elie Serial Rapist
Posts : 230 Join date : 2008-07-08 Location : Montreal
| Subject: EbotA.NET Virus Sat Nov 15, 2008 5:18 pm | |
| Written in entirely C# .NET.
- Disclaimer - Before you enter this thread, or participate in any way, you must agree that you will not use the software or information for any illegal activity. Also to understand the term "victim"
or "Host" is assossiated with an internal target meaning your own machine that you agree you own and therefor should not be misinterpreted. EbotA.NET and its files are provided on a "as is" basis withought any warrentry. What ever you do with EbotA.NET or its tools is your own doing, so accept full responsibility when using any of the software provided by this website. The EbotA.NET program is a legal and legitimate program to monitor other computer systems remotely and must not be used as a means to attack other machines, systems or networks. You also agree you own all machines and have full permission by the network operator or system administrator to install any software located on this website, server and forums. You must be over the age of 18 and fully accept this disclaimer. We can NOT therefore be liable for any loss or damage (including, without limitation, damage for any consequential loss or loss of business opportunities or projects, or loss of profits) howsoever arising and whether in contract, tort or otherwise from the use of or inability to use the Website, or any of its contents, or from any action or omission taken as a result of using the Website or any such contents. If you do not agree to this disclaimer please close this website down immediately and leave now.
Ok so that being said, this is a basic program that I wrote for practice to compete with all other bot sources that are native in C++. The reason I chose C# .NET is because most machines that bots target are Windows machines, and those machines almost always have the .NET framework installed. The one's that don't, you probably wouldn't have gotten anyways. Source not being disclosed yet, this is for pure discussion and/or participation and idea's. Take a look at what I've already implemented and tested *extrensively*. I have't yet discussed this because it's still in it's early stages of developement. But here we go with the implemented features.
- AntiVirusKiller - Kills all AV that match a PID list hardcoded
- Authentication - Allows only certain people to give commands. This is a login / password authentication system, which also works by nick, ident and hostname / ip
- Autostart - starts on boot, working to start it as a service also, code implemented for a 2nd pid to watch if it is killed to restart it. Trojan monitors that PID also to make sure it is not killed as well.
- Download - downloads a file, overloaded method to make it run as well
- FindFile - search through all logical drives to detect if a file is there
- FTPd - a from-scratch FTPd to allow you to connect to remote machine to download / upload file
- IRCConnection - connects to an IRC server to issue commands, will bypass windows firewall by allowing an exception before killing the windows firewall (optional)
- KillWindowsFirewall - kills windows firewall to make sure it connects, it can also just add an exception and allow it to just connect (less suspicious)
- Mailer - send spam through emails configged through OUTLOOK, OUTLOOK EXPRESS and MAIL
- PingSender - required for IRC Connection, replies to ping through a seperate thread.
- RunURL - make a window popup in default browser, or through custom form built in
- ScreenShot - takes screenshots of the machine's primary screen at intervals that you set or onetime
- Shutdown - shuts down the remote PC
- SynFlood - Syn flood a machine
- SystemInfo - returns system info of a machine including processor speed, machine location, machine name, os version (NT 5.* = XP), uptime and user name
- UDPFlood - UDP flood a machine
I won't bother posting a list of features I have yet to code yet, but a couple of scanners. - http://virusscan.jotti.org wrote:
Scan taken on 09 Nov 2008 21:55:08 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing So so far, it is totally undetectable by any anti virus with the features it has. I did this as a test to see if 1. It can be done and 2. I guess test anti virus heuristics. Well number 2 sucks as this loads autostart registry keys, kills anti virus' and disables windows firewall. I would have though it would have came up as detected somewhere but alas I guess not. Questions? Comments? Discuss! | |
|
Bong Hits For Jesus Im the real Slim Shadey.
Posts : 974 Join date : 2008-02-03 Location : Atlanta, Georgia
| Subject: Re: EbotA.NET Virus Sat Nov 15, 2008 5:37 pm | |
| | |
|
S.F.s/AKs When you have sex with me, its like your having sex with everyone ive ever had sex with before.
Posts : 1088 Join date : 2008-04-05 Age : 30 Location : Toronto
| Subject: Re: EbotA.NET Virus Sat Nov 15, 2008 6:10 pm | |
| - Bong Hits For Jesus wrote:
- Huh?
agreed | |
|
Yuriy.GoG I have the libido of a tiger!
Posts : 702 Join date : 2008-07-07 Age : 33 Location : Portland, OR
| Subject: Re: EbotA.NET Virus Sat Nov 15, 2008 6:15 pm | |
| ????????????????????????????????????????????????NERD????????????????????????????????????????????????????/ | |
|
Lord Mega Homicidal Maniac
Posts : 256 Join date : 2008-09-09
| Subject: Re: EbotA.NET Virus Sat Nov 15, 2008 9:11 pm | |
| for the tl/dr crowd. or if you didn't get it. its basically a virus that elie made (i think) that's undetectable by most scanners as of now. he made it to target windows comps (as practice). | |
|
Popsicle Sysop
Posts : 247 Join date : 2008-08-05
| Subject: Re: EbotA.NET Virus Sat Nov 15, 2008 9:30 pm | |
| He's talking about a botnet.
Some common feature's I have found useful in my time:
Http flooder (does what httpdos does, extremely effective on unprotected / lightly protected websites)
CD Key Searcher (searches the user's registry for cd keys)
Keylogger (could be as simple as report active window name and any keystrokes made before enter is hit)
Ability to open a "shell" on then target's machine / issue cmd prompt commands
Port scanner
And most importantly I feel is MSN etc... spreader, saves you a lot of work.
And another important thing would be the ability to specify what bots you want to issue the commands to, things can get a little hairy when it comes to issuing commands in a channel with hundreds of bots.
But yeah unless you're the person running the IRC server you have them connecting to or you know the owner really well as well as the opers I would watch out, it's pretty easy to steal a botnet configured the way you plan on doing it lol.
And about your question number 1, of course it can be done, there are a number of botnets running, many of the bigger ones being polymorphic making detecting them all nearly impossible, not to mention some of the self defense mechanisms they have such as launching a large scale DoS attack on any suspicious activity they see an IP doing on some of their distribution sites etc... (for the ones that distribute through emails etc...) Kaspersky has been hit a number of times for this lol. | |
|
pubb!n I have the libido of a tiger!
Posts : 786 Join date : 2008-03-09 Age : 32 Location : Atlanta, GA
| Subject: Re: EbotA.NET Virus Sat Nov 15, 2008 11:52 pm | |
| | |
|
Ranger Smith [GoG] Founder
Posts : 790 Join date : 2008-02-05 Age : 33 Location : Durham, NC
| Subject: Re: EbotA.NET Virus Sun Nov 16, 2008 12:46 am | |
| i don't want anyone posting viruses on our site. | |
|
Sponsored content
| Subject: Re: EbotA.NET Virus | |
| |
|