Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Tracking Emerging 'Darkness' Botnet

Posted by Soulskill on from the new-kid-on-the-block dept.

Trailrunner7 writes "Researchers are tracking a new botnet that has become one of the more active DDoS networks on the Internet since its emergence early last month. The botnet, dubbed 'Darkness,' is being controlled by several domains hosted in Russia and its operators are boasting that it can take down large sites with as few as 1,000 bots. The Darkness botnet is seen as something of a successor to the older Black Energy and Illusion botnets and researchers at the Shadowserver Foundation took a look at the network's operation and found that it is capable of generating large volumes of attack traffic. 'Upon testing, it was observed that the throughput of the attack traffic directed simultaneously at multiple sites was quite impressive,' Shadowserver's analysts wrote in a report on the Darkness botnet. 'It now appears that "Darkness" is overtaking Black Energy as the DDoS bot of choice. There are many ads and offers for DDoS services using "Darkness." It is regularly updated and improved and of this writing is up to version 7. There also appear to be no shortage of buyers looking to add "Darkness" to their botnet arsenal.'"

65 of 85 comments (clear)

  1. Charlie Murphy virus? by MrEricSir · · Score: 4, Funny

    "AAAAAH! It's a celebration, bitches!"

    --
    There's no -1 for "I don't get it."
    1. Re:Charlie Murphy virus? by windcask · · Score: 1

      Fuck your couch.

    2. Re:Charlie Murphy virus? by Monkeedude1212 · · Score: 1

      That brings up a good point. How come all the successful botnets and viruses have pretty easy and also socially friendly names? 'Darkness', 'Illusion', 'Black Energy', 'Stuxnet', 'Conficker'

      Where's the
      f*cksh*tc*nt*ssb*tchp*ssylol Botnet - and why don't I get to hear it on the news every other week?

    3. Re:Charlie Murphy virus? by KublaiKhan · · Score: 1

      Because the zombie-herders have realized that people are more likely to spend money on "Darkness" than "AssReamer 22k" ...though, IIRC, Conficker is bowlderized from its original name. And Stuxnet may or may not have been the product of some government.

      --
      In Xanadu did Kubla Khan
      A stately pleasure dome decree
    4. Re:Charlie Murphy virus? by yerktoader · · Score: 1

      "DARNKESS IS SPREADING!"

    5. Re:Charlie Murphy virus? by Stregano · · Score: 1

      DARKNESS BROTHERS! They should have never given y'all *@&$% any money!

      --
      The world is how you make it
    6. Re:Charlie Murphy virus? by MichaelSmith · · Score: 1

      Kuang Grade mark eleven must be only around the corner.

      --
      http://michaelsmith.id.au
    7. Re:Charlie Murphy virus? by Stregano · · Score: 1

      Well thanks, now nobody will use my botnet AddReamer 22k

      --
      The world is how you make it
    8. Re:Charlie Murphy virus? by blair1q · · Score: 1

      And Stuxnet may or may not have been the product of some government.

      All the more reason that camouflage requires that it be named Felchnet.

    9. Re:Charlie Murphy virus? by Darth_brooks · · Score: 1

      This is clearly a predecessor to w32.WesleySnipes worm.

      --
      There are some people that if they don't know, you can't tell 'em.
  2. Slightly related question by afaik_ianal · · Score: 2

    Slightly related question: how on Earth would one pay for use of a botnet like this?

    It's not like you're going to hand your credit card details over to someone like this, right?

    1. Re:Slightly related question by machxor · · Score: 4, Insightful

      My assumption is that someone needing a service like this would use *YOUR* credit card details to pay for it ;-)

    2. Re:Slightly related question by windcask · · Score: 1

      It's not like you're going to hand your credit card details over to someone like this, right?

      Let's seeee. If you're already in the business of botnets and malware, odds are you can get your hands on a stolen credit card fairly easily...

    3. Re:Slightly related question by gimmebeer · · Score: 1

      If you have to ask....

