Botnet Operation for Dummies

Are you a self-starter with little or no technical skills looking to join the rapidly expanding, ethically dubious cybercrime industry? If you answered yes to this question, then the do-it-yourself, HTTP-based botnet profiled on Webroot by Dancho Danchev may be just the opportunity you’ve been looking for.

Are you a self-starter with little or no technical skills looking to join the rapidly expanding, ethically dubious cybercrime industry? If you answered yes to this question, then the do-it-yourself, HTTP-based botnet profiled on Webroot by Dancho Danchev may be just the opportunity you’ve been looking for.

There was a time when the wondrous world of Internet crime was only accessible to the highly skilled programmers and well-equipped hackers. Those days are over thanks to new, DIY botnets that give anybody with two hands and a keyboard the ability to take command of hundreds of infected computers and use them for any number of purposes.

Danchev found one such HTTP-based botnet. It had 232 infected machines ensnared in its network, most of which were located in Spain and ran Windows XP. In addition to the Spanish XP machines, the botnet also had a substantial number of infections in Chile and access to a number of machines running the various iterations of Windows 7 and Vista.

The botnet gives its users the ability to execute a short list of simple commands, including the ability update or remove infected machines and download software (or malware); it gives them ability to refine the machines that will execute those commands by operating system or country of origin or users can single out an individual machine or use all the available machines within their network at a given time or just allow the botnet to choose a random zombie to do its bidding; the bot also offers a built-in pharming feature.

As the report indicates, Pharming is something of a dated infection technique compared to those deployed by most exploit packs. Pharming is an attack method that attempts to redirect Web-traffic from one seemingly benign site to another under the attacker’s control. Pharming can be executed in a number of ways including by altering host files on a zombie machine or through a DNS poisoning exploit.

Users can customize their botnet experience in the settings section and view statistics about their network like the number of bots, the number of bots currently online, the number of bots offline, and the various countries in which their bots are located as well as other information.

Suggested articles