]
08-13-2019, 05:49 AM
Botnet Q&A - The majority of answers are finally here !
This is created for those are confused or want to do a bit of research. Are you tired looking for answers ? Well if so, you came to right place.
Educational purposes only
What will this tutorial include ?
What is a botnet ?
What are botnets made for ?
How can you monetize/profit from them ?
Where to host them ?
Known DDoS Bots ?
How do cyber criminals get away with them ?
How do people get so many "bots/installs" ?
Types of botnets ?
What are honeypots ?
Anonymous scanning ?
Crypting my bin, making it undetectable ?
Topic 1 - What is a botnet ?
A botnet is a network of compromised computers, we call them zombies. The bot master can control all the computers using his command & control server where he can initiate various commands. He usually controls them via standards-based network protocols such as IRC and http. Most bot masters use IRC since its much more secure, but I personally prefer HTTP since its easier to control and manage in my opinion. If your too paranoid you should go with IRC, but beware ! If the feds want to get it, they will. To extend your knowledge I suggest visiting this article:
Topic 2 - What are botnets made for ?
There are several purposes. Some people want to earn money, and they usually make a living by either coding them or using them to send spam,steal information, etc. Other people want to simply prove that they can, and brag about there abilities. They are made to either steal financial information, such as bank accounts, credit card details and other sensitive details. They are called banking bots, however I do not want to go into detail since this activity is disallowed. Some bots only have DDoS functions, used to launch DDoS attacks ( The majority of DDoS bots are HTTP-Based ). People either offer services once again to gain funds, others just do it for "pixels" to gain fame on the internet. Other bots send spam, and I recently noticed some bots that can turn them into socks, that can be very profitable since there is a high demand for private socks on the blackmarket. So there's 2 options and its your call, either money or fame. Extend your knowledge in this aspect, I suggest you to visit this:
Topic 3 - How can you monetize/profit from them ?
Plenty of options, the most important is that you either have a large amount of bots or high quality countries, such as: US,UK,CA,AUS,FR and several other EU countries. Why high quality countries ? Since there is a thing called "PPI" ( Pay Per Install ). They demand the best countries, since there is more chance to advertise and the spec's are better, unlike Pakistan and Indonesia for example. Sending spam. This is the most common use for botnets, and is also one of the simplest. Experts estimate that over 80% of spam is sent from zombie computers. It should be noted that spam is not always sent by botnet owners: botnets are often rented by spammers. It's the spammers who understand the real value of botnets. According to our data, an average spammer makes $50,000 – $100,000 a year. Botnets made up of thousands of computers allow spammers to send millions of messages from infected machines within a very short space of time. DDoS attacks. Even here you can see that users profit, if you go the " Service Offerings " you could see plenty, but the majority of them simply buy 10 booters and think they run the scene. An experienced user would rather go with a private bot, for example: Dirt Jumper ( wich has been cracked ) is a really powerful tool made for websites, Pandora DDoS Bot ( notorious bot, some people say its good others give bad feedback ), G-Bot and more, most of you know these since I have seen a lot of topics where people were trying to set them up. This might be interesting ! : And how can I miss bitcoins, ah. This is probably the easiest way to profit from your net, by running a miner which will complete tasks, and it will generate " BTC ". Most pools payout via PayPal so its much easier to collect revenue. Note to get the best performance it is better to enable GPU, computers with ATI Radeon cards will generate more money, so watch out ! Luckily I have found an estimated earnings scheme for bot masters who do this activity.
Botnet mining per day
Bots Bot earnings per day Total earnings
100 x $0.03 $3
1,000 x $0.03 $30
10,000 x $0.03 $300
100,000 x $0.03 $3,000
Botnet mining per week
Bots Bot earnings per week Total earnings
100 x $0.23 $23
1,000 x $0.23 $230
10,000 x $0.23 $2,300
100,000 x $0.23 $23,000
Botnet mining per month
Bots Bot earnings per month Total earnings
100 x $0.97 $97
1,000 x $0.97 $970
10,000 x $0.97 $9,700
100,000 x $0.97 $97,000
I would say that isn't bad at all, say if I had 200 000 bots, I would probably work from home .
Topic 4 - Where to host them ?
It all depends. Say if you just wanted a small net, you would usually go with an offshore VPS ( I do not advise shared hosting ), make sure it isn't located in the US/UK & Germany and your all good. The best countries are probably: China, Taiwan, Iran, Ukraine, Singapore. Russia is "ok", they also have some strict laws, I do not understand why most users think that russian providers have immunity, that is not true. If your on a budget you could always hack a box, and host it there. But blame yourself once you get yourself removed, and all your database will be deleted, including your bots. Some users go advanced, if your hosting a large botnet and stealing details there is so called "BulletProof Hosting" which ignores all reports abuse, including DMCA, spamhaus, etc. You want a bulletproof host ? Well tough luck, shared hosting goes for more than a 100 bucks, and servers end at 800$. Really expensive, so your best call is to simply get an offshore location.
