Botnets with remote desktop access

Lionel (OP)

Sr. Member

Offline

Activity: 613
Merit: 305

Botnets with remote desktop access

June 29, 2016, 12:18:16 PM

#1

Hacker stuff has always fascinated me and i have read a lot about botnets.

I have known of a guy that one day was working at his PC and suddenly... the mouse pointer was moving by itself on the screen!! It went over the Chrome icon and opened a browser instance, then clicked on the address bar and start typing something !!

The guy was frightened and reacted instinctively at that point: he shut down the system immediately via the hardware button.
Then he formatted everything.

So i am wondering... was his PC a zombie system belonging to a botnet?
And... was a remote desktop client like Teamviewer installed there stealthly by the botnet owner through the virus that turned that PC into a zombie ?

I've never heard of a botnet capable of doing this!!
They usually can receive and execute DDOS commands and other simple stuff, but giving remote access is high-tech !!

So a question to the experts: is it that botnets have evolved like that in the 2016? And maybe the botnet managers rent or sell remote access to the bots?

So scary, some chil-dpo-rn fan may sneak into my PC , visit his favourite sites using my IP and the day after the police enters my house :O

bitboy11

Hero Member

Offline

Activity: 534
Merit: 500

Re: Botnets with remote desktop access

June 29, 2016, 12:25:27 PM

#2

Probably was TeamViewer like you said. It is very disturbing when you see someone else remotely controlling your computer. Any time I buy a computer, I disable all remote access functions and I never add such dangerous programs.

saddampbuh

Legendary

Offline

Activity: 1078
Merit: 1014

Re: Botnets with remote desktop access

June 29, 2016, 04:56:56 PM

#3

they infect you with their bot/rat and then watch what you're doing and steal your information and sell it, there's nothing high tech about it, any kid can do it its like $100 for the rat and a crypter to make it undetected

Be radical, have principles, be absolute, be that which the bourgeoisie calls an extremist: give yourself without counting or calculating, don't accept what they call ‘the reality of life' and act in such a way that you won't be accepted by that kind of ‘life', never abandon the principle of struggle.

Lionel (OP)

Sr. Member

Offline

Activity: 613
Merit: 305

Re: Botnets with remote desktop access

June 29, 2016, 07:34:19 PM

#4

Quote from: saddampbuh on June 29, 2016, 04:56:56 PM

they infect you with their bot/rat and then watch what you're doing and steal your information and sell it, there's nothing high tech about it, any kid can do it its like $100 for the rat and a crypter to make it undetected

Well ok the kid just buys the turnkey solution , but he still needs to spread it through drive-by downloads.

And that is not easy, you can't just put an .exe on emule or Bittorrent and name it like "Watch.HD.Movies.exe" and hope that the fools fall for it.

Maybe he can put the malware in a game crack but he still needs many seeders/leechers to be able to spread it, otherwise no one will download it
and it is not trivial.
The first one that spots the virus will flag the torrent and everybody else will see it.

So even being a script kiddie is hi-tech

Spoetnik

Legendary

Offline

Activity: 1540
Merit: 1011

FUD Philanthropist™

Re: Botnets with remote desktop access

June 29, 2016, 07:55:14 PM

#5

I checked out the source code to the RootKit "Zuess"
It could do that and much more..
This was no keylogger.. it was a professional rootkit system
that was sold privately i was told for $10,000 (later leaked out)
The code on it is seriously impressive !
This is one HUUUUUUUUUUGE massive project.. LOTS of code written.

I got the code still somewhere (i used to collect code leaks)
I have all kinds from Valve Games / Steam to Kasperky to Norton AV's to WIndows 2000

Anyway Google Rootkit Wink

It *could* have been that.

And Google "Sub7 Trojan"

FUD first & ask questions later™

Lionel (OP)

Sr. Member

Offline

Activity: 613
Merit: 305

Re: Botnets with remote desktop access

June 29, 2016, 11:49:57 PM
Last edit: June 30, 2016, 12:17:37 AM by Lionel

#6

Quote from: Spoetnik on June 29, 2016, 07:55:14 PM

I checked out the source code to the RootKit "Zuess"
It could do that and much more..
This was no keylogger.. it was a professional rootkit system
that was sold privately i was told for $10,000 (later leaked out)
The code on it is seriously impressive !
This is one HUUUUUUUUUUGE massive project.. LOTS of code written.

I got the code still somewhere (i used to collect code leaks)
I have all kinds from Valve Games / Steam to Kasperky to Norton AV's to WIndows 2000

Anyway Google Rootkit Wink

It *could* have been that.

And Google "Sub7 Trojan"

I have read of that Sub7 which is very old but already did a good part of what it is needed to get a remote desktop: it sends desktop screenshots to the controller, so that he can view the desktop in real time if 5-10 screenshots a second are sent

The only thing it needs is the ability to receive mouse and keyboard commands , and there you have a handy remote desktop.
That should be easy for today's trojans, if even Sub7 in the early 2000 was already near that.

But maybe it is not a so desired feature because it lets the victim spot the malware easily, while it is better to remain hidden and do your business

For example for doing click fraud activities, is it necessary to have remote desktop control? I think it isn't , just use the bot as a proxy or VPN server.