Getting Better Slaves By Targeting Your Installs


Hack Forums
[TUT] Targeted Spreading - Getting Better Slaves By Targeting Your Installs

+- Hack Forums (http://hackforums.net)
+-- Forum: Hacks, Exploits, and Various Discussions (/forumdisplay.php?fid=45)
+--- Forum: Hacking Tools and Programs (/forumdisplay.php?fid=10)
+---- Forum: Remote Administration Tools (/forumdisplay.php?fid=114)
+---- Thread: [TUT] Targeted Spreading - Getting Better Slaves By Targeting Your Installs (/showthread.php?tid=4887229)

[TUT] Targeted Spreading - Getting Better Slaves By Targeting Your Installs - Armada - 06-29-2015 09:12 PM

Targeted Spreading
Getting Better Slaves By Targeted Spreading Techniques
Written By: ȺʁɱªÐą
-1000th Post Celebration Tutorial-

Introduction:

In this article I am going to discuss how we can get better slaves by using targeted spreading techniques. What does this mean exactly?
Although spreading techniques can vary greatly, and can be based on the type of intended target. We are going to cover the basics to spreading using software releases. And how by binding to specific types of releases we can help focus on the desired machines to be infected as slave hosts to our binaries.

So let dive right in...

The Classification of Users:

In this article I am breaking down the classification of users in to 3 distinct groups. Each with their own pros and cons to infection and becoming a slave in your desired botnet.

The Gamer:
The gamer generally is between the ages of 10-25, tends to have a "Higher end" computer capable of handling the latest releases of video games, usually has a large drive capacity, lots of memory to play their games and a decently powerful CPU. These users are targeted most obviously by binding your viral binary to the latest game release and spreading it as fast as possible to torrent sites and seedboxes. New games tend to be large in file size, and users who download want their releases quickly making speed an important factor in successful distribution in this type of release.

Pros:
Gamer machines tend to be of the higher end in hardware comparison. Make for good mining slaves for crypto currency, or complex processing tasks.
Cons:
Large release sizes slow distribution down.


The Home User:

The Home User, is in general the most typically encountered infection when it comes to spreading. These are users whos computer knowledge is limited so the chance of a successful infection is much more likely. Home Users tend ot own "Average" Out-of-box computer builds, usually a store bought brand like Dell, HP or another "budget class" configuration. The machines are not nessisarily great for crypto mining or complex computing tasks like the Gamer, however the Home user also has its advantages as home users tend to openly store critical information on their machine making them prime targets for account theft, identity fraud or other more "black hat" activities. (Not endorsed in any way!)
Home users are likely to search and download "common tools" such as WinZip, WinRAR, Accounting software, Office suites and so forth.

Pros:
Typically easier to infect
More commonly searched releases (Winzip, WinRAR)
Smaller release sizes, easier to distribute across multilpe sources and sites.
Access to more typical home user data such as financial/banking/account logins/etc...
Less chance of security software detecting the viral binary.

Cons:
Less powerful "Stock" computer machine, making for less powerful computing applications.
Unreliable connectivity, Higher chance of "Bot sharing"

The Corporate Client:

The Corporate Client, is typically 1 of 2 users. The IT Analyst/Administrator who is trying to save a quick couple bucks on a software license. Of alternatively an end client within a corporate network. In this instance there are 2 vectors of attack.
Focusing on the IT Administrator or the End User.
IT Administrators will source and download Network and Application management suites. (Think "Server") This said, binding to releases of Management consoles, Network Distribution Software, or "End point" software (IE Anti virus end point software meant to be centrally managed) Ensures the correct type of user is properly targeted in this vector. End users of a corporate environment rarely have interest in the management side of the network, so they are unlikely going to download management console software.

For End user targeting in this method the attacker is against best to focus on "lower end" software typical software that would be commonly used by normal every day 9-5 office drones. (Again, Winzip, WinRAR, Snagit, presentation software and email clients are all fantastic options for endpoint infection)

Pros:
Targeting IT Administrators using Management consoles or End point distributes has multiple advantages. Firstly, IT Analysts and Administrators that will use pirate or release software will likely push a working release out to the entire network. making getting slaves a fantastic reality. One release can easily gather hundreds or thousands of slaves in a single shot!!!
Targeting the end point users minimizes detection of the virus, as the end user if they discover the virus they are unlikely to report it to IT security as they should not have been downloading pirate software to begin with.

The next major advantage to targeting corporate environments is when a binary is successful at infection, the attack is likely to get access to Server classed hardware, which almost always means Lots of memory storage and multiple CPUs for processing.

Further access to server classed machines also gives the added benefit of the access to the data housed on said servers.

Cons:
IT Administrators and Analysts are overall "Smarter than the average user" they are most likely to discovered your viral binary infection and remove it. IT Administrators also tend to be much more cautious when running executable binaries obtained from "The Wild" (Internet) and will test in developmental environments or Virtualized environments before issuing to the production environment.


Well ladies and gents.
I hope this was somewhat informative to some of you who might be having a hard time getting the type of infections you are looking for.

ȺʁɱªÐą
Black Hat


* - Nikopai - 06-29-2015 09:16 PM

Very nice and informative Thread. Thanks!

* - MafiaServ - 06-29-2015 09:50 PM

Nicely elaborated and informative post. I am sure it will help a lot of RAT'ers.

Greatly appreciated. Black Hat

* - Indus - 06-29-2015 10:22 PM

Really good informative thread by Armada ..
i'll bookmark it ...

* - matisshakeris - 07-14-2015 08:43 AM

Question: Can lumonisty hold a big botnet? Or any rat in that matter?

* - Armada - 07-14-2015 08:46 AM

(07-14-2015 08:43 AM)matisshakeris Wrote: ►Question: Can lumonisty hold a big botnet? Or any rat in that matter?

Limitations come with a number of various factors.
Primarily system resources.
- The more powerful the system the more resources can be dedicated to the controlling application to hande the number of connections.

More connections = More demand for system resources.

Other limitations include your connection, and the backbone you sit on, networking considerations, and other various factors.

All the main stream RATs can support a very large number of connections however, my bet is you will never hit this limitation.

* - Snake Bite - 07-14-2015 05:11 PM

Excellent tutorial Armada, definitely one of the best I've seen in this section. Very well organized.

* - LilHackers - 08-31-2015 05:56 AM

Very nice thread! Very informative, thanks a million

* - sтүℓιsн - 08-31-2015 12:06 PM

nicely written,will help users a lot.. cheers  Black Hat

* - DailyTrees - 12-02-2015 02:59 PM

Very nice release! Thanks for the methods brotha Black Hat