digg

Facebook Connect Join Digg About

Look Ma, I created a botnet!

news.cnet.com The abstract concepts of "botnet" and "Trojan" just became a lot more concrete for me. In less than an hour, I was able to use programs readily available on the Internet underground for as little as $300 to infect several Windows clients and take complete control of them in a test environment.

Who dugg this? Made popular Jun 12, 2009

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

102 Comments

show profanity settings
expand all
  • clearcasting, on 06/12/2009, -2/+125"As they say in hacker lingo, I "p0wned" the machines."

    Oh God.
  • PyroKittens, on 06/12/2009, -0/+98If you spent $300 making a botnet, you spent about $300 more than you should have
  • altjeringa, on 06/12/2009, -1/+78She paid $300 dollars? Look Ma, my wallet got owned!
  • alpha88, on 06/12/2009, -0/+59"as little as $300"

    The *****? You can do it for free if you know where to look.
  • nullx42, on 06/12/2009, -1/+47Sub7, oh the memories.
  • jihadjohnson, on 06/12/2009, -0/+40Yeah, its really not that hard to do for free either...
  • statik99, on 11/03/2009, -3/+41Ahh takes me back to the days of bo2k just by the screenshot. Fond memories of freaking my little brothers out with the CD tray :-)
  • Kornstalx, on 06/12/2009, -3/+37Ah, good ole Sub7.

    I remember many nights, while I slept, leaving my state-of-the-art USRobotics Sportster 28.8 scanning wide ranges of IP addresses (mostly AOL domains) looking for open ports. When I woke up the next morning, it was like Chirstmas. Always had a hit.

    That trojan was ubiquitous in the late 90s. You didn't have to be a l33t hacker to even know what you were doing; the GUI for the client side (server was the virus itself) was like any other Win95 application. I'd have a steady stream of potential "entertainment" every morning. A list of IPs infected, and the client was so thorough it could even send you IMs (via ICQ, AIM/etc didn't exist) when that person got back online. You know, back before the days of broadband, people actually had to connect to the internet.

    I turned on so many random peoples microphones it was ridiculous. You'd hear all sorts of silly stuff. I'll never forget that guy who was talking to his dog, and had no clue someone was listening. "Hey <long pause>.... get out from behind there!"

    Sub7 is one of the main reasons most webcams now have physical shutters on them.
    Remember the Logitech "eyeball" cams everyone had? Yeah, you could turn them on... at will.

    Sometimes I'd feel sorry for people that were naive, and de-infect them.
    The irony is you could de-virus them, through the door enabled by the virus itself.

    I actually met a rather attractive college girl through this, for a brief time. I felt pity and suddenly opened a generic Win95 chat dialog explaining the situation (while she was playing solitaire, nonetheless). Pissed off a few friends with whom I'd shared the "infection".


    I still have those webcam pics, somewhere... :)




  • linagee, on 06/12/2009, -1/+28Who says you control the $300 one? Even if it *looks* like you have control, how do you know that isn't a trojan too? Hahahaha. Article author is getting 0wned.
  • uberduger, on 06/12/2009, -0/+27I can see now why real crackers hate script kiddies so much.
  • dwalker, on 06/12/2009, -0/+23Its written by a dumb reporter, so what can you expect!
  • Louis11, on 06/12/2009, -0/+22"The numbers aren't all that surprising to me now that I've seen firsthand how easy the malware is to create . . . "

    Something tells me she doesn't have the slightest idea as to how to actually create the malware.
  • cawfee, on 06/12/2009, -3/+23And everyone on the infected end is either computer challenged and doesn't know any better or just plain ***** stupid. Clarification before I get bashed for this: Don't click on every shiny picture link on the internets, keep your operating system updated and run a firewall so you can monitor in- and outgoing traffic and you won't be part of a botnet.
  • cawfee, on 06/12/2009, -1/+20I see we're comparing apples and oranges again.

    While it is a good idea to have that knowledge, I don't need to know how every part of a car works to drive one. I don't need to have my houses' plumbing mapped out to use the shower. I don't need to research varied financial data to open a bank account.

    I also don't need any expertise to turn on a computer and click a few links, but there are rules to follow still, and most of them are common sense. You can't safely drive a car on the road without knowing traffic laws, you can't safely take a shower without knowing what the hot and cold knobs do, you can't safely open a bank account if you just hand your money to a stranger who wears a suit.

