Tuesday, March 18, 2014

Distributing a bot. The "hackers" and the hackers.

It is known that a computer can be infected with malicious software and become a bot/zombie [1]. Bot means robot. And robots - most of them - listen to their inventors. When your computer becomes a bot, it performs tasks around the Internet without you having any clue. A network of bots is called botnet. Hackers use a botnet to spread a virus, perform web attacks that need more computer power, spy computers, send spam emails etc. Here is a list with the Top Banking Botnets of 2013.


 Treat this article as a source of knowledge and entertainment and not as a "how to" tutorial.
                           
Here are some methods a hacker would follow so as to distribute his bot successfully:

  • I) Distributing on LAN networks.


As soon as the attacker is inside the network everything is simpler. As Kevin Mitnick mentions on his book The Art Of Intrusion, when a hacker breaks into a network, it's really hard to kick him out. The most common scenario is the one that the attacker performs an Arp Poisoning attack [2] and afterwards force you to download his malicious file. Pretty easy. A couple of tools ( e.g: SET, Ettercap, Arpspoof ) and the job is done. Physical access ( e.g: School Networks, Offices), is still an option that would infect about 10-30 computers. I remember, watching a hacking documentary where some guys burned their bot into a CD and left it outside a building. It worked. A careless employee inserted the CD in his office computer!
  

  • II) Distributing with torrents.
Attackers, sometimes deceive the Internet users by exploiting their needs. Most users prefer downloading their products rather than paying for them. Piratebay and Kickass Torrents are sometimes their first choices. So, the scenario is that a hacker downloads a well-known software, (e.g: Photoshop Pro, Microsoft Office, Avast Pro ) from a X BitTorrent tracker and replaces the key generator program with his malicious file, his bot. After all, he uploads the edited torrent on a popular BitTorrent tracker and just waits for the downloads. The botnet will be surely increased, as there a lot of people who will turn their firewall off if you say so, and continue their "program" installation.


  • III) Distributing on Youtube. 
Youtube has been always a target for hackers who want to distribute their malicious files. This happens, because a large amount of people search for key generators,  hacking tools (Facebook, Gmail and Google hacking tools), or simple download links for a Pro version of their favorite tool. Curiosity combined with anger sometimes, - especially when their girlfriend cheated on them - brings inattention. They will download WHATEVER you give them, disable firewalls and AVs or even pay for a tool, if you just promise them that your tool does the job. By making a simple video of 30 seconds users can be tricked and download your "hacking tool". This methods will bring some bots in your network, especially if you ask for some "Likes" on your video.


  • IV) Distributing on Social Networks.   
Here is the funniest scenario. It is funny - and ironic at the same time -,  because these companies (Facebook, Twitter, Google+) spend large amount of money and time to protect their networks and websites, but they can not get rid of the silliness of some users who accept files for some reason or other. A common scenario is this that the hacker uploads his file on a public file sharing host ( Mediafire, Megafileupload ) and then forces the user download it by creating a catchy story. 

It is NOT over. 

Are you still reading? Please make sure you understood the methods above. If you did, it means that you are now able to recognize lamers and n00bs, because that wasn't hacking. It was "hacking". Hacking is for clever people. You are not clever when you distribute a bot manually. You will be probably arrested, bored or even if it works, you will not have the expected results. If the expected result was 200 bots inside you botnet then, again, you are not a hacker. Because hackers do their best for the best result. Coding is the mother of Hacking. A well-written bot, is a bot that enlarges the botnet automatically, for example, by hijacking facebook accounts, posting comments on youtube with malicious links, sending mails, etc.

Writing about hackers, does not make me a hacker. I have only a little knowledge of coding and I am totally unable to right my own automatically spreading bot. I wrote this article to express my opinion of how the distribution should be. As I said, running a couple of tools, and doing things manually is not worth the time. Coding is the proper way.

SPECIAL THANKS TO: 

 Petros really helped me with this article. He shared with me his ideas and later, I shared them with you via this post. A lot of the lines above had been changed during the article creation a lot of times, because of his proper influence on me.


THE EXTRAS

[1]. Internet bot
 A nice tool to detect changes of IP/MAC pairings is Arpwatch.