    4. Re:Slightly related question by windcask · · Score: 1

      Damn. You beat me to it.

    5. Re:Slightly related question by afaik_ianal · · Score: 1

      But surely the owners of the botnet would already have access to thousands of stolen credit cards. Surely the owner's of the botnet are going to be pretty pissed off if the payment bounces because someone notices the several thousand dollar change on their stolen card.

    6. Re:Slightly related question by afaik_ianal · · Score: 3, Informative

      Ahh, I've answered my own question by re-reading TFA. They accept payment by WebMoney.

      To those that answered "they use stolen credit cards", seriously, just think that through. Just because they're criminals, does not mean they're stupid. That they're not getting caught suggests they're not *that* stupid.

    7. Re:Slightly related question by windcask · · Score: 2

      That's why you use a different credit card every month. You might get a rejection every once in a while, but the only people who will notice the charge are those that don't use their cards very often in the first place.

    8. Re:Slightly related question by Will.Woodhull · · Score: 1

      how on Earth would one pay for use of a botnet like this?

      I understand that the USA Government can simply open a Swiss bank account for the vendor. Or pay in bullion to vendor's destination of choice.

      As to how private individuals might pay for this service, I'm pretty sure that in the post Wikileaks era, instructions for that will become available in the usual locations. But first things first.

      --
      Will
    9. Re:Slightly related question by vxice · · Score: 1

      It could easily be traded for a list of more cc#s, email lists or something else that could be traded over the net.

      --
      every anarchist is a baffled dictator. Benito_Mussolini
    10. Re:Slightly related question by Charliemopps · · Score: 2

      Go to Walmart. You can pick up a credit card in the checkout that you can load with cash right there. No name, no address to trace back to you.

    11. Re:Slightly related question by slackbheep · · Score: 1

      Other than the transaction at Wal-Mart? :p

    12. Re:Slightly related question by tehcyder · · Score: 1

      You could just wear a disguise and travel there in a stolen vehicle (or by bus) so what else could b e done to trace it to you?

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    13. Re:Slightly related question by Charliemopps · · Score: 1

      That's why you pay cash.

  3. Version Numbers by multipartmixed · · Score: 2, Funny

    > It is regularly updated and improved and of this writing is up to version 7

    That's nothing -- I heard this one goes up to 11!

    --

    Do daemons dream of electric sleep()?
    1. Re:Version Numbers by blair1q · · Score: 1

      Mine is at version inf.

      So there.

    2. Re:Version Numbers by hedwards · · Score: 1

      But does it blend?

    3. Re:Version Numbers by donscarletti · · Score: 1

      This is just the number of times it has been updated, not an arbitrary internal version numbering system, any comparison to arbitrary scales is invalid. This sort of development is hardly publicized, the official major, minor, patch and build numbers, if they exist at all are not publicly known. External security researchers can just say that the first version they see is version 1, the second is version 2, all the way up to the seventh iteration which is version 7. This is not Java or Winamp.

      --
      When Argumentum ad Hominem falls short, try Argumentum ad Matrem
    4. Re:Version Numbers by Jahava · · Score: 1

      My botnet's version is over 9000!

  4. With the prevelance of high speed connectivity... by gimmebeer · · Score: 1

    ...and the continuance or use stupidity, botnets are just going to get more and more effective with less and less bots required.

  5. Slashvertising botnets now ? by billcopc · · Score: 3

    Are we really slashvertising botnets now ? "up to version 7"... I mean come on, who actually gives a shit ? Botnets exist, and they tend to be based in Russia, which is why I think someone should do the world a solid and drive a backhoe across eastern Europe.

    --
    -Billco, Fnarg.com
    1. Re:Slashvertising botnets now ? by c6gunner · · Score: 2

      Botnets exist, and they tend to be based in Russia, which is why I think someone should do the world a solid and drive a backhoe across eastern Europe.

      That's a quick way to fame, anyway. You'd always be remembered as the first man to wear an ICBM as a suppository.

