427 Botnet fm qxd

Table 2.2 continued
Piracy Felons
Warez Group 
Conviction 
Defendant
Nickname
Affiliations Date
Offense
TRESCO, Christopher BigRar
RiSC, DrinkorDie
Felony
Conspiracy
Boston, MA
May 28, 2002
EISER, Derek
Psychod
DrinkOrDie
Felony
Criminal
Philadelphia, PA
June 21, 2002
Copyright
Infringement
NGUYEN, Mike
Hackrat
Razor1911, RISC
Felony
Conspiracy
Los Angeles, CA
Jan. 31, 2002
KARTADINATA, Kent Tenkuken
DrinkOrDie
Felony
Conspiracy
Los Angeles, CA
Jan. 31, 2002
BERRY, Richard
Flood
POPZ, DrinkOrDie Felony
Conspiracy
Rockville, MD
Apr. 29, 2002
RIFFE, John
blue
SMR, EXODUS
Felony
Criminal
Port St. John, FL
May 9, 2002
Copyright
Infringement
GROSS, Robert
target-
DrinkOrDie
Felony
Criminal
Horsham, PA
practice
May 22, 2002
Copyright
Infringement
COLE, Myron
t3rminal
DrinkOrDie
Felony
Criminal
Warminster, PA
July 10, 2002
Copyright
Infringement
BUCHANAN, spaceace
POPZ, 
DrinkOrDie Felony
Criminal 
Anthony
August 19, 2002 Copyright 
Eugene, OR
Infringement
Ransomware
As a category this includes any of the ways that hackers may hold a person’s
computer or information hostage. Ransomware, for this book, includes using
a botnet to DDoS a computer or a company until a ransom is paid to make
the DOS stop.The hacker may use Paypal or Western Union to arrange for
difficult-to-trace money transactions. When a botnet handler realizes they
have a computer that might be worth ransoming, they can encrypt important
files and demand a ransom for the key and/or software to decrypt them. Last
www.syngress.com
60
Chapter 2 • Botnets Overview
427_Botnet_02.qxd 1/9/07 9:49 AM Page 60

year a DDoS ransom attack was launched to target 180Solutions(now known
as Zango), a spyware company that tried to go legit. 180Solutions terminated
over 500 of the company’s affiliates due to their practice of installing the
company’s adware without the knowledge of the user. One group of affiliates
used the same botnet that had been installing the adware to launch their
DDoS attack.The company responded by contacting the FBI. With the FBI’s
help they tracked down the operators of the botnet in several countries
around the world. Once the attackers were known, 180Solutions filed a civil
suit against the seven hackers involved in the DDoS attacks.
Data Mining
The final payload type we will cover is data mining.This can be added to any
of the other types of functionality pertaining to botnet clients. For this, the
botherder employs tools to gather information from each of the botnet clients
or their users.They will at a minimum enumerate the users of the computer
and note which accounts have local administrator accounts.They may collect
the Security Accounts Manager (SAM) database or any password cache
storage to be broken. Breaking these passwords may take place on the client
or the information may be reformatted and sent to another computer to have
a password cracking program run against it.
The botnet client can be searched for numbers that look like credit card
numbers or Social Security Account Numbers (SSANs). Credit card and
SSAN information can be sold on special Web sites established for that pur-
pose. Some botnets establish keylogger programs that record every keystroke
taken on the computer. Later, userIDs and passwords can be harvested from
the logs. Recent malicious code has been very precisely targeted. Code has
been found that piggybacks a legitimate user as they login to an e-Gold
account. Once in, they initiate an electronic funds transfer and siphon off the
user’s money.
Reporting Results
Using the Command and Control mechanism, the botclient would report
results (when appropriate) back to the C&C server or to a location directed
by the commands from the botherder. For some of these payloads (spamming,

Download 6,98 Mb.

Do'stlaringiz bilan baham: