All what you need to know about Botnet Introduction By LulzSec #Lulz4Life
What is a botnet ? What are botnets made for ? How can you monetize/profit from them ? Where to host them ? Known DDoS Bots ? How do cyber criminals get away with them ? How do people get so many "bots/installs" ? Types of botnets ? What are honeypots ? Anonymous scanning ? Crypting my bin, making it undetectable ?
Topic 1 - What is a botnet ? A botnet is a network of compromised computers, we call them zombies. The bot master can control all the computers using his command & control server where he can initiate various commands. He usually controls them via standards-based network protocols such as IRC and http. Most bot masters use IRC since its much more secure, but I personally prefer HTTP since its easier to control and manage in my opinion. If your too paranoid you should go with IRC, but beware ! If the feds want to get it, they will. To extend your knowledge I suggest visiting this article: http://en.wikipedia.org/wiki/Botnet !
Topic 2 - What are botnets made for ? There are several purposes. Some people want to earn money, and they usually make a living by either coding them or using them to send spam,steal information, etc. Other people want to simply prove that they can, and brag about there abilities. They are made to either steal financial information, such as bank accounts, credit card details and other sensitive details. They are called banking bots, however I do not want to go into detail since this activity is disallowed. Some bots only have DDoS functions, used to launch DDoS attacks ( The majority of DDoS bots are HTTP-Based ). People either offer services once again to gain funds, others just do it for "pixels" to gain fame on the internet. Other bots send spam, and I recently noticed some bots that can turn them into socks, that can be very profitable since there is a high demand for private socks on the blackmarket. So there's 2 options and its your call, either money or fame. Extend your knowledge in this aspect, I suggest you to visit this: http://www.securelist.com/en/analysis/20...t_business !
Topic 3 - How can you monetize/profit from them ? Plenty of options, the most important is that you either have a large amount of bots or high quality countries, such as: US,UK,CA,AUS,FR and several other EU countries. Why high quality countries ? Since there is a thing called "PPI" ( Pay Per Install ). They demand the best countries, since there is more chance to advertise and the spec's are better, unlike Pakistan and Indonesia for example. Sending spam. This is the most common use for botnets, and is also one of the simplest. Experts estimate that over 80% of spam is sent from zombie computers. It should be noted that spam is not always sent by botnet owners: botnets are often rented by spammers. It's the spammers who understand the real value of botnets. According to our data, an average spammer makes $50,000 – $100,000 a year. Botnets made up of thousands of computers allow spammers to send millions of messages from infected machines within a very short space of time. DDoS attacks. Even here you can see that users profit, if you go the " Service Offerings " you could see plenty, but the majority of them simply buy 10 booters and think they run the scene. An experienced user would rather go with a private bot, for example: Dirt Jumper ( wich has been cracked ) is a really powerful tool made for websites, Pandora DDoS Bot ( notorious bot, some people say its good others give bad feedback ), G-Bot and more, most of you know these since I have seen a lot of topics where people were trying to set them up. This might be interesting ! : And how can I miss bitcoins, ah. This is probably the easiest way to profit from your net, by running a miner which will complete tasks, and it will generate " BTC ". Most pools payout via PayPal so its much easier to collect revenue. Note to get the best performance it is better to enable GPU, computers with ATI Radeon cards will generate more money, so watch out ! Luckily I have found an estimated earnings scheme for bot masters who do this activity.
Botnet mining per day Bots Bot earnings per day Total earnings 100 x $0.03 $3 1,000 x $0.03 $30 10,000 x $0.03 $300 100,000 x $0.03 $3,000
Botnet mining per week Bots Bot earnings per week Total earnings 100 x $0.23 $23 1,000 x $0.23 $230 10,000 x $0.23 $2,300 100,000 x $0.23 $23,000
Botnet mining per month Bots Bot earnings per month Total earnings 100 x $0.97 $97 1,000 x $0.97 $970 10,000 x $0.97 $9,700 100,000 x $0.97 $97,000
I would say that isn't bad at all, say if I had 200 000 bots, I would probably work from home .
Topic 4 - Where to host them ? It all depends. Say if you just wanted a small net, you would usually go with an offshore VPS ( I do not advise shared hosting ), make sure it isn't located in the US/UK & Germany and your all good. The best countries are probably: China, Taiwan, Iran, Ukraine, Singapore. Russia is "ok", they also have some strict laws, I do not understand why most users think that russian providers have immunity, that is not true. If your on a budget you could always hack a box, and host it there. But blame yourself once you get yourself removed, and all your database will be deleted, including your bots. Some users go advanced, if your hosting a large botnet and stealing details there is so called "BulletProof Hosting" which ignores all reports abuse, including DMCA, spamhaus, etc. You want a bulletproof host ? Well tough luck, shared hosting goes for more than a 100 bucks, and servers end at 800$. Really expensive, so your best call is to simply get an offshore location.
Topic 5 - Known DDoS Bots ? I have stated a bit of information in another thread, I know most of you want a DDoS bot simply because with a press of a button you can cause massive chaos, and its possible. One of the strongest DDoS bot is Dirt Jumer, which is created specifically created to attack websites, methods such as: HTTP GET ( Sends GET requests ) - harder to block, HTTP POST, Synchronous Flood, Download Flood and an Anti-DDoS flood. The best thing I like about most bots these days is that they have random user agents, and change http headers and pretend to be legitimate traffic, that is really smart from the coders side, but they are usually really unstable, you would rather have a "loader" which is a type of bot which is really stable, you usually hold bots and it can act as a backbone for the DDoS bot, so you would 2 benefits, stability and power.
Topic 6 - How do cyber criminals get away with them ? There are several methods, such as bulletproof hosting, which I already stated, and a common but interesting method which large botnets use it FastFlux, most of you do not know what that is and I suggest you to read. Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies. It can also refer to the combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection used to make malware networks more resistant to discovery and counter-measures. The Storm Worm is one of the recent malware variants to make use of this technique. The basic idea behind Fast flux is to have numerous IP addresses associated with a single fully qualified domain name, where the IP addresses are swapped in and out with extremely high frequency, through changing DNS records.
- Credits to wikipedia.
Obviously you wouldn't have that if your starting off, so what I would suggest to do, is simply get a cheap VPS, with 128mb of ram and setup a reverse proxy, that will work for you. These are probably the only methods I know at the moment.
Topic 7 - How do people get so many "bots/installs" ? This is interesting, many of you have wondered how people get so many bots and sell them, thousands ! That's right, thousands. They either have some next "ub3r" spreading skills, which they don't or they buy an exploit kit. What is an exploit kit ? It's a type of crime ware which scans the computer for un-patched exploits, you could say its a Silent Driveby, but only say 10% will download the file, so that's why they get bulk traffic (real visitors) and send it to their exploit link, then some percentage % of the traffic gets generated into installs. Usually people get low quality countries such as: Pakistan, Indonesia, Egypt since they don't know what an anti-virus is and they have pirated version of windows. Your probably interested, but the cheapest packs go for 600$ monthly, but its a wise investment, of course if you know what your doing.
Most common exploit kit: http://www.webopedia.com/TERM/B/blackhol...t_kit.html
List of exploit kits: http://cyb3rsleuth.blogspot.co.uk/search...oit%20Kits
Topic 8 - Types of botnets ?
DDoS Bots - To initiate DDoS attacks on servers.
Banking Bots - Identity theft. ( Don't want to go into detail )
Spam Bots - To send out spam.
Socks Bots - To create socks4/socks5 proxies.
BitCoin Bots - To generate a virtual currency called " BTC ".
Loaders - To hold bots in a stable environment.
Topic 9 -What are honeypots ?
What is a honeypot, if you consider getting into botnets you should know. If you catch a honeypot, it would probably be some experienced user who wants to trace your botnet, or another hacker who want's to get into your botnet and steal some bots or a pig. Once you catch a honeypot, your bot will be analyzed and it will be traced. The incoming packets will be sniffed and your panel could be easily compromised within seconds. That's about it for you to know, there's not much you can say and do about it. .
A really useful resource: http://www.exposedbotnets.com/
I suggest everyone to visit, and you would understand how it works.
Topic 10 - Anonymous scanning ? Some of you simply scan with novirusthanks, or virustotal. That is probably the most wrong thing to do in your journey, never ever scan with them unless you want your files detected. I would strongly recommend anonymous scanning servers, those who don't distribute your file to the AV companies, so once its scanned it won't be analyzed by anyone. I recommend the following services:
http://www.scan4you.net http://www.elementscanner.su Those are the 2 I know, and I can assure that you will receive quality scanning services with them.
Topic 11 - Crypting my bin, making it undetectable ? This is important, most bins will be detected by most anti-viruses, and we do not want that, since there will be a lower % of executions from the installs we either purchase or spread. I strongly recommend crypters coded in native languages, since the stubs are usually smaller and the execution rate will be higher, however if your looking for long-lasting stubs you would rather go with a Visual Basic stubs, since it doesn't look that suspicious. I recommend: Father Crypter, Root Crypt. I haven't seen decent crypters here, but I heard some good feedback about: cloudcrypter.net. Remember to run an update on your bots on a regular basis, so you won't loose any machines.
Introduction: Botnet can be definied as the network of infected computers. A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things devices that are infected and controlled by a common type of software called malware. Users are often unaware of a botnet infecting their system. In basic language bots are program which are automated or you can say robotic. In simple context bots refer to those computers which can be controlled from the external source which may be programmed in them. Now the attacker gains access to the computers by virus or any miscellaneous code. Most of the times computer are operating normally, so the malicious operations stay hidden to the user. Infected devices are controlled remotely by threat actors, often cybercriminals, and are used for specific functions. Botnets are commonly used to:
- generate malicious traffic for distributed denial-of-service attacks
- cryptocurrency minning
- surveillance
- stealing data
- many other things Type of botnets:
- IOT(Internet of things) The Internet of things (IoT) is the network of physical devices, vehicles, home appliances and other items embedded with electronics, software, sensors, actuators, and network connectivity which enables these objects to connect and exchange data. Mirai is a malware that turns networked devices running Linux into remotely controlled "bots" that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers. The Mirai botnet was first found in August 2016.
- IRC (Internet Relay Chat) Internet Relay Chat (IRC) is an application layer protocol that facilitates communication in the form of text. The chat process works on a client/server networking model and bots are controlled by IRC Server.
- RAT (Remote Access Trojan) RAT is a specific type of malware that controls a system via a remote network connection as if by physical access. While desktop sharing and remote administration have many legal uses, RAT is usually associated with criminal or malicious activity. A RAT is typically installed without the victim's knowledge.- HTTP (Hypertext Transfer Protocol ) HTTP is an application protocol for distributed, collaborative, and hypermedia information systems.[1] HTTP is the foundation of data communication for the World Wide Web and bots are controlled trought webpanel. M0AB BoTNET CLOURSES teaches you how to setup RATS and HTTP botnets.