In case you’re looking for a variety of IRC client implementations, or always wondered how botnets and other malware looks on the inside, [maestron] has just the right thing for you. After years of searching and gathering the source code of hundreds of real-world botnets, he’s now published them on GitHub.
With C++ being the dominant language in the collection, you will also find sources in C, PHP, BASIC, Pascal, the occasional assembler, and even Java. And if you want to consider the psychological aspect of it, who knows, seeing their malicious creations in their rawest form might even give you a glimpse into the mind of their authors.
These sources are of course for educational purposes only, and it should go without saying that you probably wouldn’t want to experiment with them outside a controlled environment. But in case you do take a closer look at them and are someone who generally likes to get things in order, [maestron] is actually looking for ideas how to properly sort and organize the collection. And if you’re more into old school viruses, and want to see them run in a safe environment, there’s always the malware museum.
9 thoughts on “Source Of Evil – A Botnet Code Collection”
None written in Fortran? Oh the shame of it all! ;-P
I want to shake the hand of whoever’s writing botnets in BASIC. That’s some sort of evil, putting malware analysis teams through that!
My God! BASIC? PASCAL? I haven’t touched those languages in almost 20 years! Maybe more! This is going to be interesting. Thanks!
Thanks God it’s not in COBOL. Like many banking systems are…
“Hey, here’s a thought: let’s gather a huge collection of evil and let anyone who wants to paw through it. What could possibly go wrong?” And Lo! Script-kiddies around the world rejoiced as Jeff Goldblum sadly shook his head!
(That being said, I want to see that BASIC code.)
Most of these codes seem to be from 2000-2010. It will not be useful today for any malicious use. Scriptkiddies can easily find much more capable and up to date tools on modern forums.
Jonathan shakes his head sadly at the idea of Goldblum knowing what a botnet is…
It’s all primitive and dated and were not sophisticated for their time even.. UDP flood ddos via IRC c&c, obvious windows registry entries and process names with no hooks let alone rootkit, no advanced anti-detection like UAC or patchguard bypasses besides the boot-flag method for patchguard, not a single one with MITB or even thread input logging etc..
Most of it you could detect with task manager and kill with task manager or taskkill /f under XP to 10. All of it would require a FUD crypter or unhandled packer to get past even Windows Defender and of course would be detected by even old HIPS or HIDS..
Anything that featured assembly was either weak MBR payloads or optimized features to save negligible bytes basically and it was all stuff that looks liked it was from someone who read a NT API assembly tutorial while coding it..
None of the famous banking trojan or rootkit stuff is in there
“None of the famous banking trojan or rootkit stuff is in there” :-(
Please be kind and respectful to help make the comments section excellent. (Comment Policy)