What is botnet?

*** Creating and using botnets is illegal activity, the information in this article if for learning only, anything that may happens from reading this is not in the responsible on the author nor the site owner ***

A botnet is a group of computers that control by hacker, each computer may refer as a zombie, due to the fact that it does not do anything till the management tell him to do, a computer can become a zombie by installing an application that was design to gain control to its master. It does not mean that the user is the one that install the software.

The software, that we can refer it as a backdoor, due to the fact that it has an open entrance into the victim computer for remote control, may be installed on the computer using a legit software, that was infected with trojan.

How can I be infected?

There are some ways that a computer may be infected with a backdoor, and then be part of a botnet, as mention above one of the option may be downloading an infected software that contain some kind of Trojan attached to it, that when running also installing the backdoor into the computer, this was something that was very common among P2P networks, but not only there, emails, malicious websites, viruses and hackers can also use tactics to install backdoors.

After all viruses are design to try and spread themselves over networks using several methods, one of the method, that the virus can use, is by searching known vulnerabilities in software/services or in networks, using that the virus is able to spot the problematic service and try to inject itself using this vulnerability to the next victim computer, installing itself into the computer without user knowledge, and sit and wait till the command arrives.

How this vulnerability stuff works?

This is a brief scenario of how software vulnerability turns to be an asset in the hand of a hacker or attacker.

Hackers and other security related researches all over the world try to find vulnerability in software, each one with its own reason, some can do it for money, some for fun, some for illegal activities and others as part of their day job.

Let’s think about it, what if you know how to turn vulnerability into kind of online weapon that you can use to hack into servers, till there be something that can defense against it you have a lot of optional victim that you can hack to.

Ok, here is an example of such scenario:

Assuming X is an application that is widely used among home users (like web browser).

  1. You manage to find that there is a bug in application X (think about the error message that you got when software crush – The application done an illegal operation and have to be close – that type of message).
  2. The crush also create a memory dump file that can be read by experts, in this dump file, you can find, for example,  what is the memory address that the crash accord in and some more use full information that can be used to understand what was the Z thing that make this application crush.
  3. Using this information it is possible, well not always but…, to create a replica in code that can be used to crush the application again and again.
  4. When the application crush, it also tells you to where it passes the control to, another memory location, this information can be used to know where to inject a small jump call in that memory address.
  5. The small jump call will point to another memory location in your code that will contain a function with instructions what to do next.
  6. The function, in our example, will save and run a small tool that will open a reverse command line (DOS shell) to your computer.
  7. We are in!

So let’s summarize it with some technical words:

  • The bug (crush) is the software vulnerability.
  • The small tool that uses this vulnerability can be referring as the Exploit.
  • The small tool that opens the reverse command shell is the ShellCode.

And here you have it your own tool that can crush application X and open you a direct command shell to this computer.

Be sure that although I type it here on some steps it is not that easy, and you need to have a lot of knowledge in order to create a full functional tool that can be used to crush applications, also if it works it will only effect on the exact version of application X on the exact operation system that it was test on, and there are other limitation for such a tool, but I do hope that you got the picture.

What can botnet be use for?

One of the first think that it can be use it to compute a full botnet attack against targets, it can be done on the same time, a botnet is like an army of computer that waiting to your command, if you install a DDoS tool on all the zombie computers that under your control, you can use them to take down web site, or at least make it harder to users to use the site.

You can use it to steal data from users, like any activity that the user do can be record and send back to the controller for feather investigation, what if the zombie collect account passwords to important web sites, like banks, your social media sites and so on. Only that information alone can be problematic if spread free on the web.

The botnet is like a play yard, it is like a hacker land to do whatever he want,  you can read more on some known botnets on the web in sites that are related to computer, security and theology. There are some nice stories about big botnet that does a lot of damage before cough.

Few words on DDoS:

DDoS is Distributed Denied of Service and it is a form of attack that is use to denied a service from working, think about it like this, there is a site that you need to login to it so you will be able to do some activities, a bank for example, what if 1 million people will try to do the log in on the same second, will it manage to handle all the million on the same time, or will it crash and the access to the service will be denied, so there are tool that design to use method to computer a Denied of Service (DOS) Attack, and if it use in a botnet as we know botnet have many computers that it can use, and the computer can be distributed all over the global, so now we have Distributed Denied of Service (DDoS).

You may also like...

Popular Posts