OT New botnet virus idea - Linux

This is a discussion on OT New botnet virus idea - Linux ; I came up with a nefarious, but interesting idea. It would be useful to those who run botnets. Botnet software could be enhanced in the following ways: - besides everything else, check if you have a wifi adaptor. If so, ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: OT New botnet virus idea

  1. OT New botnet virus idea

    I came up with a nefarious, but interesting idea. It would be useful
    to those who run botnets.

    Botnet software could be enhanced in the following ways:

    - besides everything else, check if you have a wifi adaptor. If so,
    scan neighboring networks to look for unprotected networks or those
    encrypted with WEP. Take your time and crack the WEP encryption using
    computers in botnet.

    Then proceed with

    1) Using those other connections to send spams and other bad things
    (thus protecting a little bit the computer on the botnet)

    2) Infect all private computers on those external private networks,
    put virus code into .EXE files on private shared drives, etc

    The effect of this is going to be that all apartment buildings will
    become giant zombie anthills, so to speak.

    The viruses and scumware would "hop" the firewalls in ways not done
    before (through air rather than incoming ISP data pipes).

    I do not write viruses or run botnets, but I think that it is a neat
    idea.

    i

  2. Re: OT New botnet virus idea

    In news:C5SdnXK63-4pF2fbnZ2dnUVZ_gSdnZ2d@giganews.com,
    Ignoramus25760 wrote:

    > I came up with a nefarious, but interesting idea. It would be useful
    > to those who run botnets.


    <*plonk*>

  3. Re: OT New botnet virus idea

    In comp.os.linux.advocacy, Ignoramus25760

    wrote
    on Wed, 26 Sep 2007 11:37:08 -0500
    :
    > I came up with a nefarious, but interesting idea. It would be useful
    > to those who run botnets.
    >
    > Botnet software could be enhanced in the following ways:
    >
    > - besides everything else, check if you have a wifi adaptor. If so,
    > scan neighboring networks to look for unprotected networks or those
    > encrypted with WEP. Take your time and crack the WEP encryption using
    > computers in botnet.
    >
    > Then proceed with
    >
    > 1) Using those other connections to send spams and other bad things
    > (thus protecting a little bit the computer on the botnet)
    >
    > 2) Infect all private computers on those external private networks,
    > put virus code into .EXE files on private shared drives, etc
    >
    > The effect of this is going to be that all apartment buildings will
    > become giant zombie anthills, so to speak.
    >
    > The viruses and scumware would "hop" the firewalls in ways not done
    > before (through air rather than incoming ISP data pipes).
    >
    > I do not write viruses or run botnets, but I think that it is a neat
    > idea.
    >


    A few questions.

    [1] In Linux, at least, infection of .EXE files might be
    hampered by the issue that the user account can't write
    into /bin, /usr/bin, /etc, etc., or most files sitting
    therein. (The exceptions are /tmp and /var/tmp; some
    programs get a little sloppy therein. These are holes,
    and they do happen.) How does one get around this?

    [2] A compromised root machine might have some difficulties
    spreading on NFS-mounted drives if said drives have the
    no_root_squash option. How does one get around *this*?

    [3] Assuming NAT software (which on Linux isn't too hard
    to set up), how does the virus on an infected machine do
    the bunny hop? Especially if the virus hasn't crossed
    the local user-root barrier? Best I can do is Slightly
    Suspect Emails(tm), and those aren't all that hard to block.

    [4] Which is simpler, activating Javascript which sets up
    a polling attack on a central server when a malicious webpage
    is clicked, or a packet attack through a NAT firewall?
    (Hint: emails allow users to click things on Windows.)

    [5] Whatever gave you the notion that this is a neat idea?
    Of course, it does have an appeal to those who like to set
    up botnets -- but those are few and far between. Most people
    will probably think it's a terrible idea, and will want to
    cast about for defenses against it.

    --
    #191, ewill3@earthlink.net
    Useless C/C++ Programming Idea #10239993:
    char * f(char *p) {char *q = malloc(strlen(p)); strcpy(q,p); return q; }

    --
    Posted via a free Usenet account from http://www.teranews.com


  4. Re: OT New botnet virus idea

    On Wed, 26 Sep 2007 11:51:54 -0700, The Ghost In The Machine wrote:
    > In comp.os.linux.advocacy, Ignoramus25760
    >
    > wrote
    > on Wed, 26 Sep 2007 11:37:08 -0500
    >:
    >> I came up with a nefarious, but interesting idea. It would be useful
    >> to those who run botnets.
    >>
    >> Botnet software could be enhanced in the following ways:
    >>
    >> - besides everything else, check if you have a wifi adaptor. If so,
    >> scan neighboring networks to look for unprotected networks or those
    >> encrypted with WEP. Take your time and crack the WEP encryption using
    >> computers in botnet.
    >>
    >> Then proceed with
    >>
    >> 1) Using those other connections to send spams and other bad things
    >> (thus protecting a little bit the computer on the botnet)
    >>
    >> 2) Infect all private computers on those external private networks,
    >> put virus code into .EXE files on private shared drives, etc
    >>
    >> The effect of this is going to be that all apartment buildings will
    >> become giant zombie anthills, so to speak.
    >>
    >> The viruses and scumware would "hop" the firewalls in ways not done
    >> before (through air rather than incoming ISP data pipes).
    >>
    >> I do not write viruses or run botnets, but I think that it is a neat
    >> idea.
    >>

    >
    > A few questions.
    >
    > [1] In Linux, at least, infection of .EXE files might be
    > hampered by the issue that the user account can't write
    > into /bin, /usr/bin, /etc, etc., or most files sitting
    > therein. (The exceptions are /tmp and /var/tmp; some
    > programs get a little sloppy therein. These are holes,
    > and they do happen.) How does one get around this?


