Monday, February 14, 2011

What are BotNets???


This article i got n explain botnets, give an example of usage, and provide some good examples.



[What]

A botnet is a group of computers or servers all compromised with the same backdoor. 
The interesting thing about botnets is that these backdoors often have the ability to interact with other members of the botnet, and can also be controlled by the botnets owner..

This can result in a single command, e.g. DDoS Microsoft.com, to flow down a chain of command in an instant, telling each member of the botnet to follow it.

They also often leave backdoors accessible to the botnet user, and some even have built-in protocols for updating themselves. 



There are multiple chains of command that have been used in botnets, and these are:

P2P botnets, using these a command can be sent by the hacker to a single member of the botnet, and this single botnet will pass the command on to a handful of other members, which will carry on the chain and so on and so forth. the advantages of this are you cannot stop the botnet by taking out one member, but you would have to block the botnet completely. The problem is it is easy for individual bots to become separated from the rest of the net, usually resulting in being fixed.

Heirarchial botnets, which have different members assigned “ranks” in the command chain and are given specific bots to manage. Using this, the hacker might send a command to 4 different bots, which each pass the message on to 100, which each pass it on to 100. The problem with these is that the botnet can be shut down by removing the hack from one of the higher-up bots. The good thing about these is they can be very easily automated, and can pass reports of the computers up the chain as well as pass exploit upgrades down.
and single server bots, which all take their commands from one computer, these are very easy to make but are near enough useless.




[Propagation]
Botnets can be propagated by the hacker themselves, eg whenever they root a server or trojan a computer they add their program in too, run it and that computer becomes a bot. Another way is by mimicing worms and spreading through emails, p2p or instant messaging. Be imaginative, there are many ways of propagating that havent been tried yet.

[usage]
I will give an example of how a p2p botnet would be structured.
The bots propagation method is by exploiting a flaw in the security system of linux, and uses it to get root access.
The bot has a p2p structure, and can pass patches down the chain as well as commands.
The bot is automated by adding any computers it hacks to its own list of child bots(ones under its own command), and runs a check similar to ping to test if the net is up on the child before sending commands/patches.




[Famous Examples]


the storm worm:

This is an email-spread worm that takes over windows machines and injects a driver into the windows kernel to keep root. It currently has control of between 1- and 10- million windows machines around the world. It is extremely flexible, and has avoided gaining a signature for a massive amount of time.

There are many of examples on wikipedia of these, and google yields some interesting results.

No comments:

Post a Comment