botnetWorks - Call for experimental botnet beta testers

[gtownfunk]

We are just about to release a product and are looking for some
serious beta testers to give it a spin and let us know how you like
it:

botnetSim - The Botnet Simulator

Includes:
- Command and control - IRC, Twitter and HTTP based C&C models
included
- Bot Agents - IRC, Twitter and HTTP based bots included
- Experimental propagation model to simulate the infection of
vulnerable machines on your network
- Fake vulnerability - no way for botnet to 'go wild'

Features:
- Full source code included
- Written in C# instead of obscure scripting languages hackers might
use
- Runs on the .NET Framework you are familiar with
- No malicious code, educational comments where malicious code might
occur in malware

Sign up on our website: http://www.botnetWorks.com/
Or send me an email: (e-mail address removed)

Thanks,
Ben Camp
botnetWorks - putting botnets work for the good guys!

 

[Virus Guy]

We are just about to release a product and are looking for
some serious beta testers to give it a spin and let us know
how you like it:

botnetSim - The Botnet Simulator

Introductory Price - Starting at only $1995.00

Or send me an email: (e-mail address removed)

I'm posting this (to 3 usenet newsgroup) as well as e-mailing to that
address, and (e-mail address removed) and (e-mail address removed).

Please explain your business model where you think that individuals and
organizations will find it useful to purchase your product for approx.
$2k.

============
Over the next 12 months we plan to release several educational and
experimental products to help your organization understand both the
security risks that malware botnets pose as well as the potential
windfall of savings that a benevolent botnet can provide.
===========

Please explain or define the term "benevolent botnet".

 

[FromTheRafters]

Introductory Price - Starting at only $1995.00


I'm posting this (to 3 usenet newsgroup) as well as e-mailing to that
address, and (e-mail address removed) and (e-mail address removed).

Please explain your business model where you think that individuals
and
organizations will find it useful to purchase your product for approx.
$2k.

============
Over the next 12 months we plan to release several educational and
experimental products to help your organization understand both the
security risks that malware botnets pose as well as the potential
windfall of savings that a benevolent botnet can provide.
===========

Please explain or define the term "benevolent botnet".

Folding@home and seti@home are examples of distributed computing.

 

[gtownfunk]

Hey Guy,

While you yourself may be well educated in how botnets operate, not everyone in the world is. I am well aware that you can go and dig up malware source code and create your own malware.. and do it all for free.

Our software allows the comfort of experimenting with your own network of bot agents without the risks of malware and out of control propagation looming overhead. Like I said earlier, you yourself may know all about botnets already.. and as such you might not be a potential customer of ours. Time is money, I'm sure $1995 is barely the overhead your company pays each week to keep you around. Our objective is not to provide a fancy feature-rich botnet for hardcore consumption. Our intent is to enlighten with simplicity not to obscure with complexity.

If we can help someone who is interested but doesn't have the time to get knee-deep in black hat websites, then we have succeeded.

Here's a quick example of a "benevolent botnet" that could reduce risk but wouldn't realistically provide a windfall of savings... A simple botnet could query local DNS servers and report back any anomalies. This way, a DNS hack could likely be detected even if it was to only affect a small percentage of the internet.

Hope that helps clear things up.

Ben Camp

 

[gtownfunk]

Hey Guy,

While you yourself may be well educated in how botnets operate, not
everyone in the world is. I am well aware that you can go and dig up
malware source code and create your own malware.. and do it all for
free.

Our software allows the comfort of experimenting with your own network
of bot agents without the risks of malware and out of control
propagation looming overhead. Like I said earlier, you yourself may
know all about botnets already.. and as such you might not be a
potential customer of ours. Time is money, I'm sure $1995 is barely
the overhead your company pays each week to keep you around. Our
objective is not to provide a fancy feature-rich botnet for hardcore
consumption. Our intent is to enlighten with simplicity not to obscure
with complexity.

If we can help someone who is interested but doesn't have the time to
get knee-deep in black hat websites, then we have succeeded.

Here's a quick example of a "benevolent botnet" that could reduce risk
but wouldn't realistically provide a windfall of savings... A simple
botnet could query local DNS servers and report back any anomalies.
This way, a DNS hack could likely be detected even if it was to only
affect a small percentage of the internet.

Hope that helps clear things up.

