In comp.os.linux.advocacy, nessuno@xxxxxxxxxxxxxxxxxxx
<nessuno@xxxxxxxxxxxxxxxxxxx>
wrote
on Tue, 20 Nov 2007 14:23:59 -0800 (PST)
<48bbf37b-4a5a-4e15-a251-7836ef085641@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>:
> <Quote>
> 11,000 PCs already infected...A new Trojan horse that started to
> spread early Sunday via Microsoft's instant messaging client has
> already infected about 11,000 PCs, a security company said Monday....
>
> "We still haven't found what it's meant to do, but at the moment, it's
> creating an army [of bots]," he said. "Eventually, of course, the
> operator will send commands to do something."...
>
> "This is really growing rapidly," said Lichtman. Six hours after it
> first found the Trojan horse, Aladdin put the total number of
> assembled bots at about 500; three hours later, that had climbed to
> several thousand. By 12:30 p.m. EST Monday, the botnet had been built
> out to 11,000 machines.
> </Quote>
>
>
> http://www.computerworld.com.au/index.php/id;959081077;fp;4194304;fpid;1
Were I an evil blackhatted botmaker, I'd want a very
general command set, which would among other things allow
for the following.
(If you're a real blackhat, Mister Reader, stop reading now. :-P :-) )
�
Capabilities in the botnet that I'd want:
[1] Targeting any machine in the world for a DDoS attack.
- to specified port
- to random port within a specified range of ports
- various protocols: floodping, UDPs with random garbage,
HTTP POSTs with random data, IM flooding, etc. (Anyone
else remember IRC spanning tree netsplits?)
[2] Torrent or other such participation, to provide
additional bandwidth in the trafficking of illegal
copyrighted materials. Want a Prince song? Some good
old-fashioned pr0n? An expose on how to make an
interstellar flying saucer with a fully functional
nuclear attack ray gun from a broken toaster, a car
tire, a light bulb, some sheet metal, and a pogo stick?
Come on by! We've got them all...of varying quality.
Just contact goons.evilh4x0rs-r-us.com ... erm, I mean,
www.someveryniceguys.com with your credit card number
or PayPal account and we'll send you the goods from
thousands of bots. Oh, and we'll keep your credit
card on file. Don't worry. You can trust us.
[3] Downloading a list of email addresses from a central server.
[4] Downloading a list of ads from a central server,
and then sending them to the email list. After all,
we have to generate traffic for #2.
[5] Uploading a list of email addresses to the central
server for later ad sending. This list would be
generated from the downloaded list, rifled contact
lists, and other such sources; the system could also
indicate which of the addresses are known to be
valid, increasing the master list's resale value.
[6] Keylogging to attempt capture of accounts and passwords.
These would also be uploaded.
[7] Arbitrary shell command execution, if I can get it.
(There's issues regarding NAT firewalls that make life
interesting. Best I can do is poll the central server,
or connect thereto and hold the connection open,
awaiting instructions.)
[8] Any other evil random crap that I for one can come up with;
it just takes a bit of imagination. :-)
Presumably, such a nasty little worm would have the address
of its daddy somewhere within it (let's assume they don't
make it that obvious), and the code to do all of the above
on demand...but that's about it.
And of course it would survive reboots and eradication attempts.
(Fortunately, I don't wear black hats. I don't even have one.)
--
#191, ewill3@xxxxxxxxxxxxx
Useless C/C++ Programming Idea #2239120:
void f(char *p) {char *q = p; strcpy(p,q); }
--
Posted via a free Usenet account from http://www.teranews.com
|
|
