Mass Botnets : Managing and Survival

Question 1
Lets say we send a payload to 1000's of people who run it... how do you manage 1000's of pc's in the botnet??

Question 2
How do these big botnets survive??

I mean that if however a security guy or cyberpolice got hold of a mass payload... then dont they track it down?? Then how do these botnets survive??

15 Responses

  1. Can you elavorate a bit?? Except google...
  1. Yea they eat little botnets.. but how do the big ones survive?? HOW??!!

THANKS ;);)

  1. what is your problem with google?
  1. those big botnets never make a lot of noise, so they won't be detected so easily.

-Phoenix750

  1. Its just none of the tutorials give complete or sensible info... I always have to improvise that takes me hours..
  1. But some are just too big man... how can they survive... there must be SOMETHING!!??.. ;);)
  1. improvising and "own research" (a.k.a googling) is a necessary skill for every hacker
  1. the owners of these botnets did exactly what you don't want to do: improvise. my answer that huge botnets stay hidden by not making much noise was actually how i would do it. but there are many other ways. you would simply need some creativity to make your own tactic in staying hidden.

hacking is a skill that relies heavily on creativity and improvising, if you don't like either creativity or improvising, you are going to have a bad time. hacking isn't really the skill that you can do "by the book".

-Phoenix750

Ok one last question..
Cant bind-tcp 'payloads' be analysed to get the ip??

since bind-tcp payloads don't require your IP, no.

-Phoenix750

I know that.. but I hate to spend 3 hours searching for cap2hccap without finding anything and im really fed up from it man...

i'm not trying to discourage you, but if you continue hacking, chances are you are going to do similar things for not just 3 hours, but say, a few weeks.

-Phoenix750

But on such small topic..
Id spend 7 hours straight learning nmap rather that spending 3 hours on cap2hccap

3 hours for what? When aircrack -J does it, as you know. Hashcat is not so fast I would kill hours off trying to learn some other thing. I am sorry but there is no way around basic problem solving skills in this industry.

3 hours? I have worked on a target(s) for months..,.. It's all right just get your crawl on first.

creativity, persistence, and patience.

the 3 vital skills for every hacker.

-Phoenix750

Peer-to-peer botnets are hardly new. The Alureon / TLD4 botnet, for example can survive indefinitely if it loses contact with its C&C network. These networks are difficult to detect. They use network traffic that looks, at least on the surface, like SSL-based web requests—except that they use their own embedded encryption. The anonymity and stability of those networks make them very profitable for botnet operators. In some cases, they even sell access to their anonymizing network as one of their services to help others conceal themselves in other criminal activities—like a malign version of the Tor Network.

Thanks but im pretty new.. and I didnt understand that :P

Most botnets use custom payloads and controllers; this reduces the detectability by a long way.

Essentially there are two main heads to a typical Botnet, a Command and Control Server (CnC), this will send commands to the botnet, in a big one probably via some custom p2p network.

And the clients or (bots). These read the commands and then execute them. One example of that would be to execute a DOS attack to a specified server, or package up their users cookies from their browsers and send back to home.

CnC servers are generally the places where people get caught, the secret is to use a P2P network like MR NAK UP3NDA. A P2P network is extremely resilient as it doesn't rely on a single CnC server, yet passes instructions to others, the only thing stopping any random person dropping in their own instructions is the fact they don't know the format and code, and perhaps a GPG encryption on the commands.

Share Your Thoughts

  • Hot
  • Active