Building Botnets with VPS and Virtualization

A botnet is a network of devices running automated tasks as “bots”. Bots can carry out any type of complex task at high speeds indefinitely. Often times a botnet is used to carry out many tasks at once or simulate the activity of network users. Creating a botnet may seem like a daunting task, but the process is scaled and relatively straightforward. Virtual private servers (VPS) and virtualization make the creation of large or specified botnets very accessible.This method begins with the creation of a virtual private server. These servers can be created on hardware owned by the user, but there is a wide array of VPS services available online. These services allow for access to many virtual private servers through the use of commercial hardware. Once the virtual private server has been accessed, virtualization software is used to create multiple instances of a selected operating system. Depending on the hardware available on the VPS and the chosen operating system, many instances can be created for the purposes of automation. Finally, scripting is used on applications in each instance to automate the botnet’s activity. To review, our “bot” is an automated program running on a virtualized instance of an operating system. Multiple bots can be run on one instance, and this instance is running alongside other instances on a virtual private server. This virtual private server is running alongside other servers that are ultimately accessible to the user. This layered nesting allows for great scale when it comes to creating a botnet.For example, let’s consider the creation of a botnet capable of carrying out automated web tasks with 1,000 bots. If each bot is an automated Firefox process running on Windows 10, we would need 1 GHz CPU power, 1 GB RAM, and 16 GB storage for each instance of Windows 10. If we run 10 bots on each instance of Windows, we would need 10 servers with 10 GHz CPU power, 10 GB RAM, and 160 GB storage each. That’s 10 bots per 10 instances per 10 servers, or 10x10x10 to 1,000.What could we use this botnet for? For one, we can use the botnet to generate requests to servers hosting web services online. Scripting solutions such as Java’s Robot class or Mac OS’s AppleScript allow for any Firefox user task to be simulated quickly and around the clock. If each bot generates a web page login request every 3 seconds, 20,000 login requests per minute could easily crash a typically inactive login server. Similarly, the botnet could generate web traffic for ad servers or cast a wide net of phishing requests.