Making a description of what Botnets really are, ig
So basically, when someone uses the word "botnet", theyre referring to a network of infected computers. Each computer is connected to a centralized server, which is known as the Command and Control center (server). (C2C server, C2 server, ETC)
What happens when a computer gets infected?
The process of a computer getting infected and becoming part of a botnet generally follows a couple steps.
- They recieve the malicious file. This file is sometimes known as the dropper. It will perform setup and general recon in the computer, such as checking whether it is a virtual machine, or if it is managed with the intent of capturing the malware. if these conditions are met, the file self-destructs. Next, the code might do a few things - maybe attempt to disable an anti-virus, or download an update system for the actual malware. However, once those additional actions are done, the dropper will install the actual malware. (More advanced software will avoid writing to the actual disk, but here I am explaining a basic version) it will be installed to a nook in the file system somewhere, such as the TEMP directory. Then, it will be added to startup (eg the registry in windows) and will be started.
- The actual malware starts and connects to the C2C server. The server will manage the clients and send commands. Sockets are good for real-time communication here.
- Now that the client is infected, the C2C server can send commands (reverse shell, DDOS, remote arbitrary code execution)
And basically thats it! More advanced botnets have more advanced features obviosuly, such as signing the commands and encrypted communication. However, you dont really need super advanced security with a small scale botnet. However, if your goal is to be able to call a DDOS attack on demand on whoever you want, youre gonna need a large botnet, which might attract fed attention at some point. At this point, youre gonna want to add better security measures, as well as maybe some fallback servers (a raspberry pi hidden in a cafe with public wifi? A shady russian hosting platform? lots of possibilities)
Respond with questions and i'll do my best to answer them! Ill give my session ID to those who ask if they need personmal assistance. Hopefully this helped and interested someone out there!