raw implementation could be easily implemented but varying from botnets to botnets, because some botnets are simple IRC based while others not…

So many live hits and no subscribers? Nooooo, I think that netvibes got the solution to this issue…

It’s unethical… to whom?! to advertising companies only…

Share
Tweet
+1
Share
0 Shares
Posted in: Malware, Spammers & Scammers

, , , , ,


Latest Posts:


dcipher - Online Hash Cracking Using Rainbow & Lookup Tables dcipher – Online Hash Cracking Using Rainbow & Lookup Tables
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.
August 20, 2018 - 63 Shares
HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
August 12, 2018 - 118 Shares
Cangibrina - Admin Dashboard Finder Tool Cangibrina – Admin Dashboard Finder Tool
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists etc.
August 6, 2018 - 159 Shares
Enumall - Subdomain Discovery Using Recon-ng & AltDNS Enumall – Subdomain Discovery Using Recon-ng & AltDNS
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
July 31, 2018 - 59 Shares
RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
July 21, 2018 - 187 Shares
NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.
July 8, 2018 - 179 Shares


5 Responses to Productive Botnets

  1. Morgan Storey September 3, 2008 at 1:18 am #

    Another one to add to the list is de-hashing and de-crypting. I have seen some tools that a hearder can deploy to their botnet from a central web server that allow distributed brute forcing and even building rainbow tables.
    It is incredible when you put this kind of computing power in the hands of essentially a skiddie, if power corrupts, and they are already corrupt then it leads to the un-thinkable. /drama

  2. backbone September 3, 2008 at 7:40 am #

    yes I’ve seen that kinds of botnets also, but they are not productive… I mean what are you going to do? sell rainbow tables ? (grin)…
    where spam, warez, click fraud and DDoS can get very profitable very fast…

  3. Morgan Storey September 4, 2008 at 12:34 am #

    They are productive, it may not be monetary, all though if you have some captured encrypted data that can be sold, decrypt it and it could be worth more than thousands of credit cards, see industrial espionage.

  4. backbone September 4, 2008 at 7:15 am #

    very true, but such scenarios may be rather rare… imho

  5. Navin September 4, 2008 at 2:58 pm #

    Nice article….some Darkhatting after a pretty long time!! :)

    Its a nice picture u’ve painted there Morgan…..think abt it….Ur own computer may be part of a system whose sole aim is to decrypt Ur own data!! Speak about Ironies!