Introduction and structure of expenses.
I will probably omit the importance of basic precautions. I will assume that everyone present knows how to minimally protect themselves online.So, your first botnet. It is very important that you understand why all this is happening.
The botnet is always raised for some specific, specific purposes.
As we will see later, this is not the cheapest pleasure. The botnet requires constant infusions. If you do not pour, you will lose. And decently.
If you don't know yet or haven't decided exactly why you need a botnet, it's better to practice with the logs. This is more expensive, but more efficient at this stage.
I will immediately say a non-trivial thing: when buying someone else's animal, try to also buy the source code.
Yes, it is much more expensive, and not everyone will be happy to sell their experience to you. But here is the problem: after buying compiled programs, you, due to your lack of understanding, run the risk of becoming part of the botnet yourself, and even for your own money! If you are not able to read sors, then find someone who can help you with this.
By the way, the same applies to the coder that you will hire to develop your own product!
A botnet is not a cheap treat. He will constantly suck money out of you.
Who has experienced apartment renovation, regarding budget planning, there is a similar story here: the amount flies up exponentially.
If you have counted one amount, feel free to multiply it by 2. Just so that it is. Believe me, the stock will come in handy. In addition to cash, the botnet will shamelessly eat up your time. Even if you decide to give it 10 hours a day.
The fact is that you will simply not be able to do everything yourself (especially if you do not have technical skills and knowledge). You will have to deal with a lot of different people, who will be vital for the survival of your botnet.
Keep in mind that the botnet, after all, is a separate, complex system,so you will depend on a large number of outsiders in the process of working. From developers and hosters, to crypters and trappers.
All of them are Homo Sapiens, which means that nothing human is alien to them: the routine and daily routine, all sorts of quirks and work discipline - everything is different for everyone.
Expect to keep up with no more than half of the planned time. This is a harsh reality.
Before you start, you should estimate how much money you will need for a relatively comfortable life in advance for about a month, or even two. Because all this time you will be running around like scalded people, trying to establish smooth operation. And the botnet, accordingly, will lie down and generate nothing.
The cost structure will look like this:
If you ordered development from a coder, then these are their services, respectively. If you take a ready-made solution, then this is the purchase of software. The choice should be approached very carefully. There are a decent number of vendors on the market and, fortunately, we really have the opportunity to choose.
Now the market is represented by almost every direction that you can imagine. At least, all the main ones are definitely there.
The prices are different. Developing from scratch will cost plus or minus 10k (at least for something worthwhile). We'll talk about this later.
Next - crypt.
In this regard, it is worth finding several people in different time zones at once, so that you can script your pet at any time of the day. Naturally, try to find verified people and study reviews. This undoubtedly applies to all sellers, not just crypters.
Very often, crypto services offer their customers a subscription.
At first, it should not be issued, there is no point until you accelerate.
And you will really accelerate for several months.
Also, don't use auto-descriptors. This is evil, remember.
Go further-traffic.
If you don't pour it on yourself, then choose several performers at once. Keep in mind, threads may be busy. Plus, the traffic from sellers is usually not very high and always goes into several hands. Everyone knows about it, and, for some reason, it suits everyone.
There is a Club so that you can share responsibilities and work yourself, and not feed dirty shadow dealers.
Perhaps there are clean trappers, but I strongly doubt it. At least, I haven't seen it myself. Remember: as long as you don't add new traffic, you lose money! Therefore, you should always make sure that the traffic flows.
Idle time = increasing the loss.
Next - server hosting.
Naturally, you need an abuzo-resistant one. Fortunately, there is no shortage of vendors on the market right now. You can choose from a decent number of sellers.
Look for someone who is constantly online. There are some of them. I found it.
Cheap = bad. This is how it works here.
Study reviews and connect with people.
Then there are bundles of exploits.
If you do, this is a separate expense item. There aren't many offers. Vendors have enough clientele and this pleasure is worth a lot.
Ideally, of course, you can find several working options again.
At first, rent daily, which is logical. Since it will most likely be problematic to ensure a stable flow of traffic initially.
NON-OBVIOUS TIPS BEFORE THE LAUNCH
and before becoming interested in their botnet, the vast majority of our current colleagues bought logs from sellers.
The path to bot breeding is suggested to start with them. In addition, of course, to this training.
What to do?
Let's go to the sellers. Preferably to those with whom you have already started some kind of relationship. To those from whom you have already purchased logs.
Since a person took money from you (even for a product), they will still be more disposed towards you than you will come from the street and start interrogating them. Delicately begin to find out from sellers where they get traffic, where they are hosted, and what software they use. Probably, few people will want to reveal all the background, but you will have the opportunity to collect important information bit by bit.
This is an optional activity, and it can be ignored.
However, in the long run, the material can be very useful and save you a lot of nerves and even money.
