Member
- Joined
- Oct 11, 2023
- Messages
- 105
- Thread Author
- #1
General concepts
From a linguistic point of view, the word "botnet" includes two words: "robot" and "network".A botnet is a collection of systems infected with malicious code and administered centrally. In other words, a network of computers that are controlled remotely by intruders.
Very often, botnets cannot be detected by antivirus programs, and victims often do not even know that they are an active part of a hidden network.
The botnet should function in such a way that even if you destroy or disable a decent number of nodes, its overall performance will not be affected.
Our goal is to earn money. And we will consider botnets and everything related to them based on this.
Each infected computer / device on the network plays a role and acts as a “bot”, is controlled by a single decision-making center (bot driver) to perform various actions secretly from the owner of the computer/device.
It is noteworthy that the technology itself was originally developed for good purposes. Bots served as an auxiliary software tool for performing monotonous non-criminal and repetitive tasks, as well as for automating them. Over time, however, inquisitive and enterprising minds quickly figured out what was going on, and began using botnets for their own harmful purposes, generating profits.
Since the days when bots played only the role of assistants, a lot of water has flowed. Software for implementing, controlling, and ensuring the smooth operation of botnets has made great strides.
At the moment, botnets can implement various attack methods, working simultaneously across many directories and verticals.
It probably won't be a surprise to you that our industry is quite heavily segmented in terms of specializations and areas. This means that everyone here is doing their own thing. You can observe how one person (or group) produces cardboard, others sell it, others drive it in, others send the goods they drive in, others sell it, etc.
A similar division into specializations exists in bot breeding. Thus, the coder sells the source code, and the source buyer sells the resources or services of the botnet to other users. The latter, in turn, are end users or sell the product they created further, in the same way as the previous ones.
The average service life of botnets is determined by” experts " from several months to several years. At the same time, the content of a botnet for a long time is not always equally useful and profitable, but we will talk about this in the following articles.
By targeting the market, botnet creators often create the most favorable conditions for their customers.
For example, the botnet management interface (admin panel) is quite simple in most cases. It doesn't require any special knowledge or skills to work with it.
This is where Malware as a Service also originates.
If you are not a coder and cannot create / distribute your own botnet, please contact vendors who will do all of the above for a certain fee.
In most countries (developed and developing) they actively fight against botnets.
Of course, this is carefully kept silent, but, in reality, the special services use exactly the same methods and technologies for their own purposes.
Such a nice neighborhood is beneficial for both sides, so you don't often hear about the elimination of serious botnets. Balance of interests, you know.
Technological structure of botnets
A typical botnet structure usually takes one of the following forms: a client-server model or a peer-to-peer model (P2P, Peer-to-peer). They are also called peer-to-peer.In the botnet structure implemented in the client-server model, a basic network is created in which one server acts as the main botmaster.
The botmaster server is designed to control the transfer of data from each infected client to install commands and control client devices.
In the case of the client-server model, the operation of the system is achieved through special software that makes it possible to achieve and maintain constant control over infected devices.
However, this model has several significant drawbacks.
The main thing is that it can be easily detected.
The reason is that there is only one control point in this model. If the server is destroyed, the botnet crashes.
In other words, we have a lot of infected devices that all ping and constantly access one specific server.
As you can guess, the question of detecting such a network by an edge is not worth it in principle.
This is rather an archaic architecture, which is currently not used by serious botnets. Well, except in white, legitimate software.
At least, I don't know of such botnets, which are minimally noticeable and at least somewhat significant level.
Of course, there are a lot of small crafts, all sorts of script kidi-level botnets (and this, by the way, is the majority of those offered on the market). But, ideally, it is better to stay away from this garbage.
Our goal is a really cool botnet. And not just with a clear name, but with a powerful filling and a serious profit. And this is-never "client-server". Believe me.
More precisely, I will say this: yes, you can do something, in principle, working through C&C, but this is a failed approach in advance. If we're going into space, of course.
If our task is to make another tenacious botnet that can be dropped at any time, then we can also use a “client-server”.
As for the peer-to-peer model (P2P, peer-to-peer), everything is much more interesting here.
All modern and, I emphasize, serious botnets are built on this model.
Working with a single centralized monitoring server is a big drawback.
This disadvantage is overcome by creating a peer-to-peer structure.
In this model, each connected device operates independently as both a client and a server at the same time.
At the same time, each device coordinates the updating and transmission of other data between the same devices.
Because of this, the P2P botnet structure is much stronger and less vulnerable than the centralized management model.
By the way, do you know what is the most massive botnet in the world and what very famous company owns it? This is Microsoft!
These bastards have the ability to connect to ANY machine remotely and supposedly clean it from malware.
By the way, small-scale users are constantly taking control of more and more botnets, as well as buying up databases of compromised passwords.
Naturally, to fight us.
Good luck, hula.
Classification of botnets
What can botnets do?
Below I will give only the main and most important functions that can be assigned to a botnet.Calculation
First of all, you need to understand that a network of infected machines is a decent array of computing power.In this regard, the first thing that comes to mind is to make these capacities work in their direct direction, namely: calculate the selection of hash, brute, etc. After all, 5 thousand machines work faster than one...