Pages

Friday, October 19, 2012

Botnet Detail


Botnet

In malware, a Botnet is a collection of infected computers or bots that have been taken over by hackers (also known as bot herders) and are used to perform malicious tasks or functions. A computer becomes a bot when it downloads a file (e.g., an email attachment) that has bot software embedded in it. A Botnet is considered a Botnet if it is taking action on the client itself via IRC channels without the hackers having to log in to the client's computer. A Botnet consists of many threats contained in one. The typical Botnet consists of a bot server (usually an IRC server) and one or more botclients



Formation and exploitation

This example illustrates how a Botnet is created and used to send email spam.

  1. A Botnet operator sends out viruses or worms, infecting ordinary users' computers, whose payload is a malicious application—the bot.
  2. The bot on the infected PC logs into a particular C&C server (often an IRC server, but, in some cases a web server).
  3. A spammer purchases the services of the Botnet from the operator.
  4. The spammer provides the spam messages to the operator, who instructs the compromised machines via the IRC server, causing them to send out spam messages.



Botnets are exploited for various purposes, including denial-of-service attacks, creation or misuse of SMTP mail relays for spam (see Spambot), click fraud, spamdexing and the theft of application serial numbers, login IDs, and financial information such as credit card numbers.

The Botnet controller community features a constant and continuous struggle over who has the most bots, the highest overall bandwidth, and the most "high-quality" infected machines, like university, corporate, and even government machines.



Types of attacks

Denial-of-service attacks where multiple systems autonomously access a single Internet system or service in a way that appears legitimate, but much more frequently than normal use and cause the system to become busy.

Adware exists to advertise some commercial entity actively and without the user's permission or awareness, for example by replacing banner ads on web pages with those of another content provider.

Spyware is software which sends information to its creators about a user's activities – typically passwords, credit card numbers and other information that can be sold on the black market. Compromised machines that are located within a corporate network can be worth more to the bot herder, as they can often gain access to confidential information held within that company. There have been several targeted attacks on large corporations with the aim of stealing sensitive information, one such example is the Aurora Botnet.

E-mail spam are e-mail messages disguised as messages from people, but are either advertising, annoying, or malicious in nature.

Click fraud is the user's computer visiting websites without the user's awareness to create false web traffic for the purpose of personal or commercial gain.

Access number replacements are where the Botnet operator replaces the access numbers of a group of dial-up bots to that of a Slave's phone number. Given enough bots partake in this attack, the Slave is consistently bombarded with phone calls attempting to connect to the internet. Having very little to defend against this attack, most are forced into changing their phone numbers (land line, cell phone, etc.).

Fast flux is a DNS technique used by Botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.

Preventive measures


If a machine receives a denial-of-service attack from a Botnet, few choices exist. Given the general geographic dispersal of Botnets, it becomes difficult to identify a pattern of offending machines, and the sheer volume of IP addresses does not lend itself to the filtering of individual cases. Passive OS fingerprinting can identify attacks originating from aBotnet: network administrators can configure newer firewall equipment to take action on a Botnet attack by using information obtained from passive OS fingerprinting. The most serious preventive measures utilize rate-based intrusion prevention systems implemented with specialized hardware. A network based intrusion detection system (NIDS) will be an effective approach when detecting any activities approaching Botnet attacks. NIDS monitors a network, it sees protected hosts in terms of the external interfaces to the rest of the network, rather than as a single system, and get most of its results by network packet analysis.

Some Botnets use free DNS hosting services such as DynDns.org, No-IP.com, and Afraid.org to point a subdomain towards an IRC server that will harbor the bots. While these free DNS services do not themselves host attacks, they provide reference points (often hard-coded into the Botnet executable). Removing such services can cripple an entire Botnet. Recently, these companies have undertaken efforts to purge their domains of these subdomains. The Botnet community refers to such efforts as "nullrouting", because the DNS hosting services usually re-direct the offending subdomains to an inaccessible IP address. Similarly, some Botnets implement custom versions of well-known protocols. The implementation differences can be used for fingerprint-based detection of Botnets. For example, Mega-D features a slightly modified SMTP protocol implementation for testing the spam capability. Bringing down the Mega-D's SMTP server disables the entire pool of bots that rely upon the same SMTP server.

Several security companies such as Afferent Security Labs, Symantec, Trend Micro, FireEye, Umbra Data and Damballa have announced offerings to stop Botnets. While some, like Norton AntiBot (discontinued), are aimed at consumers, most are aimed to protect enterprises and/or ISPs. The host-based techniques use heuristics to try to identify bot behavior that has bypassed conventional anti-virus software. Network-based approaches tend to use the techniques described above; shutting down C&C servers, nullrouting DNS entries, or completely shutting down IRC servers.

Newer Botnets are almost entirely P2P, with command-and-control embedded into the Botnet itself. By being dynamically updateable and variable they can evade having any single point of failure. Commanders can be identified solely through secure keys and all data except the binary itself can be encrypted. For example a spyware program may encrypt all suspected passwords with a public key hard coded or distributed into the bot software. Only with the private key, which only the commander has, can the data that the bot has captured be read.

Newer Botnets have even been capable of detecting and reacting to attempts to figure out how they work. A large Botnet that can detect that it is being studied can even DDoS those studying it off the internet.


Few Description about Zombie Computer.

Zombie Computer :- A Zombie Computer (often shortened as Zombie) is a computer connected to the Internet that has been compromised by a cracker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction. Botnet of Zombie Computers are often used to spread e-mail spam and launch denial-of-service attacks. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to Zombie.  


source : http://www.worldofhacker.com/

2 comments:

  1. Replies
    1. Hello world
      I teach hacking andriod apk virus - windows Hacking - web server hacking -
      Reseller :- Hacking Tools & Hacking services, Also Teach Hacking Methods Via teem weaver or Anydesk,
      Each Method Take minimum 1 hour to learn with vedio Tutorial And Hacking Tools ,

      How to Make Money hacking tools,

      - Spamming & Tools ,
      - Carding & Tools ,
      - Virus with control panal and Spy bot files,
      - Virus With Builder And Crypter ,
      - Scanners with Bruters ,
      - Crypters with Doc Exploits ,pdf Exploits ,TExtfile Exploits ,
      - PHP Exploits with shell and mailer
      - OTP verications Bypass with Bulletproof Scam-page and Otp control
      - Company Ceo or cfo leads Any country
      - Rat virus with builder
      - Cookies Stealers and Builder
      - keyloger and builder
      - Credit card Scam-pages
      - Bank login Scam-pages
      - debit card topup scam page
      - donation scam-page
      - dhl login and tracking scam-page
      - fedax login and tracking scam-page
      - Shipping Tools

      Place & Ground
      learners you will pay cheap $ for demo Tools & Method

      Business grounds

      Credit card Low Interest Services,

      - Credit card with Fullz Information - Minimum Investment 150$ - With 50k Credit limit And balance
      - Debit Card Topup AS per Card limit - Minimum Investment 200$ - With 8000$ balance
      - Dating scam Fresh male female Logins - Minimum Investment 80$ - Dating Login upto 30

      -----------------
      ABOUT US :
      Icq :-675452902
      Skype: rushr00t000
      email me:- hackitbackd00r@gmail.com

      Delete