Ben Camp

 

[David H. Lipman]

From: "gtownfunk" <[email protected]>

| Hey Guy,

| While you yourself may be well educated in how botnets operate, not
| everyone in the world is. I am well aware that you can go and dig up
| malware source code and create your own malware.. and do it all for
| free.

| Our software allows the comfort of experimenting with your own network
| of bot agents without the risks of malware and out of control
| propagation looming overhead. Like I said earlier, you yourself may
| know all about botnets already.. and as such you might not be a
| potential customer of ours. Time is money, I'm sure $1995 is barely
| the overhead your company pays each week to keep you around. Our
| objective is not to provide a fancy feature-rich botnet for hardcore
| consumption. Our intent is to enlighten with simplicity not to obscure
| with complexity.

| If we can help someone who is interested but doesn't have the time to
| get knee-deep in black hat websites, then we have succeeded.

| Here's a quick example of a "benevolent botnet" that could reduce risk
| but wouldn't realistically provide a windfall of savings... A simple
| botnet could query local DNS servers and report back any anomalies.
| This way, a DNS hack could likely be detected even if it was to only
| affect a small percentage of the internet.

| Hope that helps clear things up.

| Ben Camp

For ~$2,000.00 ?

NO

A "company" would go for something more reputable such as BotHunter
http://www.bothunter.net/

A collaboration of SRI and US Army RDECOM.

Like there is no benevolent virus, there is no benevolent botnet.


/* What are you thinking ? */

 

[Char Jackson]

Our intent is to enlighten with simplicity not to obscure
with complexity.

That phrase is so slick I can't let it get away without stealing it.

 

[gtownfunk]

For ~$2,000.00 ?

NO

Do you have a suggestion? What price do you think is
appropriate? You threw out a piece of botnet detection software,
great.. but that's not what this is.

Like there is no benevolent virus, there is no benevolent botnet.

Looks like somebody drank the kool-aid. The world is not out to get
you. Uranium can destroy our cities or it can power them, choose
wisely.

/*  What are you thinking ?  */

// that c is dead { btw, all the cool kids have commenting in pascal
for years now }

Seriously, though, I do appreciate the feedback even if it isn't all
positive. Thanks to all who have replied so far via usenet and email.

Ben Camp
botnetWorks - putting botnets to work for the good guys!
http://www.botnetworks.com/
(e-mail address removed)

 

[gtownfunk]

That phrase is so slick I can't let it get away without stealing it.

Well then, it's a good thing I didn't leave any words out of the
middle like I have in half my other posts.

I'm still stuck with the visual of a bunch of 13 year old kids with
botnets vs the US Army and their botnet detectors. Its all influenced
by the fact that ET was on HBO the other day, so in my mind's eye the
botnet detectors are little geiger counter looking devices and the US
Army is stumbling through the internet in astronaut suits like it was
Elliot's house and they were afraid of what they were going to find.
Time for bed I guess.

Cheers,

Ben

 

[Oliver]

Our software allows the comfort of experimenting with your own network
of bot agents without the risks of malware and out of control
propagation looming overhead.

I admire one particular historical figure I met during my Middle Ages
period. He was from around Normandy and had a well fortified keep
in which he hung his enemies by their testicles from the rafters. That was
until either the owner died or his testicles dropped the offending
individual off upon which time the Noble Duc roasted him.

His military keep was never breached and he had many many friends at
Court. His people loved him..

Oliver.
..

-----------------------------------------
In the fifth century B.C., the Greek historian Herodotus
described modernity as a demigod who mutters angrily
at us, demanding that we entertain fantasy in place of
dull rigid fact.
----------------------------------------

 

[gtownfunk]

Bot authors prefer ASM, C or C++.

Agreed, not trying to market to bot authors.

Am I? I did a five day course on it once.
So, it won't run on a unix box.

Not right now. We're trying to keep it simple enough to run through
Mono though such a release is quite a ways off.

Ben Camp
http://www.botnetworks.com/

 

[gtownfunk]

I like your Micro$oft marketing model.  Selling /Beta/ software to the
end user.  SELLING Beta software.

Well, to be clear the preliminary pricing information that is on the
website is not for the beta testers program. Some pending updates to
the website will go live in a couple hours since I suppose this was
not clear enough. Right now our projected release date is May 31st.
We're hoping to have beta copies in the hands of our testers around
April 1st.

It has worked for Micro$oft though.  You are more honest than Micro$oft
about the developmental state of your product.  That is  a refreshingtruth.

Good luck.

*grin*

Ben Camp
http://www.botnetworks.com/

 

[FromTheRafters]

Like there is no benevolent virus, there is no benevolent botnet.

This assumes that computing power is being stolen. Otherwise a botnet is
just called distributed computing. A virus is always called a virus
whether it steals computing power or not - it is assumed that an
infecting virus will always be malicious because it is stealing power at
the very least. The definition of virus has nothing to do with malware,
whereas the definition of botnet seems to be "malicious distributed
computing network".

