Proof-of-Concept UBoat Botnet Replicates Real-World Weapons

The UBoat botnet is a proof-of-concept botnet that has been designed primarily for penetration testing and educational purposes. The author behind it has specifically stated that the main purpose behind it is to help security engineers understand how botnets can impact specific networks. As such any malicious use of it is considered illegal. The tool is publicly available for anyone to use, this means that both experts and hackers can download and utilize it. It can be extended or modified which can lead to the creation and upload of additional modules.

UBoat Proof-of-Concept Botnet Design & Feature

The UBoat botnet is coded entirely in C++ and contains no external dependencies, this means that it will run without installing any additional packages. An important characteristic is the fact that it provides for encrypted communications between the host and the client. This makes it very difficult for network administrators to find out that there is an ongoing attack when a low impact attack has been initiated.

Connections to the end hosts can be made both in a redundant and persistent way:

  • Persistent Installation — The UBoat botnet continously sends out packets of information which maintains an active connection to the hosts. This prevents the connection from being lost.
  • Redundancy — It allows the botnet operators to set up a fallback server address or domain in the case the main server address is not accessible.

The botnet controllers have the ability to initiate two major types of DDOS attacks:

  • TCP Flood — This is the classic attack of this type which is done by sending out numerous SYN packets to the victims. The attacks will spoof the source IP address thereby the replies will not come back to it.
  • UDP Flood — This attack is (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Martin Beltov. Read the original post at: