Author Topic: Question about botnets  (Read 4865 times)

Offline Nod

  • Quando omni flunkus moritati
  • Elite Cactus Squad
  • Ninja Phone Loser
  • *****
  • Posts: 3725
  • 1337 13V3L: +210/-138
  • 212-389-1318
    • twitter: @mrnudnik
Question about botnets
« on: December 10, 2008, 09:55:49 PM »
I got a wild hair the other day and decided to do some research on botnots. One of the unifying themes that I found in almost every article was that whitehat hackers loathe botnets and that this is especially true of the storm botnet. My question is this. Why don't these hackers either get copies of these viruses and rewrite them to either turn on each other or the master? Or even write a virus who's only purpose is to propagate and find/destroy the other virus. Maybe I'm dumb, maybe someone's already tried it and it didn't work. I don't know. It's just a thought I had. Would it work if someone were smart enough to implement it?
I HATE the bridge.
Meme Roth is a Food Nazi Cunt

Offline ApprenticePhreak

  • PLA Junkie
  • *****
  • Posts: 825
  • 1337 13V3L: +48/-12
Re: Question about botnets
« Reply #1 on: December 11, 2008, 10:07:50 AM »
I rather like the idea of implimenting a counter bot to be released into a system with infected bad bots. Like a mini-infectious anti-virus that hopped around through illegally downloaded music that searches for other bots.

More or less it fixes botA from your illegally downloaded MetallicA and the next time someone downloads your Master of Puppets they get the cure. Or something.

Offline Nod

  • Quando omni flunkus moritati
  • Elite Cactus Squad
  • Ninja Phone Loser
  • *****
  • Posts: 3725
  • 1337 13V3L: +210/-138
  • 212-389-1318
    • twitter: @mrnudnik
Re: Question about botnets
« Reply #2 on: December 11, 2008, 01:46:32 PM »
EXACTLY! Like an infectious immunization.
I HATE the bridge.
Meme Roth is a Food Nazi Cunt

Offline Zazen

  • Cactus Zombie
  • *****
  • Posts: 380
  • 1337 13V3L: +34/-14
Re: Question about botnets
« Reply #3 on: December 11, 2008, 02:37:25 PM »
I thought of this a long time ago and I'll tell you why I think it's never going to happen on a useful scale.

Propagating a "useful" worm, virus, whatever you call it, is illegal (like how breaking into a system to patch it is illegal). So this makes the idea limited to individuals or small informal groups who are willing to accept that risk. From that point those small organizations will be vastly outgunned by the incredible variety of malware that they attempt to combat. They might be able to make something that combats only a certain bot strain, say storm or rockphish, but they'd have to have the same resources as the authors of those bots in order to have it spread around with the same effectiveness and deploy updates quickly without being traced. And they'd be working without pay, unlike the authors of those bots.

I read an article in SC a few months ago about some engineers at a security firm that cracked some big botnet (i.e. they could issue commands). They were talking about how easy it'd be to just issue a self-cleaning command so the bots would delete themselves. But they didn't, because they realized that it was illegal and they would be liable if that command had any unintended effects. They did nothing.

Offline m0rdekai

  • IBA IBA IBA
  • PLA Corporate Drone
  • *****
  • Posts: 410
  • 1337 13V3L: +31/-28
Re: Question about botnets
« Reply #4 on: December 11, 2008, 07:35:21 PM »
I've wondered about writing a viral anti-virus before.  Why shouldnt we?  In my opinion, its more likely that the authorities would turn a blind eye to this, especially if it was effective.  The only thing thats kept me from trying to mutate some code into a cleaner has been this:  If I write a viral anti-virus based off of someone elses code, or even completly original code, how hard would it be for someone to take said code and recode it to be viral.  Another scenario would be if someone wrote an anti-anti-virus.  It would find out that you have files infected with the anti-virus, and just mutate that code to be malicious.  I think the only way this would be a worthwhile undertaking, would be if we could release at least 50 different anti-viruses at once.  Otherwise, it would be a matter of sheer numbers.  That or we code a virus with AI.  Ah, but now I wax into movie plots...

Careful Nod.  He's just a very clever spambot. 

Your moms a spambot.

Offline ErrorLoading

  • Local Operator
  • *****
  • Posts: 128
  • 1337 13V3L: +15/-4
    • ErrorLoading.Net
Re: Question about botnets
« Reply #5 on: December 11, 2008, 07:43:25 PM »
The trouble is the people who prosecute these things do not understand them.  They'd never turn a blind eye to it.  They hear the word virus and you'd be done.

Besides, there is so much variation in malware that you'd never be able to successfully write something.  By the time someone got infected, it'd be outdated by a couple versions from the real infection.

I know these things as I have spent years removing this shit from PC's.  It has slowly evolved from running a simple file scan and/or removing an entry from startup to cleaning out rootkits and manually removing registry keys and replacing protected system files to clean the shit out.

"If I have enough then you may not have one."

Offline Tachyon

  • Minister of Defence
  • OMG Mod
  • Ninja Phone Loser
  • *****
  • Posts: 1875
  • 1337 13V3L: +125/-62
Re: Question about botnets
« Reply #6 on: December 11, 2008, 07:46:54 PM »
I think the answer is a bit more pragmatic than that. Consider how easy it is to make a computer fuck up, pretty much anything unexpected will crash one if you do it properly. Aren't viruses mostly written by dumbass script kiddies who wouldn't know a Hopfield network from a Boltzmann machine anyway? It seems like it would be a lot more complicated to code an intelligent agent to destroy viruses than to OMG PWN somebody's hard drive, and not something that the average virus coder would be into anyway.
Do you speak two languages?

