"A Botnet is a collection of software agents, or robots, that run
autonomously and automatically. The term is most commonly associated
with malicious software, but it can also refer to a network of computers
using distributed computing software."
It all starts out with the creator of the botnet, the herder. A herder is the (master)mind behind the script that is spread around, infecting hundreds, if not thousands of computers. And each infected computer is deemed a slave to said botnet, also known as a zombie.
Botnets have recently been used mainly for DDoS attacks. These attacks can be used for a number of reasons - to put a ransom on the up-time of a site (threatening to kick it offline), to collect user credentials (as many bot scripts have keylogging functions), or simply to demonstrate the power one has over the internet.
A very rapid growth in IRC bots has been present and apparent recently. Bot scripts that connect to an IRC channel on the zombie computer can take direct commands once they are in the channel.
Spreading is necessary for a botnet. Spreading techniques that are most commonly used today range from drive-by downloads to torrents, 'cracked' software to Youtube videos, and everything in-between. And often times the herder will bind his bot to the true file that he is promoting for spreading, in which case the end-user is satisfied from the download, while he also is not suspicious of it.
Once the script is downloaded, however, the road to botnet domination still is not paved in gold. This is the point in which crypters and stubs come in...
Crypters are programs that use a number of techniques in order to prevent (or 'distract'Wink anti-virus software from detecting the virus that is being spread around. When a script avoids being detected by anti-virus, it is referred to as fully undetectable (FUD).
Some methods commonly used by crypters are:
- Adding junk code for modifying execution flow and various other reasons.
- Changing strings, encrypting strings.
- Changing variable names.
- Changing the order of all code aspects.
- Changing Assembly information.
- Adding or changing the icon.
This brings us to stubs. Stubs are usually .exe files, and sometimes .dll files. Basically, how undetectable the final script executable will be depends on the stub used. Some crypters have 'Unique Stub Generators' that come pre-packaged. Unique stubs allow scripts to be FUD for longer time periods.
Once anti-virus software 'learns' the stub, your script is no longer FUD, and you must use a new (unique) stub to make your script FUD once more.
It all starts out with the creator of the botnet, the herder. A herder is the (master)mind behind the script that is spread around, infecting hundreds, if not thousands of computers. And each infected computer is deemed a slave to said botnet, also known as a zombie.
Botnets have recently been used mainly for DDoS attacks. These attacks can be used for a number of reasons - to put a ransom on the up-time of a site (threatening to kick it offline), to collect user credentials (as many bot scripts have keylogging functions), or simply to demonstrate the power one has over the internet.
A very rapid growth in IRC bots has been present and apparent recently. Bot scripts that connect to an IRC channel on the zombie computer can take direct commands once they are in the channel.
Spreading is necessary for a botnet. Spreading techniques that are most commonly used today range from drive-by downloads to torrents, 'cracked' software to Youtube videos, and everything in-between. And often times the herder will bind his bot to the true file that he is promoting for spreading, in which case the end-user is satisfied from the download, while he also is not suspicious of it.
Once the script is downloaded, however, the road to botnet domination still is not paved in gold. This is the point in which crypters and stubs come in...
Crypters are programs that use a number of techniques in order to prevent (or 'distract'Wink anti-virus software from detecting the virus that is being spread around. When a script avoids being detected by anti-virus, it is referred to as fully undetectable (FUD).
Some methods commonly used by crypters are:
- Adding junk code for modifying execution flow and various other reasons.
- Changing strings, encrypting strings.
- Changing variable names.
- Changing the order of all code aspects.
- Changing Assembly information.
- Adding or changing the icon.
This brings us to stubs. Stubs are usually .exe files, and sometimes .dll files. Basically, how undetectable the final script executable will be depends on the stub used. Some crypters have 'Unique Stub Generators' that come pre-packaged. Unique stubs allow scripts to be FUD for longer time periods.
Once anti-virus software 'learns' the stub, your script is no longer FUD, and you must use a new (unique) stub to make your script FUD once more.
No comments:
Post a Comment