    However the mentality seems to commonly be that you can go online and start clicking buttons without any clue as to what you're doing. If you have a hard time learning the ropes, that's forgivable, but a surprising number of people are just too ignorant to update their software and take 5 minutes to read up on security, which (coupled with insufficient company response time to exploits) is why we have the number of botnets we do today.
  • nosocoeckodoz, on 06/12/2009, -0/+18I thought it was "pwned"?
  • junkfoodjoe, on 06/12/2009, -0/+17......................................__................................................
    .............................,-~*`¯lllllll`*~,..........................................
    .......................,-~*`lllllllllllllllllllllllllll¯`*-,....................................
    ..................,-~*llllllllllllllllllllllllllllllllllllllllllll*-,..................................
    ...............,-*llllllllllllllllllllllllllllllllllllllllllllllllllllll.\.......................... .......
    .............;*`lllllllllllllllllllllllllll,-~*~-,llllllllllllllllllll\................................
    ..............\lllllllllllllllllllllllllll/.........\;;;;llllllllllll,-`~-,......................... ..
    ...............\lllllllllllllllllllll,-*...........`~-~-,...(.(¯`*,`,..........................
    ................\llllllllllll,-~*.....................)_-\..*`*;..)..........................
    .................\,-*`¯,*`)............,-~*`~................/.....................
    ..................|/.../.../~,......-~*,-~*`;................/.\..................
    ................./.../.../.../..,-,..*~,.`*~*................*...\.................
    ................|.../.../.../.*`...\...........................)....)¯`~,..................
    ................|./.../..../.......)......,.)`*~-,............/....|..)...`~-,.............
    ..............././.../...,*`-,.....`-,...*`....,---......\..../...../..|.........¯```*~-,,,,
    ...............(..........)`*~-,....`*`.,-~*.,-*......|.../..../.../............\........
    ................*-,.......`*-,...`~,..``.,,,-*..........|.,*...,*...|..............\........
    ...................*,.........`-,...)-,..............,-*`...,-*....(`-,............\.......
    ......................f`-,.........`-,/...*-,___,,-~*....,-*......|...`-,..........\........
  • junkfoodjoe, on 06/12/2009, -1/+18you mean "p0wned"
  • tomthepirate, on 06/12/2009, -2/+16I know it's not 'real' hacking, but redirecting my flatmates browser to goatse with Sub7 sure makes e-peen feel great :)
  • Domthedude001, on 06/12/2009, -0/+14Almost forgot it takes 'talent' to type commands. Now someone help me find that damn Q.
  • fuse13, on 06/12/2009, -0/+14I know a developer who sent an email to all staff ifrst thing one morning saying that they had suffered an issue similar to Y2K and the internet had reverted to 1950. he had written some stuff and installed on the server that was the internet gateway so that all the images on the websites were in black and white and old style fonts were used. it was brilliant.
  • jedicor, on 06/12/2009, -0/+13I remember the day Sub7 replaced Netbus and Back Orifice as "the tool" to have. Christ, that was more than a decade ago. That hurts my brain.
  • AngelBunny, on 06/12/2009, -3/+16burried because rooting someones computer with possibly the noobist program ever made is not a botnet.
  • MtheoryX, on 06/12/2009, -0/+12How about how real hackers hate crackers and script kiddies?
  • junkfoodjoe, on 06/12/2009, -1/+11>> sub 7? are u ***** 12 years old....
    >> are u ***** 12 years old...
    >> u
  • TechnoRabbit, on 06/12/2009, -1/+11wtf, are you an idiot? BotNet has nothing to do with IRC bots.
  • pirategonzo, on 06/12/2009, -0/+10I just can't understand why she paid for it.
  • mysticalone, on 06/12/2009, -0/+9"I open this thing they call a packer, and I choose a file to infect and then I send it. I made my first malware. From then on I was a hacker. THE COPS CHASED ME and my mom got scared and said 'you're moving with your auntie and uncle in bel-air'."
  • cawfee, on 06/12/2009, -1/+10Then do keep me up-to-date on the new and exciting extensions of common sense we're supposed to watch out for.
  • rcardona2k, on 06/12/2009, -0/+8it's cbs-cnet's money: methinks she got the pwnage warez for free and expensed $300 for it.
  • HamNCheese, on 06/12/2009, -0/+8> Feeling mischievous I used the "flip screen" feature so that everything on the victim's PC was upside down and I changed the colors for the desktop and background to Hello Kitty hues of pink and orange

    Hello Kitty hues? Oh, the humanity....
  • justinewing10, on 06/12/2009, -0/+8mom can you bail me from jail?
  • BenRoth, on 06/12/2009, -2/+10People pay McAfee to "protect" them from hackers/viruses. How was this a bad idea?
  • encrypteduser, on 06/12/2009, -0/+8It's like owning a graffiti removal business and as a promotional activity you take a bunch of journalists out on the streets. You show them the various techniques that vandals use to commit their crimes without getting caught and tell them that people could do it with very little/no money. The news runs on the internet and now a bunch of kids see it and say, "hey, that's cool... and it's *so* easy!" We'll definitely be seeing a lot more graffiti.... :/

  • inactive, on 06/12/2009, -0/+8Its easy when you have full physical access to the target computer... Where's the fun in that?
  • belthesar, on 06/12/2009, -0/+7Oh, and the memories come flooding back. I once infected a rather gullible target not once, twice, but around 10 times through good ol' social engineering.

