Web-based botnet command and control interface – you cannot get anything simpler than this!
Posted by security in Exploit Framework / PenTesting, security methodologies, tags: botnet, interface, web-basedWe found this article at http://ddanchev.blogspot.com/2008/08/web-based-botnet-command-and-control.html describing a new web-based interface to control botnets. It is amazing the sophistication and ease of use of this tool that allow point-and-click set-up of DDoS, spamming, and spreading of bots through vulnerability exploitation.
The average web based command and control kit for a botnet consisting of single user, single campaign functions only, has just lost its charm, with a recent discovery of a proprietary botnet kit whose features clearly indicate that the kit’s coder know exactly which niches to fill – presumably based on his personal experience or market research into competing products.
What are some its key differentiation factors? Multitasking at its best, for instance, the kits provides the botnet master with the opportunity to manage numerous different task such as several malware campaigns and DDoS attacks simultaneously, where each of these gets a separate metrics page.
Automation of malicious tasks, by setting up tasks, and issuing notices on the status of the task, when it was run and when it was ended. Just consider the possibilities for a scheduling malware and DDoS attacks for different quarters.
Segmentation in every aspect of the tasks, for instance, a DDoS attacks against a particular site can be scheduled to launched on a specific date from infected hosts based in chosen countries only.
Customized DDoS in the sense of empowering the botnet master with point’n'click ability to dedicate a precise number of the bots to participate, which countries they should be based in, and for how long the attack should remain active. Quality and assurance in DDoS attacks based on the measurement of the bot’s bandwidth against a particular country, in this case the object of the attack, so theoretically bots from neighboring countries would DDoS the country in question far more efficiently.
Historical malware campaign performance, is perhaps the most quality assurance feature in the entire kit, presumably created in order to allow the person behind it to measure which were the most effective malware and DDoS campaigns that he executed in the past. From an OSINT perspective, sacrificing his operational security by maintaing detailed logs from previous attacks is a gold mine directly establishing his relationships with previous malware campaigns.
Bot Description:
2. Not loads system.
3. Invisible in the process.
4. Workaround all firewall.
5. Bot implemented as a driver.
Functions Bot (constantly updated): 2. HTTP DDoS (many options, including http authentication).
The web interface – Every task can be stopped, put on pause, etc. …
– Interest and visual scale of the task.
– For DDoS tasksCondition of the victim (works, fell).
2. Bots manager – Displays a list of bots (postranichno).
– Obratseniya date of the first and last.
– ID Bot.
– Country Bot.
– Type Bot.
– The status Bot (online / offline).
– Bot bandwidth to different parts of the world (europe, asia).
– The possibility of removing bots
3. Statistics botneta – Statistics both common and build Bot.
– Information on the growth and decline botneta dates (and build).
– Bots online
– All bots
– Dead bots.
4. Statistics botneta country
7. Admin minimal server loads
– Use php5/mysql
Upcoming features : 1. Form grabber (price increase substantially), for old customers will be charged as an upgrade
2. Public key cryptography
3. Clustering campaigns and DDoS attacks
Despite it’s proprietary nature, it’s quality and innovative features will sooner or later leak out for everyone to take advantage of, a rather common lifecycle for the majority of proprietary malware kits in general.
Comments Off
Entries (RSS)