You get the most up-to-date and in some ways even insider information for free. Unless you are being deliberately misled. Any information of this kind is useful.
Do some serious research before you dive head over heels into bot farming. Start making lists and write them out carefully. Read reviews, monitor offers on the market, log and structure them.
The cost of making a mistake at the planning stage can be high.
Feel free to spend a week or two studying the market and making a list.
Your task for this period is to collect the greatest amount of information about the direction of interest and specific offers.
Do not rush to buy until you are thoroughly prepared.
Knock people into toads and carts. Keep in touch. Don't be afraid to get rejected.
Ask specific questions. Trappers about the origin of traffic, coders about previous experience and the languages they write in, etc.
At the same time, if possible, monitor the online contacts from whom you can potentially purchase something.
Since you can declare one thing, but in fact do something completely different.
This will be useful, so as not to find yourself in a situation where the server is down, and the seller is off, although he claimed that he will be online all the time. THERE are NO SMALL DETAILS. Pay attention to everything.
Testing
It is absolutely necessary to test your software. What is purchased, what is written for you by a specialist.Before that, I mentioned that you need to multiply the calculated amount of investment at the start by half.
Now you will understand why.
What are the tests?
You have selected several versions of different software. Now you need to test them to choose the most suitable one for you.
First of all, you need to test the correct operation of the software on all versions of Windows OS.
It is necessary to check how the software behaves and how it taps.
It is advisable to test on the entire family: XP, Win2003, Win7, Win8, Win10.
We also look at how the software behaves on x32 and x64 versions.
We try everything on virtual machines. Software can (and often won't) work there.
In this case, you will have to buy trucks with the corresponding axis.
There are software programs that will refuse to work on dediks either.
Then you will have to install all versions of the operating system physically on a separate machine and test from it.
Then you should test it in different browsers.
It is advisable to do all these tests before you have invested your hard-earned money.
You need to know in advance how the animal behaves on all versions of Windows, as well as in different browsers.
This is a task, rather, for a kind of tester, but there is nowhere to go. The procedure should be done.
Pay attention to the assurances of developers that the software works properly everywhere and everywhere ... hmm, leave such a cute naivete to suckers. We'll have to check it out for ourselves. With your own pens.
Developers say a lot of things. People, in principle, tend to fuck up too much.
After that, it is the turn of testing the software functionality itself and its modules.
If there is a keylogger, then we test it: first we infect our machine, then we write ourselves a love letter and check the data in the admin panel.
If you have VNC, repeat the procedure.
Moreover, we test the functionality of the software and its individual modules AGAIN on all versions of the operating system and from all browsers!
This is a megahemore, but it HAS TO BE DONE.
Otherwise, you will lose your money and nerves. Curse me, this training and the day you decided to become a hatskir.
Although, in fact, you will be to blame yourself.
Don't be lazy!
For greater clarity and simplicity, you should draw a summary table of the tested parameters.
It may look something like this:
In the table, you have all the tested operating systems at the top, all the browsers in each of the operations below, and the functions under test to the left.
Everything is quite clear.
The table is APPROXIMATE. You do what you need to do for yourself. But the logic should be clear.
In terms of time, tests of one animal will take at least a week!
That's exactly why I told you before that you need to stock up on a few months ' worth of money.
Testing is a very tedious process. If you work with someone together or, even better, in a team, divide the responsibilities. Let someone test one axis, someone another, etc.
But even here you need to be on the lookout. Not all people are diligent. Some people simply can't handle this task. Keep an eye on your partners so that they clearly perform the function assigned to them.
Your overall well-being depends on it.
It is possible that the partner is more attentive than you, and will be able to detect bugs that you missed.
As they say, one head is good, but two are better.
If the software is purchased, then you should conduct agent work of the following nature: in the commercial topic of software, look at those who have already purchased this craft and write to them in the BOS.
Now almost everyone has carts and toads, there should be no problems with communication.
A lot of people will want to chat.
They should be asked the following questions:: how does the software behave? What bugs were noticed? Subtleties, nuances? How does the seller feel about you? And then down the list.
If we are done with this stage and the software meets the stated characteristics, we proceed to the next stage.
The next stage also applies to testing, but already as close as possible to combat conditions.
Your pet must pass the baptism of fire with the help of real live traffic and with real crypto.
The algorithm of actions we have at this stage is as follows:after we have made sure that the animal is functional, we order a crypt. Then we quickly run it again on our virtual machines to see what the software taps out. And only after that do we bother with instals.
We pour it daily or quantitatively (depending on the type of selected traffic).
What is the criterion for the animal's performance at this stage? This is a knock.
In other words, how many real bots have been infected with your stuff and are now at your disposal.
Many people naively believe that if a bundle has a breakdown of, say, 10%, then the ebb is 100k, they will get these notorious 10k to their admin panel.
