NetBot Attacker Anti-CNN Tool

As I noted last night, another, third tool (that I know of) dedicated for Chinese who are upset and want to attack CNN has been released. The folks at Hackeroo have released a Netbot Attacker Anti-CNN version, free of charge, for folks to use. Normally Netbot Attacker is a commercial tool, but this is a focused version.

Netbot Attacker provides a simple Windows UI for controlling a botnet, reporting and managing the network, and commanding attacks. So far nothing special or new there. It ships as a simple RAR file with two pieces: an INI file (see below, partially edited and obscured) and a simple EXE.


[Client Setting]
ListenPort=80
MaxConnect=10000
[Server Setting]
IPFile=http://www.cnn.com/ip.jpg
ConnectPass=1111
[FTP Setting]
FtpAddress=101.102.103.104
FtpPort=21
FtpUsername=netbot
FtpPassword=netbot
FilePath=ip.jpg
[XW Setting]
XWUser=netbot
XWPass=netbot
XWDomain=netbot.xxxx.xxx

The INI file hardcodes a target – CNN.com – and info on the controller. The server it contacts is in AS4134, or CHINANET-BACKBONE.

The UI provided in this one is very roughly modified of the real NetBot_Attacker, and it looks like a very simple tool for some people to use. Sadly, it appears to come with a way for the attackers to access the user’s PC.

On startup the program wants to start listening on a port (TCP 8080 in my case). I just tell XP to let it be … Sadly, I don’t have the Chinese language pack installed so I can’t make heads or tails of the writing.

netbot_cnn_1.png

The system gives you basic controlls to choose your attack type: SYN, UDP, TCP, ICMP, etc … The default is the classic TCP SYN flood.

netbot_cnn_2.png

Because the original Netbot Attacker is a backdoor, this tool retains that capability and lets you update the bot and be a part of the rest of the botnet. This is controlled here. Notice that you spin up a listening port on TCP 8080.

netbot_cnn_3.png

And finally the ubiquitous “About” page, telling you what’s going on:

netbot_cnn_4.png

A rough translation – provided with the bot – would be:

Common Attack:
SYN Flood ICMP Flood UDP Flood UDP Small TCP Flood TCP Mult-Connect
Web Attack :
NoCache Get Flood CC Attack Http GET Nothing
Speical Attack:
CQ Game Attack Route Attack Smart Auto Attack
Combine Attack:
SYN+UDP Flood IACMP +TCP Flood UDP Small+TCP Connect

Note that there’s no mention to the average user that they’ll be able to access your PC now that you’re helping the cause.

It is unclear to me how much this specific tool is used compared to the others. In the end, the effect is the same, however, which is to try and drive an adversary offline with a packet flood.

Also, despite new tools being released, we’re not detecting any major sustained attacks against CNN.com’s website, the attacks have (so far) subsided. It’s unclear if any other ones will appear in the near future, it’s possible that these tools are being released in preparation of a new wave of attacks.

2 Responses to “NetBot Attacker Anti-CNN Tool”

June 20, 2008 at 6:25 pm, billy said:

Nice tool. 😉

March 18, 2009 at 7:01 pm, Technology Review: attacchi DDoS politici in aumento - The New Blog Times said:

[…] – purtroppo – esistono strumenti come NetBot Attacker o Black Energy, costruiti interamente da hacker, in grado di fornire a chi li usa un controllo ed […]

Comments are closed.