Your browser is obsolete!

The page may not load correctly.

“Botology” basics

Основы ботоведения

Other issues in this category (4)
  • add to favourites
    Add to Bookmarks

Dog eats dog

Read: 1577 Comments: 2 Rating: 11

Some believe the hacker community is friendly and always ready to help out its members, in word and in deed. But is that really so?

Bleeping Computer told its readers about an IP scanner that a hacker wannabe or a script kiddie could use to set up their own Reaper botnet.

An unknown criminal created a website to advertise the free PHP script they wrote. The script can detect devices running the GoAhead embedded web server (as a rule, this means IP cameras and other IoT devices).

Creating a botnet (a centrally controlled zombie network of infected devices) has always been a favourite pastime of hackers. Botnets offer their owners excellent capabilities, ranging from spamming and mining activities to mounting powerful DDoS attacks. There exist several ways to create a botnet. For example, it’s possible to scan computers and devices over the Internet (including your Android tablet, if you're using it to read this issue), determine whether they have vulnerabilities, and then exploit them to deploy malicious code. This is exactly what the specialised scanner applications do.

Script kiddies are inexperienced (or low-skilled) criminals who can't write an exploit or a complex hack tool on their own, i.e., they are underachievers who are after easy money.

Script kiddies eager to possess a botnet of their own are unlikely to notice that a large portion of this "simple" PHP script is heavily obfuscated.

Obfuscation is a set of techniques used to deliberately produce software code that will be harder to understand.

The advertised PHP script consists of four parts:

  1. A working IP scanner, just as the ads promise;
  2. The piece of code responsible for launching bash instructions and adding a new user account onto the server on which the victim will launch the IP scanner;
  3. The piece of code connecting the victim's node to a remote server;
  4. The portion of code that downloads and launches the Kaiten malware on the victim's node. This malware is used to create the eponymous botnet.

Thus, a script kiddie who is eager to establish a Reaper-like botnet will make their machine part of the Kaiten network. The malicious scanner's author uses deception to take advantage of hundreds of script kiddies.

And now, attention!!!

#hacker #IoT #terminology #responsibility

Dr.Web recommends

  1. Do you think attackers should be prosecuted for attempting to take advantage of other criminals?
  2. Should an anti-virus detect malicious files deployed on a script kiddie’s computers? Obviously the scanner script should be blocked; there’ no doubt about that.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.


Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.