Vistas for Network Security
Network Security
Computer Security Breach
Network Security and OS
Linux Network Security
Home Network Security
Wireless Network Security
Enterprise security
Spy BOT
Advantages of Honey Pots
Unified threat management
Information Security Policy
Denial of service
Effective solutions
Vulnerability Assessment
Intrusion Prevention
Firewall and Security
Network Security Solutions
Hacking Port Scanners
Tools and standards
Network tools
Security Standard by IETF
Network Security Websites
Business Network policy
Free Newsletter

Stay updated, sign up for our free newsletter to receive useful tips

Full Name
Email Id
sign up

Types of Botnets

  • Agobot/Phatbot/Forbot/XtremBot written in C++ by Ago alias Wonk (arrested in May2004). It used libpcap, PCRE for sniffing and sorting traffic. It can use NTFS alternate data stream and has root kit mal ware capabilities. It does not use IRC for control protocol and is extremely difficult to detect using debugger since it has functions that detects debuggers.
  • SDBot/RBot/UrBot/UrXBot/... is written in C and has many variants. It has similar features to the Agobot.
  • mIRC-based Bots are many and it is difficult to list all of them. Weakness on remote computers are exploited and mIRC scripts are executed which accesses scanners in the dynamic link library (dll)
  • The Dataspy Network X (DSNX) bot is written in C++. Its features can easily be extended. Plug-ins that are malicious are for DDoS attacks, port scan-interface or hidden server.
  • Q8bot is written in C for UNIX/ Linux systems. All common features of bots exist like DDoS, remote and arbitrary commands etc…
  • Kaiten is also for Unix/Linux systems and offers an easy remote shell. Privileged access can be gained via IRC.
  • Perl-based bots are mostly used for DDoS attacks and are mainly used on Unix based systems
How are botnets used?
Most common usage of bots is a covert installation on people’s computers. This then serves as a remote attack tool. Bots can lurk in the background of a conversation channel and comment on certain phrases uttered by participants. It can be used to
  • Launch DDoS
  • Commit click fraud
  • Fraud in online gaming
  • Forwarding spam and spamming
  • Invade into privacy of conversations by sniffing traffic
  • Spy for information like password and user names and mass identity theft
  • Spread worms, viruses and Trojans
  • Install browser helper objects and add on advertisements
  • Manipulate online polls
A bot runs hidden and is according to RFC1459 (IRC) standard. The malicious bots used exploits, buffer overflows and other means to compromise systems. IRC owners have taken steps to block out previous botnet servers and many have been removed from the internet.
How to track botnets?
Honey net is a means to lure bots and observe people running botnets. The various aspects that are observed are
  • The hacking and scanning tools used
  • Common attack techniques which include the mal ware that is dropped of onto PC once the attacker has gone past the firewall or port.
  • Individuals involved can be traced and the size of the botnet is slowly gained.
The process initiated by German honey net project is time consuming but has resulted in some information on spy bots. It is only a matter of time and large scale effort by the internet community to root out the bad that can bring safety to internet users.

Related Articles
Catch Hackers Lure Them to Your Honey pot
Better Security with Unified Threat Management Appliances
How to Prepare a Proper Enterprise Network Security Plan?
Are you Denied Access to Any Website or Internet?

Bookmark this page Email this to your friend Add this page to del.icio.us




White Papers

Linux System Administration
Linux Programming
Spectrum of Internet Threats

Suggest an Article

Haven´t found the article you are looking for, please suggest your article. We value all your suggestions and comments.