9.3 Botnets

Organized Cyber Crime: Organizational Chart


  • Bots are software applications that run automated tasks over the Internet and perform simple repetitive tasks, such as web spidering and search engine indexing.
  • A botnet is a huge network of the compromised systems and can be used by an attacker to launch denial-of-service attacks.

A Typical Botnet Setup

Botnet Ecosystem

Scanning Methods for Finding Vulnerable Machines

  • Random Scanning: The infected machine probes IP addresses randomly from target network IP range and checks for the vulnerability.
  • Hit-list Scanning: Attacker first collects list of possible potentially vulnerable machines and then perform scanning to find vulnerable machine.


  • Topological Scanning: It uses the information obtained on infected machine to find new vulnerable machines.


  • Local Subnet Scanning: The infected machine looks for the new vulnerable machine in its own local network.


  • Permutation Scanning: It uses pseudorandom permutation list of IP addresses to find new vulnerable machines.

    Divide and conquer

How Malicious Code Propagates?

  • Attackers use three techniques to propagate malicious code to newly discovered vulnerable system:
    • Central Source Propagation: Attacker places attack toolkit on the central source and copy of the attack toolkit is transferred to the newly discovered vulnerable system.

      透過central source下載attack toolkit

    • Back-chaining Propagation: Attacker places attack toolkit on his/her system itself and copy of the attack toolkit is transferred to the newly discovered vulnerable system.

      需要時再從attacker中請求下載attack toolkit

    • Autonomous Propagation: Attack toolkit is transferred at the time when the new vulnerable system is discovered.

      Attacker在攻擊成功時就一起連attack toolkit載下來

Botnet Trojan: Blackshades NET

  • Blackshades NET has the ability to create implant binaries which employ custom obfuscation algorithms or Crypters, which can be bought through the Bot/Crypter marketplace embedded in the BlackShades controller.

Botnet Trojans: Cythosia Botnet and Andromeda Bot

Botnet Trojan: PlugBot

  • PlugBot is a hardware botnet project.
  • It is a covert penetration testing device (bot) designed for covert use during physical penetration tests.

results matching ""

    No results matching ""