427 Botnet fm qxd

■
The capability to retrieve usernames, passwords, and dial-up network
settings
■
The capability to update its own functionality
■
The capability to upload/download files
■
The capability to redirect (tunnel) traffic
■
The capability to launch a variety of DoS attacks
■
Incorporation of its own IRC client 
SubSeven Trojan/Bot
By the late 1990s, a few worms (such as IRC/Jobbo) had exploited vulnera-
bilities in IRC clients (particularly mIRC) that let the clients be remote con-
trolled via a “backdoor.” In June, 1999, version 2.1 of the SubSeven Trojan
was released.This release was significant in that it permitted a SubSeven server
to be remotely controlled by a bot connected to an IRC server.This set the
stage for all malicious botnets to come. SubSeven was a remote-controlled
Trojan, also written in Delphi, touted by its author as a remote administration
tool. Its toolset, however, includes tools a real administrator would not use,
such as capabilities to steal passwords, log keystrokes, and hide its identity.
SubSeven gave bot operators full administrative control over infected systems.
GT Bot
A botnet client based on the mIRC client appeared in 2000. It is called
Global Threat (GT) Bot and was written by Sony, mSg, and DeadKode.
mIRC is an IRC client software package. mIRC has two important charac-
teristics for botnet construction: it can run scripts in response to events on the
IRC server, and it supports raw TCP and UDP socket connections.
GT bot had the following capabilities:
■
Port Scanning 
It can scan for open ports.
■
Flooding
It can conduct DDoS attacks.
■

Download 6,98 Mb.

Do'stlaringiz bilan baham: