Digital Zombies 💀
THE BOTNET ARMY
Zombies are peculiarly scary because we think that we could be turned into one, and zombies are tragic figures because we recognize the innocent people that these monsters once were.
Today’s Black Hat Hacker community believes in Unity. One for all, all for one. When there is team work and collaboration, wonderful things can be achieved. This is where comes the concept of BOTNETS or ZOMBIES. Hacking is a tedious task as it involves long and sleepless nights staring at the screen as well as a much longer processing.
So, if a hacker is aiming for large scale targets he/she can do it after they are DEAD or they become ZOMBIES.
To collect a large amount of data (from all around the world), crack a password with a number of characters more than humans have fingers, take down a company server etc a hacker needs a lot of distributed storage, computation power and distribution of responsibities which they can’t get from one single Computer, for that they created BOTNETS. But, what is BOTNET ?
Botnet (Zombie Army) refers to a pool of compromised computers that are under the command of a single hacker, or a group of hackers.
BOT is a compromised end-host, or a computer, which is a member of a botnet. It also refers to a malicious executable that compromises, controls and recruits computer hosts into a botnet.
BOT is coined from ROBOT (as humans can make ROBOTS do what they desire, so can hackers with their BOTS ).
The controller of botnet is BOTMASTER (Oh! it’s another name for hacker).
Zombies At Work (Life-Cycle)
Zombies don’t work on their own. As mentioned they have their commanding officer ( BOTMASTER ) dictating everything. Botmaster performs the following steps to create the Zombies and then perform Malicious Activity —
Step 1— Injecting Payload or BotBinary
Command and Control Server (We will know why it’s not a step)
Step 2— Rallying Mechanism
Step 3— Communication
Step 1: Injecting Payload. So the payload (a carrier such as an E-mail, a pendrive etc) is injected on the victims computer. This payload is termed as BOTBINARY. The BOTBINARY (a malicious software) has a very special feature i.e. it’s an executable which once downloaded or injected will automatically run without human intervention (kind of an active attack).
Now they become Zombies but a dumb Zombie. 🤔 (Why?)
The exploitation of victim computer can be due to any one of the following reasons:
- Unpatched vulnerabilities.
- Backdoors left by trojans
- Password guessing and brute force attacks.
Command and Control Server. C&C server is used to set communication with systems which are being infected by malwares. C&C servers are controlled by Botmasters (aka Cybercriminals) who own those malwares (and after infected by the malware the computers too). Botmaster makes use of these C&C servers as a communication channel to be able to command their botnets to do malicious activity. Botnets on the other hand use the C&C Server to communicate periodically with the botmaster to deliver them with the required data which they were meant to perform.
There are different architectures of C&C Servers —
(This is not a seperate step because at any point of time master has to set it up to communicate with their slaves) 🥶
Step 2 : Rallying Mechanism. Once the botbinary is executed on the victims machine they become zombies or drones (yes! one more name). Well they are dumb right now because they don’t know their master. Here comes the need of Rallying Mechanism a way through which Zombies can know about their BOTMASTER (to whom they have to answer).
This can be done in the following ways —
Step 3 : Communication. As with many other software tools that rely on the network for communication, bots are no different in that regard, they communicate with each other and their botmasters following certain well- defined network protocols. Most popular once are —
Now it’s time to :
