• United States



#BlackHat preview: Owning bad guys with JavaScript botnets

Jul 18, 20123 mins
CybercrimeData and Information Security

One of the talks scheduled for Black Hat USA next week is by researcher Chema Alonso, who will demonstrate the ease with which he created JavaScript botnets and used them to turn the table on the bad guys. In a phone conversation this afternoon, Alonso offered a preview.

“In this talk I’ll describe how easily a JavaScript botnet can be constructed, what the risks are and what kinds of people are using these kinds of services,” Alonso said. In a whitepaper he forwarded me after our talk, a lot of effort is spent reassuring those who might worry about the nature of the research: “Our proof-of-concept work is completely passive, there is no intention to control the lives of anyone, but to study the risks of certain services that have become too popular, such as anonymous proxies and TOR networks.” In the end, he said, all the intelligence gathered was turned over to Spanish authorities.

The goal, he said, was to use the bad guys’ own tricks against them and in the process collect intelligence on what they’re up to. When someone connected to one of the rogue proxy servers he created, they were infected with JavaScript that allowed him to monitor their activities.

The whitepaper goes into detail about the types of schemes the bad guys were working on:

–One proxy service user was a man allegedly selling Visa cards to people with IP addresses from India. “To do that, he was making an intense campaign of spam with an e-mail message requesting payment for Western Union. Of course, some recipients of the messages were quite sckeptical and their responses were very negative, but we could see how some people paid and sent all data to obtain a Visa that would never come.”

–Another scam artist kept fake profiles of women in different social networks to use against friends and family of those impersonated. In each, the location, name and age of women were different. The German scammer  tried getting people to send him money through Western Union to fund trips to where the women live for a night of “mad, wild, nasty love.” The culprit organized conversations and stored them. He sought money in exchange for naked photos as well.

In next week’s talk, Alonso said he’ll repeat the warnings he made at the end of the paper — that TOR networks and proxy systems are bad news and should be avoided at all costs.

“TOR networks and proxy systems represent man-in-the-middle schemes in which you must trust to use them,” Alonso said. “Putting a malicious server on the Internet is too easy and is typically used, in a massive way, by people with the worst of the intentions. So if you use any of these facilities, get ready to be attacked.”