 

[David H. Lipman]

From: "FromTheRafters" <[email protected]>


| This assumes that computing power is being stolen. Otherwise a botnet is
| just called distributed computing. A virus is always called a virus
| whether it steals computing power or not - it is assumed that an
| infecting virus will always be malicious because it is stealing power at
| the very least. The definition of virus has nothing to do with malware,
| whereas the definition of botnet seems to be "malicious distributed
| computing network".


FTR wins the prize.

I figured you would understand as you had mentioned the SET@Home project.

Compare D-Computing vs. Botnet and what constraints are there on the C2 mechanism ?

 

[FromTheRafters]

From: "FromTheRafters" <[email protected]>



| This assumes that computing power is being stolen. Otherwise a
botnet is
| just called distributed computing. A virus is always called a virus
| whether it steals computing power or not - it is assumed that an
| infecting virus will always be malicious because it is stealing
power at
| the very least. The definition of virus has nothing to do with
malware,
| whereas the definition of botnet seems to be "malicious distributed
| computing network".


FTR wins the prize.

I figured you would understand as you had mentioned the SET@Home
project.

This site and Wikipedia both mention in passing that most times the term
'botnet' refers to the malicious ones.

http://www.topbits.com/botnet.html
http://en.wikipedia.org/wiki/Botnet

Compare D-Computing vs. Botnet and what constraints are there on the
C2 mechanism ?

Will do, but not just now.

Just as a disk copying program (xcopy?) was a virus, Pluto was a planet.
Through no fault of their own, no change on their part, they just lose
status when the entire class gets redefined. D

 

[gtownfunk]

In the most basic sense, it is absolutely true that a botnet is little
more than a distributed computing platform.

I'll throw my own thoughts out there on the subtle differences:

A botnet benefits more from and exploits its geographical diversity
than does a conventional distributed computing application. A botnet
also implies there is some command and control aspect.

-whereas-

Most distributed computing applications benefit from being able to
pool computational resources and are driven on the communication side
by little more than maximum throughput and minimal latency. Most
applications aren't told what to do by the server, they are programmed
to do what they do and request data to process and return the results.

Trust me on this, there are many companies out there running
distributed applications who would LOVE to have the power and control
that a bunch of teenagers managing their IRC botnets had over a decade
ago.

Ben Camp
http://www.botnetworks.com/

 

[David H. Lipman]

From: "gtownfunk" <[email protected]>

< snip >

| Trust me on this,

Because of the C2 aspect of a botnet....

Why ?
Who ?
Vetting ?

 

[♥Ari ♥]

Our software allows the comfort of experimenting with your own network
of bot agents without the risks of malware and out of control
propagation looming overhead.

Trying to break /any/ system is the only way to validate its security.
How else are you going to test it? Just claim it is secure?

Like I said earlier, you yourself may know all about botnets
already.. and as such you might not be a potential customer of
ours. Time is money, I'm sure $1995 is barely the overhead your
company pays each week to keep you around.

I have a hard time firing myself. lol

Our objective is not to provide a fancy feature-rich botnet for
hardcore consumption. Our intent is to enlighten with simplicity
not to obscure with complexity.

If we can help someone who is interested but doesn't have the time to
get knee-deep in black hat websites, then we have succeeded.

Here's a quick example of a "benevolent botnet" that could reduce risk
but wouldn't realistically provide a windfall of savings... A simple
botnet could query local DNS servers and report back any anomalies.
This way, a DNS hack could likely be detected even if it was to only
affect a small percentage of the internet.

Hope that helps clear things up.

Whether you get $1995 for your software, whether it is worth that,
less or more, isn't your decision. You have built your revenue model
on false pretences.

Maybe it is right but if so it's not because you have secured that
information from market research. The info you get from Usenet
historically will not be from business owners but from code boys and
those with a bunch of spare time on their hands. With absolutely
unproven qualifications. Best of luck with that.

 

[Dustin Cook]

This assumes that computing power is being stolen. Otherwise a botnet is
just called distributed computing. A virus is always called a virus
whether it steals computing power or not - it is assumed that an
infecting virus will always be malicious because it is stealing power at
the very least. The definition of virus has nothing to do with malware,
whereas the definition of botnet seems to be "malicious distributed
computing network".

It's not malicious for stealing cpu cycles alone. It's considered malicious
because it makes unwanted changes to other aspects of the system, sometimes
with dire results; and not intended by the author. Obviously this applies
to viruses, and not this fellows botnet for sale...

 

[Dustin Cook]

Bot authors prefer ASM, C or C++.


Am I? I did a five day course on it once.
So, it won't run on a unix box.

It's .NET based? Well, I know of 2 computers in this house that aren't able
to run it short of me installing the .NET support files beforehand.

What a sorry state of affairs. Most potentially malicious code was asm, c,
or c++, even VB at times.. but now.. .NET? I'm going to go in a corner a
puke now.