    2. Re:Slashvertising botnets now ? by Xaedalus · · Score: 1

      Hmmm... thermonuclear bowel movements, anyone?

      --
      Here's to hot beer, cold women, and Glaswegian kisses for all.
    3. Re:Slashvertising botnets now ? by billcopc · · Score: 1

      ICBMs ? Yeah sure, if only the Russians remembered where they hid them.

      --
      -Billco, Fnarg.com
    4. Re:Slashvertising botnets now ? by c6gunner · · Score: 1

      That's easy - just check the pawn-shops.

    5. Re:Slashvertising botnets now ? by PremiumCarrion · · Score: 1

      I hate to be the person to say this, but surely it's more apt:
      In Soviet Russia, ICBM wears you.

      Just when I consider the suppository idea and relative sizes it seems more accurate a description of the process

    6. Re:Slashvertising botnets now ? by tehcyder · · Score: 1

      And it doesn't even matter if the bit about spam turns out to be true, as long as we were acting in good faith with the best intelligence we could fit together for our purposes.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    7. Re:Slashvertising botnets now ? by jon3k · · Score: 1

      haha damn where are my mod points when I need them. can I drive the backhoe?

  6. Peer-to-peer by jibjibjib · · Score: 1

    > controlled by several domains hosted in Russia

    Why are all the major botnets still controlled by domains? It makes them easier to trace and easier to shut down. Is peer-to-peer really that hard?

    1. Re:Peer-to-peer by Plekto · · Score: 3, Interesting

      The real question is why these "researchers" aren't actively poisoning the wells as it were to disrupt the botnets. It's like watching some nature show where they sit passively while the huge coyote mauls the little pet. At some point you would think that they would try to do something.

      Of course, there is a simpler method open to authorities, which is to just not accept connections from Russia. If need be, just cut the wire until the local government hunts these criminals down.

    2. Re:Peer-to-peer by blair1q · · Score: 2

      Decentralized control makes it easier to hijack the whole thing.

    3. Re:Peer-to-peer by vbraga · · Score: 1

      If I recall correctly, Storm used Overnet for communication between nodes.

      --
      English is not my first language. Corrections and suggestions are welcome.
    4. Re:Peer-to-peer by KublaiKhan · · Score: 4, Insightful

      Because there are ethical considerations involved.

      Standard research ethics forbids the researchers from interfering with what is being researched. Part of this is to ensure the safety of the researchers: when the coyote's eating the yorkie, there's a very real danger of the researcher getting bitten by a rabid coyote. Likewise, if the researchers take over a botnet, there's a very real danger that their activities could be traced and the Russian Mafia comes and pays them a visit.

      The other part is that the conclusions that they could draw may not be as valid (or completely invalid) if they have interfered. Certainly no respectable peer-reviewed journal would accept the research if it's been tainted like that.

      Also, there's a lot more to be learned by watching it evolve naturally; the researchers may require some time to catch the full context of the setup, whereas if they interfered right away they could lose sight of certain management techniques or whatnot that would otherwise help in the botnets' defeat.

      Finally, the action you propose is actively illegal. Just because it's a crime against another criminal doesn't mean they can't be prosecuted for it.

      --
      In Xanadu did Kubla Khan
      A stately pleasure dome decree
    5. Re:Peer-to-peer by c0lo · · Score: 1

      The real question is why these "researchers" aren't actively poisoning the wells as it were to disrupt the botnets.

      Because you are drinking from the same well?

      --
      Questions raise, answers kill. Raise questions to stay alive.
    6. Re:Peer-to-peer by KiloByte · · Score: 2

      The line in WikiLeaks cables that the Russian government is Mafia-driven is quite an understatement.

      The authorities there know damn well who's herding botnets, but taking them down would be like taking another department of your own company.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    7. Re:Peer-to-peer by complete+loony · · Score: 1

      Not necessarily. With properly implemented public/private crypto you can make it basically impossible to hijack. It might still be possible to disrupt it though.

