3

I a very curious to understand botnets practically. I want to run a p2p botnet (storm or waledac) for analysis and learning.

I have mainly two issues:

  1. Where can i get access to binaries of either of the two?
  2. How do I create a testbed for running the binary?

I found out that honeypots can be used for running the same, however I didn't find any suitable document that walks through the complete process of building and running botnets in a local environment.

Kindly share your ideas.

Jens Erat
  • 23,446
  • 12
  • 72
  • 96
user76346
  • 39
  • 1
  • 2
    As a testbed I would recommend getting old machines (you often get the nice and vulnerable Windows XP with them) and connecting them to a switch. Consider anything connected to either one of them as compromised, so don't connect your phone/flash drive/etc. Do not use VMs. –  May 12 '15 at 11:25

1 Answers1

2

A lot of botnet are actually "commercial" software, in the sense that you have to pay like a licence to get them (even underground commerce remains a commerce... actually you may even find that botnet developers actually offer paid support for their tools!).

However, you may find older botnets or versions (ie. software widely known by current anti-viruses) for free on the web for your study (be careful where you put your steps, do not infect yourself during your searches!).

Be carefull to use only a dedicated and airgaped network for this, then a bunch of virtual machines will be able to act either as infected machine or C&C (Control and Command) roles in your own educational botnet.

WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
  • Ditto on using an airgapped network for this. You don't want to become a "target" out in the wild. – SDsolar Apr 07 '17 at 18:34