Mass Botnets : Managing and Survival

Question 1
Lets say we send a payload to 1000's of people who run it... how do you manage 1000's of pc's in the botnet??

Question 2
How do these big botnets survive??

I mean that if however a security guy or cyberpolice got hold of a mass payload... then dont they track it down?? Then how do these botnets survive??

Never Miss a Hacking or Security Guide

Get new Null Byte guides every week.

5 Responses

  1. Can you elavorate a bit?? Except google...
  1. Yea they eat little botnets.. but how do the big ones survive?? HOW??!!

THANKS ;);)

Peer-to-peer botnets are hardly new. The Alureon / TLD4 botnet, for example can survive indefinitely if it loses contact with its C&C network. These networks are difficult to detect. They use network traffic that looks, at least on the surface, like SSL-based web requests—except that they use their own embedded encryption. The anonymity and stability of those networks make them very profitable for botnet operators. In some cases, they even sell access to their anonymizing network as one of their services to help others conceal themselves in other criminal activities—like a malign version of the Tor Network.

Thanks but im pretty new.. and I didnt understand that :P

Most botnets use custom payloads and controllers; this reduces the detectability by a long way.

Essentially there are two main heads to a typical Botnet, a Command and Control Server (CnC), this will send commands to the botnet, in a big one probably via some custom p2p network.

And the clients or (bots). These read the commands and then execute them. One example of that would be to execute a DOS attack to a specified server, or package up their users cookies from their browsers and send back to home.

CnC servers are generally the places where people get caught, the secret is to use a P2P network like MR NAK UP3NDA. A P2P network is extremely resilient as it doesn't rely on a single CnC server, yet passes instructions to others, the only thing stopping any random person dropping in their own instructions is the fact they don't know the format and code, and perhaps a GPG encryption on the commands.

Share Your Thoughts

  • Hot
  • Active