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
    8. Re:Peer-to-peer by glwtta · · Score: 1

      It's like watching some nature show where they sit passively while the huge coyote mauls the little pet.

      What the hell kind of fucked up "nature shows" do you watch, where pets are mauled by coyotes?

      --
      sic transit gloria mundi
    9. Re:Peer-to-peer by Plekto · · Score: 1

      If all else fails, the telecommunications companies that own the backbone can literally cut Russia's feed until they get their act together and do something about it.

      Simple as turning the connection off - that will get their attention. And as a multinational company, they are pretty much impossible to do much against(unlike a country).

    10. Re:Peer-to-peer by MareLooke · · Score: 1

      Yeah, and to thank us for that they'll just cut gas supplies to eastern europe, we know how well that worked out last time...

    11. Re:Peer-to-peer by brirus · · Score: 1

      That sets a very bad precedent. Blocking communication between countries amounts to censorship. Besides, there have GOT to be some honest Russian web sites out there! I know it!

      --
      Wikileaks Is Democracy
    12. Re:Peer-to-peer by mapkinase · · Score: 1

      "could be traced and the Russian Mafia comes and pays them a visit."

      Any examples of connection between traditional organized crime and cybercrime leading to physical violence against generally speaking, people of cyberspace?

      --
      I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
    13. Re:Peer-to-peer by hesaigo999ca · · Score: 1

      Yeah ....but I think his real point was ...

      if I see you being butt raped in some dark alley by some gang of big burly guys..., and I am video taping it (like a nature show) ....would you rather I put down my camera and get involved to help you from suffering what you are going through either by hitting them on the head with a club, or calling the police,

      or I could just say to myself, ....it is important to document what is happening so as to later better understand what was going on there, and maybe come up with a future solution to avoid this from ever happening again....I will let you decide.

    14. Re:Peer-to-peer by tehcyder · · Score: 1

      The real question is why these "researchers" aren't actively poisoning the wells as it were to disrupt the botnets. It's like watching some nature show where they sit passively while the huge coyote mauls the little pet. At some point you would think that they would try to do something.

      Why? It then stops being a nature show, and turns into Bambi.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    15. Re:Peer-to-peer by ArsenneLupin · · Score: 1

      or I could just say to myself, ....it is important to document what is happening so as to later better understand what was going on there,

      It is important that you finish taping the event. Not only for the reasons that you say, but also for uploading it so that other people can wank off to it too.

      and maybe come up with a future solution to avoid this from ever happening again....I will let you decide.

      that would be kinda sad, as we would have to watch the same tape over and over again.

    16. Re:Peer-to-peer by hesaigo999ca · · Score: 1

      O_O

    17. Re:Peer-to-peer by Plekto · · Score: 1

      You forget that the *companies* that own the cables and machinery of the Internet absolutely have the right to block content that is harmful or wasteful of their resources and hardware. It says so in every contract at every level. When Russia "allows" a carrier to have coverage in a city or region, both sides have such clauses in the fine print to protect themselves.

      This isn't about nations, which can cause all sorts of problems and incidents by doing such actions against other nations, but multi-national companies that aren't associated with any one government. They could make a decision to block a neighboring country's or customer's main arteries and restrict that flow to a trickle.

      ie - "find another provider"
      Eventually Russia (as an example) might very well find itself running out of companies that want to work with it. That's perfectly fair, isn't it?

      What needs to happen is for them to get tougher and in the case that a researcher finds a problem provider, at least notify the company instead of sitting on their hands passively watching.

      http://en.wikipedia.org/wiki/E-mail_spam
      80% of spam is sent via botnets. Of course, a little research shows that 30% of all botnets are in Brazil and only 7% are in Russia. (roughly 20% of spam by volume, though, is sent from the U.S. - and that's entirely within their rights to crack down upon - just read your terms of service)

      While cutting off Russia might be somewhat problematic(though all of the EU which most of the wires route through has laws against spam), I doubt if cutting off Brazil and smaller countries until they clean up their act would amount to much international fallout. Doubly so since these are companies and not governments making the decision that it's just too expensive and too risky to do so any more.