Topic 5 - Known DDoS Bots ?
I have stated a bit of information in another thread, I know most of you want a DDoS bot simply because with a press of a button you can cause massive chaos, and its possible. One of the strongest DDoS bot is Dirt Jumer, which is created specifically created to attack websites, methods such as: HTTP GET ( Sends GET requests ) - harder to block, HTTP POST, Synchronous Flood, Download Flood and an Anti-DDoS flood. The best thing I like about most bots these days is that they have random user agents, and change http headers and pretend to be legitimate traffic, that is really smart from the coders side, but they are usually really unstable, you would rather have a "loader" which is a type of bot which is really stable, you usually hold bots and it can act as a backbone for the DDoS bot, so you would 2 benefits, stability and power.
Topic 6 - How do cyber criminals get away with them ?
There are several methods, such as bulletproof hosting, which I already stated, and a common but interesting method which large botnets use it FastFlux, most of you do not know what that is and I suggest you to read. Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies. It can also refer to the combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection used to make malware networks more resistant to discovery and counter-measures. The Storm Worm is one of the recent malware variants to make use of this technique.
The basic idea behind Fast flux is to have numerous IP addresses associated with a single fully qualified domain name, where the IP addresses are swapped in and out with extremely high frequency, through changing DNS records.
- Credits to wikipedia.
Obviously you wouldn't have that if your starting off, so what I would suggest to do, is simply get a cheap VPS, with 128mb of ram and setup a reverse proxy, that will work for you. These are probably the only methods I know at the moment.
Topic 7 - How do people get so many "bots/installs" ?
This is interesting, many of you have wondered how people get so many bots and sell them, thousands ! That's right, thousands. They either have some next "ub3r" spreading skills, which they don't or they buy an exploit kit. What is an exploit kit ? It's a type of crime ware which scans the computer for un-patched exploits, you could say its a Silent Driveby, but only say 10% will download the file, so that's why they get bulk traffic (real visitors) and send it to their exploit link, then some percentage % of the traffic gets generated into installs. Usually people get low quality countries such as: Pakistan, Indonesia, Egypt since they don't know what an anti-virus is and they have pirated version of windows. Your probably interested, but the cheapest packs go for 600$ monthly, but its a wise investment, of course if you know what your doing.
Most common exploit kit:
List of exploit kits:
Topic 8 - Types of botnets ?
DDoS Bots - To initiate DDoS attacks on servers.
Banking Bots - Identity theft. ( Don't want to go into detail )
Spam Bots - To send out spam.
Socks Bots - To create socks4/socks5 proxies.
BitCoin Bots - To generate a virtual currency called " BTC ".
Loaders - To hold bots in a stable environment.
Topic 9 -What are honeypots ?
What is a honeypot, if you consider getting into botnets you should know. If you catch a honeypot, it would probably be some experienced user who wants to trace your botnet, or another hacker who want's to get into your botnet and steal some bots or a pig. Once you catch a honeypot, your bot will be analyzed and it will be traced. The incoming packets will be sniffed and your panel could be easily compromised within seconds. That's about it for you to know, there's not much you can say and do about it. .
A really useful resource:
I suggest everyone to visit, and you would understand how it works.
Topic 10 - Anonymous scanning ?
Some of you simply scan with novirusthanks, or virustotal. That is probably the most wrong thing to do in your journey, never ever scan with them unless you want your files detected. I would strongly recommend anonymous scanning servers, those who don't distribute your file to the AV companies, so once its scanned it won't be analyzed by anyone. I recommend the following services:
Topic 11 - Crypting my bin, making it undetectable ?
This is important, most bins will be detected by most anti-viruses, and we do not want that, since there will be a lower % of executions from the installs we either purchase or spread. I strongly recommend crypters coded in native languages, since the stubs are usually smaller and the execution rate will be higher, however if your looking for long-lasting stubs you would rather go with a Visual Basic stubs, since it doesn't look that suspicious. I recommend: Father Crypter, Root Crypt. I haven't seen decent crypters here, but I heard some good feedback about: cloudcrypter.net. Remember to run an update on your bots on a regular basis, so you won't loose any machines.
1.Useful Videos:
- Botnets Part 1
This is created for those are confused or want to do a bit of research. Are you tired looking for answers ? Well if so, you came to right place.
Educational purposes only
What will this tutorial include ?
