A botnet showcase

Coursework in Computer Security 2015/2016

Botnets are networks made up of unaware remote-controlled computers, typically instructed for malicious purposes. Their first priority is to spread unnoticed, because in this way they may generate huge profits. They extend infecting computers with malwares — namely bots — that force them to join the network, unwittingly. In this work we describe the implementation of a bot, though for botnets with a centralized command and control layer. The developed bot is thought as an educational showcase, but it is actually ready to interact with a real web controller and it is configurable via a convenient web-based interface.

To build the bot you need to run

$app> mvn clean package

If you want to build it with code optimization:

$app> mvn clean package -P optimize

If you want to build it skipping tests:

$app> mvn clean package -P skip-tests

To build the Command&Control (C&C) server & Web User Interface (WUI) you need to run

$controller> npm install
$controller> bower install

To start the bot, you need to run

$> java -jar path/to/bot-1.0-jar-optimized.jar [YOUR ARGUMENTS HERE]

For example, to print the app version, you need to run:

$> java -jar path/to/bot-1.0-jar-optimized.jar --version

If no custom configuration is specified, the bot looks for the configuration file config.yaml in the current working directory. Notice that the current working directory is the directory from where JVM is executed, not where the Jar is located. If no such file can be found, the bot loads the default configuration. Notice that the default configuration does not provide the bot with any controller.

NOTE: when no custom configuration is specified, the bot looks for a file config.yaml in the current working directory. If no such file is found, the bot loads its default configuration.

To start the Command&Control (C&C), you need to run:

$controller> node app.js [YOUR ARGUMENTS HERE]

For example, to start the C&C with port 3000 and verbose mode, you need to run:

$controller> node app.js --port 3000 --verbose

By default, the C&C is bound to port 3000.

The fake landing is located in

http://localhost:port/

While the botnet dashboard is located in:

http://localhost:port/admin

Giacomo Marciani, [email protected]

Michele Porretta, [email protected].

Giacomo Marciani and Michele Porretta. 2017. A Botnet showcase. Courseworks in Computer Security. University of Rome Tor Vergata, Italy Read here

The project is released under the MIT License.