Every now and then you hear about large botnets attacking websites or certain IPs. Today a hackattempt was done with an extended script
being the perfect example of such a botnet.The script opens a connection to an IRC server and joins a 'secreta' channel with key. In the channel will be one or more users operating the bot and several other drones.The danger of such scripts is, obviously, somebody looking at them and locating the channel and key of the botnet. IRCops tend to have a negative disposition towards botnets on their network. They also posses extended logs of what happened and who did it as well as who was the victem. In short, your botnet is as easily lost as it came.A temporary solution for this is an obfuscated script
. All functions and string-literals are encoded using a simple algorithm. Of course since the drone can decypher them, so can you. It just takes some more time.Haven't seen them in a long time...-- editI've deciphered the last script, was fun to do. It comes down to an extended IRC script, same concept as the first script. All strings were encoded, important data was encrypted. In case you want to take a look:Servers: we3nlethland.weedns.com, pmununvbernum.weedns.com, webnlhttp0x0.weedns.com, ns10.optus.nu, ns11.optus.nu, ns12.optus.nu, ns13.optus.nu, h0s0s00we0r0w0w.cjb.net, d0d0sjsdjkjkl2jsjkdfsdf.cjb.net, p3pweriouwer234234jkhkjhjkshda.cjb.net, 02.privserver.com, p.myfoobar.infoServer password: secretpassChannel: ##pChannelkey: md5hashBot password: xRequired host: *.av (required if you want to control a bot, impossible tld, probably oper host)Nick: 9 letters a-z, if you're root, prefix it with r-All at your own risk!I've warned the hosts, but I'm guessing they couldn't care less about it.