What is a botnet ?
What are botnets made for ?
How can you monetize/profit from them ?
Where to host them ?
Known DDoS Bots ?
How do cyber criminals get away with them ?
How do people get so many "bots/installs" ?
Types of botnets ?
What are honeypots ?
Anonymous scanning ?
Crypting my bin, making it undetectable ?
Topic 1 - What is a botnet ?
A botnet is a network of compromised computers, we call them zombies. The bot master can control all the computers using his command & control server where he can initiate various commands. He usually controls them via standards-based network protocols such as IRC and http. Most bot masters use IRC since its much more secure, but I personally prefer HTTP since its easier to control and manage in my opinion. If your too paranoid you should go with IRC, but beware ! If the feds want to get it, they will. To extend your knowledge I suggest visiting this article:
[To see links please register here]
!Topic 2 - What are botnets made for ?
There are several purposes. Some people want to earn money, and they usually make a living by either coding them or using them to send spam,steal information, etc. Other people want to simply prove that they can, and brag about there abilities. They are made to either steal financial information, such as bank accounts, credit card details and other sensitive details. They are called banking bots, however I do not want to go into detail since this activity is disallowed. Some bots only have DDoS functions, used to launch DDoS attacks ( The majority of DDoS bots are HTTP-Based ). People either offer services once again to gain funds, others just do it for "pixels" to gain fame on the internet. Other bots send spam, and I recently noticed some bots that can turn them into socks, that can be very profitable since there is a high demand for private socks on the blackmarket. So there's 2 options and its your call, either money or fame. Extend your knowledge in this aspect, I suggest you to visit this:
[To see links please register here]
!Topic 3 - How can you monetize/profit from them ?
Plenty of options, the most important is that you either have a large amount of bots or high quality countries, such as: US,UK,CA,AUS,FR and several other EU countries. Why high quality countries ? Since there is a thing called "PPI" ( Pay Per Install ). They demand the best countries, since there is more chance to advertise and the spec's are better, unlike Pakistan and Indonesia for example. Sending spam. This is the most common use for botnets, and is also one of the simplest. Experts estimate that over 80% of spam is sent from zombie computers. It should be noted that spam is not always sent by botnet owners: botnets are often rented by spammers. It's the spammers who understand the real value of botnets. According to our data, an average spammer makes $50,000 – $100,000 a year. Botnets made up of thousands of computers allow spammers to send millions of messages from infected machines within a very short space of time. DDoS attacks. Even here you can see that users profit, if you go the " Service Offerings " you could see plenty, but the majority of them simply buy 10 booters and think they run the scene. An experienced user would rather go with a private bot, for example: Dirt Jumper ( wich has been cracked ) is a really powerful tool made for websites, Pandora DDoS Bot ( notorious bot, some people say its good others give bad feedback ), G-Bot and more, most of you know these since I have seen a lot of topics where people were trying to set them up. This might be interesting ! : And how can I miss bitcoins, ah. This is probably the easiest way to profit from your net, by running a miner which will complete tasks, and it will generate " BTC ". Most pools payout via PayPal so its much easier to collect revenue. Note to get the best performance it is better to enable GPU, computers with ATI Radeon cards will generate more money, so watch out ! Luckily I have found an estimated earnings scheme for bot masters who do this activity.
Botnet mining per day
Bots Bot earnings per day Total earnings
100 x $0.03 $3
1,000 x $0.03 $30
10,000 x $0.03 $300
100,000 x $0.03 $3,000
Botnet mining per week
Bots Bot earnings per week Total earnings
100 x $0.23 $23
1,000 x $0.23 $230
10,000 x $0.23 $2,300
100,000 x $0.23 $23,000
Botnet mining per month
Bots Bot earnings per month Total earnings
100 x $0.97 $97
1,000 x $0.97 $970
10,000 x $0.97 $9,700
100,000 x $0.97 $97,000
I would say that isn't bad at all, say if I had 200 000 bots, I would probably work from home .
Topic 4 - Where to host them ?
It all depends. Say if you just wanted a small net, you would usually go with an offshore VPS ( I do not advise shared hosting ), make sure it isn't located in the US/UK & Germany and your all good. The best countries are probably: China, Taiwan, Iran, Ukraine, Singapore. Russia is "ok", they also have some strict laws, I do not understand why most users think that russian providers have immunity, that is not true. If your on a budget you could always hack a box, and host it there. But blame yourself once you get yourself removed, and all your database will be deleted, including your bots. Some users go advanced, if your hosting a large botnet and stealing details there is so called "BulletProof Hosting" which ignores all reports abuse, including DMCA, spamhaus, etc. You want a bulletproof host ? Well tough luck, shared hosting goes for more than a 100 bucks, and servers end at 800$. Really expensive, so your best call is to simply get an offshore location.
Topic 5 - Known DDoS Bots ?
I have stated a bit of information in another thread, I know most of you want a DDoS bot simply because with a press of a button you can cause massive chaos, and its possible. One of the strongest DDoS bot is Dirt Jumer, which is created specifically created to attack websites, methods such as: HTTP GET ( Sends GET requests ) - harder to block, HTTP POST, Synchronous Flood, Download Flood and an Anti-DDoS flood. The best thing I like about most bots these days is that they have random user agents, and change http headers and pretend to be legitimate traffic, that is really smart from the coders side, but they are usually really unstable, you would rather have a "loader" which is a type of bot which is really stable, you usually hold bots and it can act as a backbone for the DDoS bot, so you would 2 benefits, stability and power.
Topic 6 - How do cyber criminals get away with them ?
There are several methods, such as bulletproof hosting, which I already stated, and a common but interesting method which large botnets use it FastFlux, most of you do not know what that is and I suggest you to read. Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies. It can also refer to the combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection used to make malware networks more resistant to discovery and counter-measures. The Storm Worm is one of the recent malware variants to make use of this technique.
The basic idea behind Fast flux is to have numerous IP addresses associated with a single fully qualified domain name, where the IP addresses are swapped in and out with extremely high frequency, through changing DNS records.
- Credits to wikipedia.
Obviously you wouldn't have that if your starting off, so what I would suggest to do, is simply get a cheap VPS, with 128mb of ram and setup a reverse proxy, that will work for you. These are probably the only methods I know at the moment.
Topic 7 - How do people get so many "bots/installs" ?
This is interesting, many of you have wondered how people get so many bots and sell them, thousands ! That's right, thousands. They either have some next "ub3r" spreading skills, which they don't or they buy an exploit kit. What is an exploit kit ? It's a type of crime ware which scans the computer for un-patched exploits, you could say its a Silent Driveby, but only say 10% will download the file, so that's why they get bulk traffic (real visitors) and send it to their exploit link, then some percentage % of the traffic gets generated into installs. Usually people get low quality countries such as: Pakistan, Indonesia, Egypt since they don't know what an anti-virus is and they have pirated version of windows. Your probably interested, but the cheapest packs go for 600$ monthly, but its a wise investment, of course if you know what your doing.
Most common exploit kit:
[To see links please register here]
List of exploit kits:
[To see links please register here]
Topic 8 - Types of botnets ?
DDoS Bots - To initiate DDoS attacks on servers.
Banking Bots - Identity theft. ( Don't want to go into detail )
Spam Bots - To send out spam.
Socks Bots - To create socks4/socks5 proxies.
BitCoin Bots - To generate a virtual currency called " BTC ".
Loaders - To hold bots in a stable environment.
Topic 9 -What are honeypots ?
What is a honeypot, if you consider getting into botnets you should know. If you catch a honeypot, it would probably be some experienced user who wants to trace your botnet, or another hacker who want's to get into your botnet and steal some bots or a pig. Once you catch a honeypot, your bot will be analyzed and it will be traced. The incoming packets will be sniffed and your panel could be easily compromised within seconds. That's about it for you to know, there's not much you can say and do about it. .
A really useful resource:
[To see links please register here]
I suggest everyone to visit, and you would understand how it works.
Topic 10 - Anonymous scanning ?
Some of you simply scan with novirusthanks, or virustotal. That is probably the most wrong thing to do in your journey, never ever scan with them unless you want your files detected. I would strongly recommend anonymous scanning servers, those who don't distribute your file to the AV companies, so once its scanned it won't be analyzed by anyone. I recommend the following services:
[To see links please register here]
[To see links please register here]
Those are the 2 I know, and I can assure that you will receive quality scanning services with them.Topic 11 - Crypting my bin, making it undetectable ?
This is important, most bins will be detected by most anti-viruses, and we do not want that, since there will be a lower % of executions from the installs we either purchase or spread. I strongly recommend crypters coded in native languages, since the stubs are usually smaller and the execution rate will be higher, however if your looking for long-lasting stubs you would rather go with a Visual Basic stubs, since it doesn't look that suspicious. I recommend: Father Crypter, Root Crypt. I haven't seen decent crypters here, but I heard some good feedback about: cloudcrypter.net. Remember to run an update on your bots on a regular basis, so you won't loose any machines.
1.Useful Videos:
- Botnets Part 1
[To see links please register here]
- Botnets Part 2[To see links please register here]
- Botnets Part 3[To see links please register here]
- Rootkits