    Usually those directories are not network shared either.

    > [2] A compromised root machine might have some difficulties
    > spreading on NFS-mounted drives if said drives have the
    > no_root_squash option. How does one get around *this*?


    The typical worm action on a network (as happened in the last work
    attack at one place I know), is that the worm looks for EXE files on
    shared drives and infects them, hoping that one day they will be
    executed.

    > [3] Assuming NAT software (which on Linux isn't too hard
    > to set up), how does the virus on an infected machine do
    > the bunny hop? Especially if the virus hasn't crossed
    > the local user-root barrier? Best I can do is Slightly
    > Suspect Emails(tm), and those aren't all that hard to block.


    The only thing that I can think of where linux boxes can be
    compromised this way, is to look for less secure things inside
    presumed safe home networks, or pretending to be trusted hosts (I am
    10.0.0.3, and want to log on as joeblow) and using rlogin and such.

    > [5] Whatever gave you the notion that this is a neat idea?
    > Of course, it does have an appeal to those who like to set
    > up botnets -- but those are few and far between. Most people
    > will probably think it's a terrible idea, and will want to
    > cast about for defenses against it.


    I think that it is clever, but "unhelpful" idea.

    i

  5. Re: OT New botnet virus idea

    In comp.os.linux.advocacy, Ignoramus25760

    wrote
    on Wed, 26 Sep 2007 14:13:47 -0500
    <466dnZfSO8P2MmfbnZ2dnUVZ_hadnZ2d@giganews.com>:
    > On Wed, 26 Sep 2007 11:51:54 -0700, The Ghost In The Machine wrote:
    >> In comp.os.linux.advocacy, Ignoramus25760
    >>
    >> wrote
    >> on Wed, 26 Sep 2007 11:37:08 -0500
    >>:
    >>> I came up with a nefarious, but interesting idea. It would be useful
    >>> to those who run botnets.
    >>>
    >>> Botnet software could be enhanced in the following ways:
    >>>
    >>> - besides everything else, check if you have a wifi adaptor. If so,
    >>> scan neighboring networks to look for unprotected networks or those
    >>> encrypted with WEP. Take your time and crack the WEP encryption using
    >>> computers in botnet.
    >>>
    >>> Then proceed with
    >>>
    >>> 1) Using those other connections to send spams and other bad things
    >>> (thus protecting a little bit the computer on the botnet)
    >>>
    >>> 2) Infect all private computers on those external private networks,
    >>> put virus code into .EXE files on private shared drives, etc
    >>>
    >>> The effect of this is going to be that all apartment buildings will
    >>> become giant zombie anthills, so to speak.
    >>>
    >>> The viruses and scumware would "hop" the firewalls in ways not done
    >>> before (through air rather than incoming ISP data pipes).
    >>>
    >>> I do not write viruses or run botnets, but I think that it is a neat
    >>> idea.
    >>>

    >>
    >> A few questions.
    >>
    >> [1] In Linux, at least, infection of .EXE files might be
    >> hampered by the issue that the user account can't write
    >> into /bin, /usr/bin, /etc, etc., or most files sitting
    >> therein. (The exceptions are /tmp and /var/tmp; some
    >> programs get a little sloppy therein. These are holes,
    >> and they do happen.) How does one get around this?

    >
    > Usually those directories are not network shared either.


    I could see mounting /usr and /opt on an NFS share.
    I'll admit there are some issues with doing so,
    especially if one has to support multiple system types
    (x86 and PPC, perhaps -- or even Athlon and Pentium D).

    One can also mount /bin as well, if one is running diskless.

    Of course, Linux doesn't have Intel PE formatted files
    anyway (unless one installs WinE), or, generally, files
    named '.exe'. The best one can do is something along the
    lines of

    find / -type f | xargs file | grep 'ELF 32-bit' | cut -d: -f1 | \
    xargs ./infect_me_please.sh

    or some such. "infect_me_please.sh" would not be the actual name
    of the virus, but it would be something that looks innocuous.

    >
    >> [2] A compromised root machine might have some difficulties
    >> spreading on NFS-mounted drives if said drives have the
    >> no_root_squash option. How does one get around *this*?

    >
    > The typical worm action on a network (as happened in the last work
    > attack at one place I know), is that the worm looks for EXE files on
    > shared drives and infects them, hoping that one day they will be
    > executed.


    So how does the worm write to read-only files?

    >
    >> [3] Assuming NAT software (which on Linux isn't too hard
    >> to set up), how does the virus on an infected machine do
    >> the bunny hop? Especially if the virus hasn't crossed
    >> the local user-root barrier? Best I can do is Slightly
    >> Suspect Emails(tm), and those aren't all that hard to block.

    >
    > The only thing that I can think of where linux boxes can be
    > compromised this way, is to look for less secure things inside
    > presumed safe home networks, or pretending to be trusted hosts (I am
    > 10.0.0.3, and want to log on as joeblow) and using rlogin and such.


    I never use rlogin; I use ssh exclusively. I'll have to
    look to see if TCP can be impersonated (UDP, yes, but
    that's not used for ssh, rlogin, telnet, etc.)

    >
    >> [5] Whatever gave you the notion that this is a neat idea?
    >> Of course, it does have an appeal to those who like to set
    >> up botnets -- but those are few and far between. Most people
    >> will probably think it's a terrible idea, and will want to
    >> cast about for defenses against it.

    >
    > I think that it is clever, but "unhelpful" idea.


    Depends on who's being helped. :-)

    >
    > i



    --
    #191, ewill3@earthlink.net
    Murphy was an optimist.

    --
    Posted via a free Usenet account from http://www.teranews.com


+ Reply to Thread