"Detective Don Gombo: IM AFRAID THE ONLY ONE "F" IS "U" MY FRIEND. WELCOME TO THE CRIMINAL JUSTICE WEB!"

Offline Godot

  • Go away, PLA!
  • PLA Corporate Drone
  • *****
  • Posts: 427
  • 1337 13V3L: +34/-7
    • Godot's Website
Re: Question about botnets
« Reply #7 on: December 11, 2008, 07:53:09 PM »
Aren't viruses mostly written by dumbass script kiddies who wouldn't know a Hopfield network from a Boltzmann machine anyway?

Yes, I am sure most virus writers don't know their neural networks. If they did, we'd be in deep shit when those viruses become self-aware. You thought they were bad before, just wait until they all team up and enslave humanity.
"I bought a cactus and it died a week later... I was really depressed, I thought, 'Damn, I am less nurturing than a desert.'" -Demetri Martin

Offline m0rdekai

  • IBA IBA IBA
  • PLA Corporate Drone
  • *****
  • Posts: 410
  • 1337 13V3L: +31/-28
Re: Question about botnets
« Reply #8 on: December 11, 2008, 08:13:15 PM »
<snip>Besides, there is so much variation in malware that you'd never be able to successfully write something.  By the time someone got infected, it'd be outdated by a couple versions from the real infection.</snip>

Thats why i proposed an AI virus.  However, the implications of someone getting the sourcecode of such a program are pretty bad.  As godot so eloquently put it:

Yes, I am sure most virus writers don't know their neural networks. If they did, we'd be in deep shit when those viruses become self-aware. You thought they were bad before, just wait until they all team up and enslave humanity.

THREAD HIJACK: Why has an Artificial Intelligence virus not shown up on the scene?  It seems like this would be a lucrative thing to code.  Have I missed it and a virus HAS been released, or am I ignorant of the employment of such technology?  Enlighten me.

Careful Nod.  He's just a very clever spambot. 

Your moms a spambot.

Offline Nod

  • Quando omni flunkus moritati
  • Elite Cactus Squad
  • Ninja Phone Loser
  • *****
  • Posts: 3725
  • 1337 13V3L: +210/-138
  • 212-389-1318
    • twitter: @mrnudnik
Re: Question about botnets
« Reply #9 on: December 11, 2008, 09:34:18 PM »
Where's Trev's answer? I would think he wouldn't be able to resist a thread like this. It's like crack for crack fiends to him.
I HATE the bridge.
Meme Roth is a Food Nazi Cunt

Offline mr_doc

  • Supergluer of coins
  • PLA Junkie
  • *****
  • Posts: 801
  • 1337 13V3L: +71/-24
    • PLA LotGD
Re: Question about botnets
« Reply #10 on: December 17, 2008, 05:19:23 PM »
The people who have the potential to implement this idea are for the most part not using windows and are therefore unaffected and have no incentive to do so
PLAlotgd  -If you play, I will hate you a little less.
Unnamed Forums

Offline ApprenticePhreak

  • PLA Junkie
  • *****
  • Posts: 825
  • 1337 13V3L: +48/-12
Re: Question about botnets
« Reply #11 on: December 27, 2008, 09:02:25 PM »
Where's Trev's answer? I would think he wouldn't be able to resist a thread like this. It's like crack for crack fiends to him.

*waits for the same thing*

Offline tully

  • Junior Phone Loser
  • **
  • Posts: 39
  • 1337 13V3L: +12/-6
Re: Question about botnets
« Reply #12 on: December 29, 2008, 10:59:40 AM »
ahhh botnets, they are actually quite hard to manage unless you know how to fight av's. The storm bot is so effective because the owners of it constantly updated it and kept it undetected by anti virus software. Last i heard was that the storm bot was up to around 1 million bots or so and thats enough to take small countries offline, although it would be hard to do that unless you hit the isp's individually. But there are many types of botnets, win32, *nix, rfi nets, etc. You could in theory create a good bot that will remove the storm or other but you have to know how it starts, if they have a backup file on your system to re-download it if deleted, where it is in the registry etc. For win32 and *nix bots you can remove them with a "good" bot, but for rfi nets those run in php so you will have to first close the rfi vuln, then restart your php service, which can be a hastle because finding the rfi vuln in big sites takes time, and you first have to know that there is malicious code running which can be even harder to detect.

Offline SpaceBison

  • Boldly Going Where No Buffalo Has Gone Before
  • PLA South American Ambassador
  • *****
  • Posts: 504
  • 1337 13V3L: +35/-24
  • Boldly Going Where No Buffalo Has Gone Before
    • Space Bison: Boldly Going Where No Buffalo Has Gone Before
Re: Question about botnets
« Reply #13 on: January 03, 2009, 10:25:58 AM »
Why don't these hackers either get copies of these viruses and rewrite them to either turn on each other or the master? Or even write a virus who's only purpose is to propagate and find/destroy the other virus. Maybe I'm dumb, maybe someone's already tried it and it didn't work. I don't know. It's just a thought I had. Would it work if someone were smart enough to implement it?
It's been done.
http://en.wikipedia.org/wiki/Welchia
If I remember correctly, it crashed a Navy network because of all the traffic it created trying to download the patches.
« Last Edit: January 03, 2009, 10:30:17 AM by SpaceBison »

Don't like my signature? Click on it to make a new one!

Offline Tachyon

  • Minister of Defence
  • OMG Mod
  • Ninja Phone Loser
  • *****
  • Posts: 1875
  • 1337 13V3L: +125/-62
Re: Question about botnets
« Reply #14 on: January 17, 2009, 07:03:24 PM »
Do you speak two languages?

"Detective Don Gombo: IM AFRAID THE ONLY ONE "F" IS "U" MY FRIEND. WELCOME TO THE CRIMINAL JUSTICE WEB!"