Botnets Explained

Q: What's a bot?
A: A bot is a malicious program which has several purposes.
They are usually told what to do by a botnet admin although many of the features now are automated.

Q: What's a botnet?
A: A botnet is a network of infected computers that all connect to one area where they are commanded by the botnet admin.

Q: What can a bot do?
A: Usual features of a bot include...

* P2P Spreading (Limewire, uTorrent, etc.)
* IM Spreading (Sends to contacts on MSN, AIM, etc.)
* DDoS attacking (See "what's a DDoS attack?")
* Spam mailing to lists of emails (Often used to spread)
* Collecting personal information (Passwords, bank details and the like)


Q: How are bots told what to do?
A: Bots are usually commanded through an IRC channel by the user. Commands are built in and the bots listen for them.

Q: What's an IRC channel?
A: IRC stands for Internet Relay Chat. It's like a group messaging thing although you can also speak to people privately. To use IRC you need a client like ChatZilla, XChat or mIRC. You then connect to an IRC server and choose the channel you wish to join.

Q: How do I get a botnet?
A: First you will need a source code and the programs required to compile it. Most bots are programmed in C++, but you don't need any programming experience to compile your own. There is usually one file named "Configs.h" or something similar that you have to edit, that's where you edit the bot names, the IRC channel and any other necessary information. Look for bot sources in the botnet section here and they'll usually come with some form of instructions.

Q: Which bot should I use?
A: I recommend IMBot v4.1, it's pretty simple to compile and use, I'm sure there are tutorials here for it as well.
You can download IMBot here. (Clean download, it's mine).

Q: Is this illegal?
A: Yes. Mass-spreading a bot illegally and stealing information can get you into real trouble if you're caught. 99% of the botnets that are shut down have over 10,000 bots, though, and I wouldn't expect anyone here to reach over 5,000. You will have to make sure your IRC server is secure and that your bot stays undetected.

Q: Is it true I can make money from this?
A: Yes, potentially. You could make the bots visit referral sites or download files. A lot of people sell the accounts they've taken from their bots for a price cheaper than the original. You don't have to do any of this, but as your botnet grows you will need more money to transfer to a professional IRC host.

Q: How can I secure/hide my botnet?
A: Offshore hosting first of all. Something in a country such as Sweden, for example. Dedicated hosting would be best, because that way you aren't sharing your hosted server with anyone and you can hold a much larger network. A password on your IRC channel is also recommended. Be sure to use a bot that is undetected, whether you have to crypt it or not.

Q: What do most people use botnets for?
A: The majority of them are used for DDoS attacks against websites when there are a lot of them. Many people set up large botnets just to sell their bots, though. With the rate they spread at, you could sell a large amount of bots to someone for a nice profit with only a small amount of work done.

Q: How can I spread my bot?
A: Most bots are spread through torrenting websites or warez boards. A lot of bots also have auto-spread features, so you could have 50 bots and then gain 150 more through the auto-spreading without doing any work at all. A lot of people also buy bots off other botnet admins to start their botnet off with a nice amount.

Q: What type of bot would be best?
A: Java bots seem to be the most popular right now since a lot of them are still fully undetectable, but you have to bear in mind that your victim will need Java. The same with bots coded in VB.NET, your bots will need the .NET framework. Some VB6 bots may also need missing .ocx files, so in my opinion the best choice of bot would be one coded in C++ such as IMBot.

Q: How much should I pay for bot installs?
A: A good price would be 10 cents per bot, which works out at $10 for 100. Some botnet admins may charge you more, but I don't think it's worth paying much more than that. Another risk of buying from other botnet owners is that they still keep the bots to themselves as well, so be sure to find someone trustworthy. Bear in mind that some may not be able to remove their own.

Q: How do I configure my bot to connect to my IRC server?
A: Most bots come with some sort of instructions text file. There are also a lot of tutorials for different bots here at HF, just search the name of your bot. If you can't find anything, there is usually a file named "config.h" (C++) or something similar. Open that and edit the parts that you're supposed to, it should be clear which parts to change.
Example: //"server","pass",6667,"channel","channelpass","-ix"; needs to be your info in that order.

Q: Is it easy to set everything up?
A: It is usually easy to configure and compile a bot, but setting up your IRC server, keeping it secure, paying for larger off-shore hosts, managing your bots and staying hidden are not easy tasks for beginners. Once you've done it all several times it will be easier though, as with anything. There are usually people here who would be able to help you out if you're having any problems with your bots.

Source  - r00tsecurity