    Towards the end, I just made sure he used his computer for what most 70+ people use their computer for. Open up the win.ini file, change the shell that launched to "sol.exe" and rebooted the computer. About 3 days later, he would come back on going "Damnit, I got another virus." It was when his slightly intelligent friend, tired of reinstalling Windows 98 for him time and time again, installed an antivirus software, password protected it, and then didn't give him the password to disable the AV software that finally ruined the fun.

    Ahh. Memories.
  • mysticalone, on 06/12/2009, -0/+7you mean the cup holder?
  • uberduger, on 06/12/2009, -0/+6Let me guess - 'Macs don't get viruses'?
  • shadowspawn, on 06/12/2009, -0/+6I stopped reading at sub7.
  • tj111, on 06/25/2009, -0/+5Pics or it didn't happen
  • encrypteduser, on 06/12/2009, -3/+8 Sub7 is relatively harmless these days, but I have to disagree with the way McAfee went about this. Teaching about cyber crime and actually showing someone how to do it are two different things. The only thing that this accomplishes is creating more script kiddies by publicizing the exercise. Good job McAfee! This is exactly the opposite of where you should be focusing your resources.
  • Ddraig, on 06/12/2009, -0/+5Isn't this word created from gamers anyway and not hackers?

    http://en.wikipedia.org/wiki/Pwned

    The term implies domination or humiliation of a rival,[4] used primarily in the Internet gaming culture to taunt an opponent who has just been soundly defeated


    Yea, guess I answered my own question..
  • mabsark, on 06/12/2009, -0/+4Or you could just add an entry to the hosts file.
  • Mihey, on 06/12/2009, -0/+4Sounds like most of diggers are l33t h4x0rs... or at least claim to be.
  • ThsGuyRightHere, on 06/12/2009, -0/+4IMHO, the security practice that gives home and business users the most bang for their buck is to adhere to the principle of least privilege and run as a non-admin account. Vista addresses some of the risks associated with privileged account in UAC, but it's poorly implemented. The most effective countermeasure I can suggest after you've done that is to run some kind of web filtering software. I've had good experience with K9 / Bluecoat: http://www.k9webprotection.com. You can configure it so you can still get your pr0n, but dynamically updated web filters will have a list of web addresses that are known to host bad mojo, and they also block the effects of some malware thuss giving you a heads up that you've been compromised.

    As for why: For any piece of malware to truly have its way with your machine, it needs admin rights. There are two ways to get them, either exploit a vulnerability in a service that runs with admin/system rights, or run in the context of the currently logged on user and assume that user will have admin rights. The former is addressed for the most part by patching, although that doesn't address 0-day vulnerabilities. However IE7 and later as well as Firefox run in least privilege mode, and the browser is where a web vulnerability is most likely to be exploited. (That may seem like a captain obvious statement, but there are other web-exploitable components such as Flash, javascript, and even the JPEG rendering engine)

    And in any event there are still scenarios where someone can do all of the above and still get boned:

    1. Hackers compromise a legitimate, popular web site or the ad network that feeds multiple popular web sites. LAaely the attack vector of choice has been web app exploits such as SQL injection.
    2. Said hackers put a banner ad up with a malicious jpeg that exploits a 0-day vulnerability.
    3. User with updated antivirus sigs and OS patches browses to said web site. By virtue of rendering the infected jpeg, her machine (or possibly just her profile if she was running as a non-admin) is now hosed. There was no pop-up she had to click on, and the web page she went to was a reputable one.

    That scenario doesn't happen daily but it has happened. So it's actually possible for a fairly intelligent person to pick up malware even when using the web responsibly. And a firewall will look at the above traffic and say "It's HTTP, let it ride!"

    Cheers.
  • Loki101, on 06/12/2009, -0/+4Why not furry porn?
  • Enlefo, on 06/12/2009, -0/+4BO was the *****.
  • Elohir, on 06/12/2009, -0/+4Mcafee fockin socks
  • nullx42, on 06/12/2009, -0/+4Sorry we weren't all born with infinite knowledge of tcp/ip connections and each protocol's vulnerabilities. But it's safe to say many of us that used Sub7 (and havoc and others) enjoyed and learned from it. So kindly suck a dick. Unless you were being sarcastic, in which case, sarcastically suck a dick.
  • encrypteduser, on 06/12/2009, -0/+3It doesn't. But that's not the point.

    Would it be ok for me to go painting graffiti all over the city just to be called back to do the clean up? No. same thing.
  • ThsGuyRightHere, on 06/12/2009, -5/+8That was adequate security 4-5 years ago.
  • Fetching more discussions...
    Show 51 - 100 of 107 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.