scumbot-channel staggers to life
Break out the champagne ! My bot'speriment was successful! My scumbot-channel has staggered from the primordial goop to prove that malware across the planet can reliably (if slowly) "phone home".
I managed to find the diveboy@hotmail.com signature. Alas, I had to modify the search a little! I had to prefix with a %20%3f, which was text I prefixed the email address with, for no reason other than giving it a certain random error look! I guess it's something to do with the way google tokenizes the keywords in their database.
Anyway, with a google search I found two guest books that were hosting my 'scumbot semaphore':
Chinmoy's Portal
and
Air of Authority - A History of the RAF Organization
Sure enough, I hit the link from google and I could search the retrieved guestbook page for my message. Ah, the joys of genious ... now all I need to do is take over the world.
So I think it took about a week for the guest-book entries to get into Googles database. Which isn't too bad. If you were planning to launch a DDoS you could reasonably expect to plan your attack a week ahead of any major world event.
Next Step
Obviously, the next step would be to automate a the whole thing:
Oh, I suppose I should call it something other than a scumbot channel, as Scummy has already developed his own little bot that he calls a scumbot. But in his case, it's not half as nafarious as mine, it's just a useful little IRC bot.
c@malware
I managed to find the diveboy@hotmail.com signature. Alas, I had to modify the search a little! I had to prefix with a %20%3f, which was text I prefixed the email address with, for no reason other than giving it a certain random error look! I guess it's something to do with the way google tokenizes the keywords in their database.
Anyway, with a google search I found two guest books that were hosting my 'scumbot semaphore':
Chinmoy's Portal
and
Air of Authority - A History of the RAF Organization
Sure enough, I hit the link from google and I could search the retrieved guestbook page for my message. Ah, the joys of genious ... now all I need to do is take over the world.
So I think it took about a week for the guest-book entries to get into Googles database. Which isn't too bad. If you were planning to launch a DDoS you could reasonably expect to plan your attack a week ahead of any major world event.
Next Step
Obviously, the next step would be to automate a the whole thing:
- Search Web Using Google to find "Sign Guest Book"
- Randomly retrieve the HTML for 10-20 of the hits
- Parse the HTML of the page into some kind of DOM
- Traverse the page's DOM to find the
- Create a HTTP response with the textarea full of scum-bot semaphore
- Search Google for %20%3fdiveboy@hotmail.com once per day
- Retrieve all/any matching pages
- Parse the HTML into some kind of DOM
- Traverse the elements looking for the semaphore pre-amble (%20%3f&)
- Extract the scumbot-semaphore
- Decrypt/unpack the message
Oh, I suppose I should call it something other than a scumbot channel, as Scummy has already developed his own little bot that he calls a scumbot. But in his case, it's not half as nafarious as mine, it's just a useful little IRC bot.
c@malware
0 Comments:
Post a Comment
<< Home