Unfortunately, these are all wet dreams. In reality, it will knock out only 1/3. At most half.
In short, with a breakout of 10% and a traffic of 100k, you will, at best, get 5k bots. And it will be a fucking result.
There are also other parameters that you need to pay attention to. Shedding traffic and getting a certain number of bots is half the trouble. It's too early to be happy.
We need to see how many of these bots won't die in an hour, a day, or three days.
Bot survivability is extremely important! Remember!
It is vital for you to understand how many live bots you have left after tapping after a clear period of time.
Bots tend to fall off. It happens that with a good knock, the survivability of bots will be very low. But you've already spent money on traffic!
By understanding these numbers, you can predict what the future holds for you. Select the appropriate numbers and make forecasts, including monetary ones.
The first month is the two most difficult months in a bot owner's life. First, you test your pet by spending money on traffic, crypt, and a server, and only then, if the stars come together, do you start earning something.
This is also provided that the entire chain-proger-software, crypt, traffic and you at the head-worked correctly.
I think everyone understands how many slippery moments there are where you can fall and not get up. Often they don't even depend on you.
Now a few words about the technical equipment.
Hosting needs abuzoostoychivy. There are enough sellers. Many people rub themselves on the exploit. The price tag is decent.A few more words about the domain. We will need reliable domain names with full access to the settings. This is necessary for communicating with bots.
To prevent our C&C from being detected prematurely, you will need several domain names with full access to DNS settings.
It has already been mentioned, but I repeat: the registrar must be a non-committal person who will not respond to abuse, or at least will not respond to all abuse.
There are such registrars. We are looking towards China.
Here is an example: http://eranet.com.
Be sure to use FastFlux masking. This will significantly improve the security of our domains.
FastFlux does the following. This technology instantly hides the real IP address by changing the DNS record and changing it to any of the machines infected by the bot.
There are also two-thread networks like double-flux, which are even more confusing: when using the bot service network, IP addresses are constantly changing, which further increases our security.
So FastFlux is a must - have. But they are also expensive. So be prepared to fork out.
Ideally, you should use .bit domains. They are decentralized, and it is much more difficult to drop them. That's all we need.
What is the main feature of this domain zone? There is no regulator: even if we are discovered, law enforcement officers will not be able to immediately (and the question is whether they can at all!) disable us.
When we don't have enough money and time, and we have registered a couple of domains in any other domain zone, when we receive a complaint, ICANN quickly disables access to the domain.
In the case of top-level domains .bit, since they are decentralized and do not have a single point of control, nothing can be done.
Moreover, the DNS tables of these domains are distributed among the peer-to-peer network. Disabling it is almost impossible.
Conclusion
Finally, a couple of tips.When choosing a seller, always ask for a build for testing. If the seller is rejected, look for another one. This is normal practice, you should not believe the words. Either the seller provides you with an animal for testing, or it goes to a point.
Whatever the coder refers to, it's all in favor of the poor. What reviews, what reputation - everything is not about us. Sorry, but it's not interesting.
To prepare you for reality, I also want to say the following not very popular thing: the real average lag today is about 35, maybe 40%.
Anything more than that is a very cool result.
Add another half of those who fall off after some time, and, in the end,you will have no more than 10% of the spilled traffic left.
It happens better, and you should strive for better results. But be prepared to see exactly this order of numbers in your admin panel.
If the tasks are not trivial, do not rush to buy private developments.
90% of your wishlist can be realized through the available offers on the market.
Start small, fill your hand. And only then, when you have an understanding that the available resources are really small, you can look for a coder and do something special for yourself.
But, I am more than sure that for the vast majority, even what is currently on the market will be enough with a margin.
If you still decide to make something of your own, keep in mind that a quality product is ALWAYS developed from SCRATCH.
If the coder insists on using an existing product as a basis, then at best you will have another slightly modified public at the output.
And they will charge you for private development.
This should be taken into account.
I will probably keep silent about the effectiveness and expediency of such software.
Everyone should make their own conclusion.
I also wanted to tell you about the crypt and the receipt.
Always test after each crypt.
Even if the person is " verified” and encrypts your file for the hundredth time.
One small mistake on his part and you've lost a lot of money.
Don't be lazy!
Bot breeding is a complicated story.
As a conclusion to this article, I want to say this.
Keep developing. If you were able to raise your botnet , you are already well done! But do not linger in one place. Even if your system works properly and generates revenue, look at possible development paths.
In six months, for example, the technology base on which you work today may become outdated. Or the software/hardware manufacturer will release a patch, and therefore the penetration/survivability of your bots will fall to a critical level. The author of your malware may disappear or stop supporting the product (it is best to allocate funds for the development of your product, more on this in a separate article).
Every day there are new exploits and better working methods.
Study the market, follow the news. Analyze it. Communicate with your colleagues.
