Thread: botnet communication

hi :]

i would like to ask a question about botnet.. what is the best way to make boots communicate/get commands instead of irc?

sorry for my english, it's late now an i can't concentrate..

what i mean is that i want to keep a botnet alive as much long as it is possible. as all of us know, the investigation teams usually detect the place where bots concentrate/meet for listening the commands and then block/kill the place (irc network/web page).. i was wondering if it is possible to creat something unstoppable, for example the botnet, where bot communicate to each other in order to decide what to do, where to concentrate/meet if the main "meeting place" is disconcted/unresolveable...

again sorry for english.. i can correct places which makes you feel confused..

i hope you uderstood what i am asking...

sweet dreams

Make your own webpage with a file on it.
Let the bots download the file and in the file is the irc server to connect to
I did something like this a few years ago, but can't find the source anymore, sorry.

heh.. i want something dinamic. as i have already mentioned earlier, the static irc server can be easily cought by snifing botnet's activity, i mean smart people can find out where are bots conncting to and kill the place. i need something dinamic.. for example it would be very good if one of the bot's could "say" to others:"hey, i am today the irc server. come to me!" and then send an email or some other notification with message dealing the contacting server address.. maybe it is too dificult to understand what i want... ;/

"Make your own webpage with a file on it." lol.

as soon as ur website is found, it will be shut down, better yet. you'll be traced.
bad method, if a viri/trojan goes big that site is down in seconds.

u could rely on a sh1tload of methods really, one being writing a socket that connects to a mail server and reads a mail with settings or w/e

its way more evasive, irc is a very nice choice since its such a well used utility to community, u have no probs finding a irc server. u might have probs with bandwidth limits if u use a crap site as ur gateway, simply write a email client and gain settings like that, read latest mail for settings and ur set.

"Make your own webpage with a file on it." lol.

as soon as ur website is found, it will be shut down, better yet. you'll be traced.
bad method, if a viri/trojan goes big that site is down in seconds.

Anyone thought of a no-ip account?
Just a suggestion

DynDNS: DNS Hosting, Email Delivery and Other Services

hmmm, got anymore??lol

Originally Posted by drizzle

Anyone thought of a no-ip account?
Just a suggestion

no-ip accounts will get shut down just as easily as any website, if the app goes "wild" and a fall into the hands of a analyst then your hardcoded addresses can just be closed to prevent the app from working.

hide in DNS requests etc, way more evasive.

you could always try p2p technology, i mean, making a p2p network takes alot of time and effort, but the pros are that, it will be impossible for anyone to shut one down because there is never one IP address to shutdown, no one bot on the network knows all the IPs in your network so if one is captured it could only hand over a select amount that is infected

why write a p2p network when there's already so many opensource p2p clients? just take their protocol and send customized packets to YOUR p2p client which has a hook on send/recv, that way u can use the p2p client as ur rat client.

sorta wierd though, ltt dont want anything besides RAT's on the site, dont even want ppl to call em troj's, i find it hard seeing him allow botnet discussions...