      And as for the other person's comment about it turning into "Bambi", well, we're talking about over 20 billion dollars a year in lost productivity just in the U.S. alone. There's a real reason TO keep the coyotes out of the hen house, no matter how fascinating it might be to watch. I guess a better analogy would have been a nature show about wolves and the scene being one getting into a commercial poultry farm. I'd expect the farm/business to be a MITE bit angry if they passively sat back and let several thousand dollars worth of damage occur just to get their film done.

    18. Re:Peer-to-peer by jon3k · · Score: 1

      Most botnets are in the US because it's easier to deliver mail to your target when it's sitting in the same netblock, instead of crossing a couple continents and an ocean. The question isn't where the infected machines are, it's who's running them.

  7. The Darkness (botnet) by Anonymous Coward · · Score: 1

    *(obligatory band reference joke)*

    Anyone caught operating The Darkness botnet is surely riding a one-way ticket to Hell (and back).

  8. Just some Mountain Dew, Cheetos, and... by Captain+Spam · · Score: 2

    Researchers Tracking Emerging 'Darkness' Botnet

    Pssht, easy. Just cast magic missile at it. That's a proven method of attacking the darkness.

    --
    Demanding constant attention will only lead to attention.
    1. Re:Just some Mountain Dew, Cheetos, and... by alphatel · · Score: 1

      Nyet, light continual is for dark, missiles are for Poland.

      --
      When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
  9. referral payments by SethJohnson · · Score: 1
    I am betting the spammer has opened up referral accounts with companies that sell pharma, etc. and will pay a percentage of sales that come routed from the ads the spammer sends. So, it's not like someone approaches the spammer saying, "I want these ads sent out. Here's some money." The spammer approaches third-party vendors who have referral programs and opens accounts for that yield a commission on every sale that comes to the site with referral ID XYZ.

    As an example, the viagra referral program:

    Now-a-days, affiliate marketing is becoming one of the most popular forms of advertising on the web. It provides low cost way to market the products and services. Web masters or Internet Marketers have a huge opportunity to monetize their web sites more efficiently. So if you are a web master, web site owner, or associated with email marketing, you can make a fortune through online pharmacy affiliate program at eMedOutlet.com

    Seth

    --
    $5 / month hosted VPS on linux = awesome!
  10. The Darkness Botnet? by Dangerous_Minds · · Score: 1

    Does this botnet believe in a thing called love perchance?

    --
    Daily read for tech news: Freezenet.ca
  11. Re:I will never get how this is still a problem by RMH101 · · Score: 1

    blacklisting blocks in increasing size if the host doesn't fix spammers is how SPEWS/SORBS etc spam blocklists work. You'd be amazed how many people don't get this, and think that the blocklist cabals are the devil

  12. Re:Does not compute... by dropadrop · · Score: 1

    if someone is savy enough to write (or even use) such a piece of code, why DOS attacks? Unless, of course that someone works for a government agency and wants to limit...say something like the wikileaks server. I mean if they are that smart, why not hack into, say, a couple million on line bank accounts and just draw out $.25 per month of each one. That'd net you a cool 6 mil smackers per year. I mean what's the point?

    I think generally the point is to make money. If they have customers prepared to pay for the attacks, then it's worth it for them. Looking at articles regarding the botnet it seems they will make about 50$ for 24h of attacks. From their price list I would guess that's for about 30 attacking hosts... I don't think the people behind the attacks really care why somebody is paying them to do it.

  13. Get off my lawn! by MistabewM · · Score: 1

    I wish I could go back in time and slap myself for being involved in some of these projects in my youth. We just used them to flood other people off irc though, and I don't think I know anyone that actually wrote vx to spread the net. Its sad when your children grow up to be assholes.

    --
    "A learning experience is one of those things that says, 'You know that thing you just did? Don't do that.'" - DNA