Thursday, 29 May 2014

How botnets works

Botnets, in a nutshell, are a bunch of infected computers connecting to one source... That source can be anything almost. A dedicated server, a home network, a client-type program, email, IRC... etc. There are several ways each can do their own thing. Client-type programs are generally things like "hostbooters" and RATs, but are not limited to just these. Dedicated servers usually either have PHP control panels to the bot or are set up via IRC for control. On home networks, they are generally IRCs set up (like a dumbass) on the persons computer or personal server in which he has them connect directly to him, but also these are exactly how client-types connect (but they use DNS routing to make them next to untraceable). I will explain the pros and cons of each type.

Client-type programs are generally less stable (note I say generally) than IRCs and HTTP botnets (HTTP referring to bots with PHP/HTML control panels). They usually are useful for nothing more than dicking around with DDoSing (on a low level) and having shits and giggles playing with peoples computers on a RAT (like watching them through their webcam while you turn the monitor on and off and open and close the disc tray). DDoSing on large levels like this are a fail usually as it takes so much time for all of your bots to connect to the booter when you first start it up, not to mention even through DNS routing, having this many connections at once hinders your speed to send out commands. For those big black hatters, trying to steal personal info from this is screaming to be locked up.

HTTP-type botnets connect to a command and control server somewhere. Usually, especially for botnets based out of the US, on an offshore dedicated server. The server doesnt have to be dedicated, but its annoying if you get hosted along side with somebody who whores all of your bandwidth and can not effectively utilize your network, not to mention security reasons if you have a larger net or an EXTREMELY illegal network like Zeus or SpyEye. These are the best for anything. Logging, fraud, DDoSing on low and high levels, stability (if the coder is worth two shits) and general commands (like Update and Download and execute sort of stuff) tend to be more effective and more useful. These take a little more knowledge to set up, but once you learn it is a lot quicker than IRCs from what I understand. You have to know a little C++ or C# (depending on your bot, maybe even to be able to compile, you'll need some HTML/PHP knowledge to be able to configure your control panel, and you will probably need to know your way around MySQL for hosting files. If you want a one bad botnet, code the whole thing from scratch, bot and control panel. That way if it doesn't work, the only one you have to blame is yourself. It will also save you paying an arm and a leg for a half way decent bot on the black market.

IRC-type botnets I have no experience with what so ever. If somebody will kindly give me something to update the post here with, I will be more than glad too.

Other "botnets" can include dedicated programs like loggers. They can steal your passwords, bank info, cached info, record your keystrokes, and so much more. These tend to be the most dangerous, effective and highly sought after. I use these more than anything.

Best way to go: Learn to Program and Make Your Own. I am just now learning some C++, planning to learn some PHP, then I am starting on a network. This way you can add any feature you want to it. You can completely control the security for it. You will know everything the network is doing and how it is doing it, so if a problem arises, you will know how to fix it

SKYPE : zkby2013
EMail :

No comments:

Post a Comment