BOTNETS: A FUEL TO CYBERCRIME

Before moving on to our topic, let’s understand what a botnet really is…

A botnet is a network of independent computers across the world that are connected through the internet and are controlled by a hacker. The hacker uses them as a group to carry out many attacks on a big scale over the internet. The attacks carried out using them are one of the most sophisticated attacks in the world of cybercrime. You can imagine a leader leading an army of computers on the internet to do whatever he wishes…literally…WHATEVER!!!

But now the question is…How does the hacker hack them all?

Well, the most fundamental way of doing that follows the given 4 steps:

1. Infection:  This network is made by infecting a large number of independent computers with malicious softwares which are efficient enough to give you control and stay hidden on the device making it hard to track them down. These malicious softwares can be installed into computers by e-mail attachments, malicious downloads, drive-by downloads from random websites, or vulnerabilities of applications or even operating systems (mostly outdated ones).

Well, we talked about the control, right? But what to do if a few things go south or we don’t have much authority to have control over those particular things, then what are we gonna do?

Here the story takes a mighty turn to privilege escalation but we might see it in a different topic.

2. Establishing control: Once we succeed in infecting the computer, we have to establish solid control over that device so that we can use it for whatever we wish. And for that, we have to connect that up to the C&C server, new term nah?

Let’s look into that too, C&C stands for command and control, which means it is the central server from where all the commands are given and the botnets are controlled. In simpler words, do you remember we talked about some networks in starting through which the whole botnet is controlled, basically this is that particular server.

3. Control and command execution: In this segment, the C&C server sends the command and controls the whole botnet to use it for different malicious practices. The most common of them are DDoS attacks or spamming. This is known as one of the most sophisticated attacks because first thing first, it takes a lot to realize whether the victim has been attacked by botnets then to trace down that botnet and check out the network it is connected to literally adds up to the complexity of this task, then blocking that access or removing that malware needs a lot of time.

Wait…Wait…Wait!!! Did we just talk about blocking that access or removal of malware? It is gonna ruin our whole work, isn’t it? Buddy, just tell me how can we prevent our work from being ruined?

Don’t worry, I got your back buddy! We gonna use evasion techniques.

Evasion techniques? What is it?

4. Evasion Techniques: To learn more about Evasion Techniques, let’s have a look first at the problems we can face…

What if someone got into our C&C Server and got to know all the instructions we are giving to our botnet? What if by tracking that particular network he got to know from where we are operating the whole thing?

A lot of questions, right? Let’s answer ’em all!

As an evasion technique, we should encrypt our communication on the C&C server, so that if anyone is good enough to reach our server, he won’t be getting any clues about what’s going on there! But if he’s not getting what is going on, his next move will be tracking down its source. Then he might get us, nah? No way mate! We will be using TOR like a network to bounce over the world in every second, track me if you can! 😉

That’s all for the 4 golden techniques.

Well, I guess this blog added something to your knowledge and if you are really in the mood to create a botnet of your own now then keep in mind that owning such a thing isn’t everything, you need to maintain it for the whole time while saving yourself too.

That’s all for today’s blog!

Thank you for reading!!!