12:49 Office of the botnet via Twitter | |
Habre was already a lot of topics on the technical aspects of the botnet. As is known, consists of a standard botnet of compromised computers (zombies), and managing servers (C & C). Communication between them is supported on a variety of protocols: from the IRC to P2P and HTTP. However, in recent hacker conference Defcon was demonstrated by another interesting way to control the botnet - via Twitter. The concept is simple to genius. Create an account on Twitter (new accounts can be created continuously by a given algorithm in order to avoid blocking) and tvitterbot, which is signed by him and takes all the tweets as commands to execute. For example, tweet "cmd: look at 1.2.3.4" can launch DDoS-attack on the address 1.2.3.4. To Defcon'e was demonstrated in action tvitterbot KreiosC2, which really can be used to control the botnet. Among the supported Fitch - dynamic change of control language (to avoid filtering on Twitter), sending teams in the encoded (base64) and / or encrypted. This is a great option, because running attack can now be easily and conveniently right from your mobile phone and access to the twitter service providers will never be blocked, such as access to the management server of another type. And the hosting provider will not close. A couple of days ago on twitter found and blocked the first account, which is de facto used to control the botnet. More is coming. Source KreiosC2 program can be downloaded here. Below is a demo video from the conference Defcon. | |
|
Total comments: 0 | |