The content here I show is only for
education purpose only. I am not responsible for your
actions. The views/ideas/knowled...
Srinu K
• Working as a malware analyst at Online Guards
• Having 2+ years of experience working with
malware
• Seasoned Pe...
Size: ~ 15 MB
Skynet is bundled with 4 main components.
1. Tor Client for windows
2. Zeus bot
3. CGMiner
4. Opencl.dll
Spreading: via Usenet downloads
Capabilities:
1. Tor Communication
2. Credential grabbing
3. DDOS
4. IRC
5. Bit Coin Mining
Botnet Size: > 12,000 zombies
Zeus king of botnets
6ceyqong6nxy7hwp.onion
owbm3sjqdnndmydf.onion
4njzp3wzi6leo772.onion
qdzjxwujdtxrjkrz.onion
x3wyzqg6cfbqrwht.onion
niazgxz...
Feature Commands
Get information on the compromised computer
!info
!version
!hardware
!idle
Download and execute files !do...
Botnet only mines if the computer is unused for 2 minutes
and if the owner gets back it stops mining immediately.
Skynet i...
Another tor based botnet is “Atrax”. In future we are able to see
more botnets adopt tor as a communication channel.
Rapid7
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
Upcoming SlideShare
Loading in …5
×

An inside look at skynet, a tor based botnet

1,735 views
1,599 views

Published on

null Hyderabad Chapter - August 2013 Meet

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,735
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
19
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

An inside look at skynet, a tor based botnet

  1. 1. The content here I show is only for education purpose only. I am not responsible for your actions. The views/ideas/knowledge expressed here are solely myself and nothing to do with the company or the organization in which I am currently working.
  2. 2. Srinu K • Working as a malware analyst at Online Guards • Having 2+ years of experience working with malware • Seasoned Penetration tester and Forensic investigator • LinkedIn: http://in.linkedin.com/pub/srinu- neo/39/806/712
  3. 3. Size: ~ 15 MB Skynet is bundled with 4 main components. 1. Tor Client for windows 2. Zeus bot 3. CGMiner 4. Opencl.dll
  4. 4. Spreading: via Usenet downloads Capabilities: 1. Tor Communication 2. Credential grabbing 3. DDOS 4. IRC 5. Bit Coin Mining
  5. 5. Botnet Size: > 12,000 zombies
  6. 6. Zeus king of botnets
  7. 7. 6ceyqong6nxy7hwp.onion owbm3sjqdnndmydf.onion 4njzp3wzi6leo772.onion qdzjxwujdtxrjkrz.onion x3wyzqg6cfbqrwht.onion niazgxzlrbpevgvq.onion ua4ttfm47jt32igm.onion 6tkpktox73usm5vq.onion 4bx2tfgsctov65ch.onion gpt2u5hhaqvmnwhr.onion 7wuwk3aybq5z73m7.onion 742yhnr32ntzhx3f.onion f2ylgv2jochpzm4c.onion 6m7m4bsdbzsflego.onion xvauhzlpkirnzghg.onion h266x4kmvmpdfalv.onion jr6t4gi4k2vpry5c.onion ceif2rmdoput3wjh.onion uzvyltfdj37rhqfy.onion uy5t7cus7dptkchs.onion
  8. 8. Feature Commands Get information on the compromised computer !info !version !hardware !idle Download and execute files !download Download a binary to memory and inject it into other processes !download.mem Visit a webpage !visit !visit.post SYN and UDP flooding !syn !syn.stop !udp !udp.stop Slowloris flooding !slowloris!slowloris.stop HTTP flooding !http.bwrape!http.bwrape.stop Open a SOCKS proxy !socks Retrieve .onion address of the Hidden Service opened on the compromised computer !ip
  9. 9. Botnet only mines if the computer is unused for 2 minutes and if the owner gets back it stops mining immediately. Skynet installs a WH_MOUSE and a WH_KEYBOARD hook procedures that monitor the systems for keystrokes or mouse movements.
  10. 10. Another tor based botnet is “Atrax”. In future we are able to see more botnets adopt tor as a communication channel.
  11. 11. Rapid7

×