How To Build A Botnet
Opening his browser, Mullis searched for a botnet builder tool for malware known as Ice IX. Google’s top response to his particular query—which I’m not going to reveal here—yielded a site that offered the tool for free. Ice IX is a nasty little piece of malware that injects a fake Facebook page into a victim’s browser that collects credit card information under false pretenses.
Any malware, though, would have done just as well. Using methods and tools that can be found online in minutes, a botnet creator can create a central command and control server and then use social engineering to inject malware onto the victim’s computer—by, say, emailing an innocuous looking but disguised file, or tricking a user into downloading the file from a compromised website.
After downloading and installing the Ice IX kit software, Mullis started up its bot builder kit and began to set up the parameters for the malware—specifying, for instance, how often the malware would communicate with the command server, what actions it would undertake and even how it would hide from anti-virus scans. Much of this work was simply a matter of filling in appropriate fields in the Ice IX builder kit’s straightforward Windows interface.
Some of the rest required editing the Ice IX kit’s powerful setup.txt script. Individual command lines in that script might direct the malware to take screenshots of pages that were visited by the zombie machine’s browser on a certain domain, such as a bank web site. Or have the malware tell the zombie machine’s browser to block sites (such as anti-virus updating sites) altogether. It can also redirect legitimate site URLs to malevolent sites intended to collect critical information—credit card numbers, Social Security numbers, passwords. You name it.
Once he’d set the malware’s specifications, including the location of its controlling command server, Mullis uploaded Ice IX-produced files to his LAMP server. And presto—he had a fully configured botnet command server.
|