Hey,I have a few suggestions you could implement to your bot, both server and

1. Hey,
2. I have a few suggestions you could implement to your bot, both server and client wise.
3. Well first, you should have implemented AntiDebugging:
4. - Prevention from running in virtual environments (Such as VMWare(All sorts of VMWares))
5. - Prevention of real-time analysis (Checking for various different processes that can be used to analyze your bot(such as Wireshark, etc))
6. - Prevention of automated-decompilization and deobfuscation through various tricks such as loops etc
7. - The Obfuscation of your bots source code to prevent someone from debunking your bots functionality(Remember to keep a deobfuscated version present!!!)
8. - Some other obvious methods that you should implement such as process injection (You have implemented), TLB desynchronization, hardening the process you have injected into, prevention of logging, call gates and interrupts, the hiding of files and directories containing parts of the bot, the removal of the tracks left by the bot, the interception between the bot and user processes (to check for analysis or to commence with advanced functionality), and of course (If you can manage), the best rootkit you can possibly implement.
9. There are also security aspects involved.
10. - You should randomize your PHP variables in your post request so that it'd be harder for someone analyzing the bot to manipulate your bots post requests.
11. - Encryption is necessary!!! You need to implement this!!! DO NOT make your own algorithm! Use already secure, and tested algorithms (Such as AES).
12. - Blacklisting IP's that have contacted the server more then "x" amounts in the amount of time "x" (This will both lower load on the server and mean that bot communication is'nt real-time, but has to be delayed by "x" number of "x's" in the amount of time: "x"(if that makes sense))
13. - Implement DGA's to protect your botnets infrastructure! This is pretty much vital if your bots communicate to the server via Domain Name.
14. - Of course, looking over previous code to check for vulnerabilities.
15. There are also methods of getting the executable to your victim that you should implement:
16. - Exploit kits (Less reliable) - Don't make your own for the love of god.
17. - Phishing, your #1 bet. I recommend phishing with DBD implemented on separate servers then your main server. Note: Don't disguise your downloader as a picture or something if you're directly sending them the file as an attachment. Create an Obfuscated Javascript dropper and get them to run it through the attachment (Make sure to check my service "MengleJS" if you need obfuscation!), and Word Macro's work nicely too.
18.  
19. Summing this up:
20. Some features need to be implemented before you share this bot. You are building a lot of hype for a bot that technically doesn't exist, and hasn't been released on the HF community yet. Please don't hype it up until when it's actually done. Other than that, I hope these ideas greatly enhance your bot!
21.  
22.  
23. Edit:
24. Tor would be great, but it is not vital. We would just love it if you implemented it somehow.
25. Also, my "summing this up" wasn't meant to be harmful. Just something to keep in mind.