Zitat:Automaticly backdooring warez and uploading it to one click hoster and usenet. It's funny that even govermental agencies use warez, I found faa.gov credentials. My momma always said, "A botnet is like a box of chocolates. You never know what you're gonna get."

Zitat:It is possible to create a perfect protection, trusted boot, rootkit hooks on all system calls and looking into not WHO changed something, but WHAT was changed in the system. Some application added an autorun? That's a paddle. Some application tried to fuck with the memory of another application? That's a paddle. But then you would only need to buy the protection ONCE and not a recurring 50$/year for some shitty signature updates every hour. AVs leave protection holes on purpose to make money! (Or the whitehats just suck. Unlikely, because their blogs are awesome)

Zitat:Most "hacker-folk" kinda work at AV companies already. There is already a company going the "elimate it at the root" approach: http://www.triumfant.com . But it's not that easy, the big companies have the moneys, Symantec has the colorful commercials, McAfee has the govermental contracts for voting machines AV (Mr. McAfee has btw the same lifestyle as your average Russian Spam King: 66 years old, huge house in a tropical country, 17 year old girlfriend, lots of unregistered weapons lol). It's not about the product itself, it's about power and influence. Read about the "HBGary federal accident" or watch the Defcon 19 video with "Aaron Van Barr (totally not Aaron Barr, because he wasn't allowed to be there :P)". Changing the security industry is like changing the copyright system.

Zitat:1) People download software from Usenet and install it in the offices or at friends pretty often. Also Usenet isn't that hard anymore, as easy as buying a premium account for an onc click hoster. Most Providers have their own Usenet client for idiot proof downloads
2) My Botnet only mines if the computer is unused for 2 minutes and if the owner gets back it stops mining immidiatly, so it doesn't suck your fps at MW3. Also it mines as low priority so movies don't lag. I also set up a very safe threshold, the cards work at around 60% so they don't get overheated and the fans don't spin as crazy.

Zitat:2) Americans are the majority of the victims, about 30%, I really don't know why, I never targeted them. Majority is about 20-30 years old, no sign of gender difference, nearly all of them have facebook accounts, but I blacklisted them from grabbing, because they are worthless and use up space. About 20% of the users have good graphic cards, but are not sophisticated enough to install drivers, so my miner can't run. "Hur dur, farmville works and I can watch porn, no need for OpenCL drivers". 80% have an antivirus installed, 5% have a rogue antivirus as system antivirus listed. So they seem to be prone victims. There are also 3 windows SERVERS, I really don't know how my malware ended up there.

Zitat:The whole fraud system will soon escalate and only then people will start worrying about the fundamental flaws in the system. Antiviri don't work, firewalls never helped, fraud detection system are blind when abusing the victim computer as a proxy. The only cure is strong cryptography and simple yet unbreakable solutions, even if it's unconvinient. Some European countries for example already use private/public key authentification for banking and only allow credit cards with chips. Magnetic stripes are the most hilarious thing ever, but still work almost everywhere on the globe. Today Cybercrime is already more profitable than drug dealing and it will grow even further. Law enforcments are highly underqualified, I would hate to work their. One example is the "ZeuS Case" http://www.zeuslegalnotice.com/ they shut down 2 servers, yes, TWO! and accused the alleged masterminds behind the ZeuS botnets only knowing their nicknames and ICQ numbers... They also mixed up greyhat hacker forums, where most members are members of cybersecurity industry, accusing the admins to be the bad guys, I'm talking about "opensc.ws", in the official legal notice are screenshots of forum discussions as "evidence".

Zitat:Question:
how did you start off with this? did you start reading stuff from forums, programming, set up a VM testbed and go about working on that?
For how long have you been programming?
What does your skillset(apart from programming and reverse engineering) include?
You mention that you sell information and dont cash out credit cards or banking information - if so, how do you find people to sell information to? Forums? IRCs? On what basis do you trust these people?
You mention the importance of staying low - why exactly have you started this reddit? Just for the lulz? :)
How long did it take you to set up your botnet?
What are the most common mistakes that people make(that you have been careful to avoid so far).

Answer:
Reading, reading, reading, testing, reading, reading.
~2 years, 1 year serious
Setting up secure and paranoid systems and networks and all that stuff that an average admin should know
They find you and give you new contacts
Teh Lulz, the only honorable cause
Some months
Buying a VPS, setting up a public IRC botnet, confessing when the partyvan arrives. A botnet takes time, you won't become a hacker when you set up a botnet, you might set up a botnet when you become a hacker (inb4 "blabla you are a cracker, only shiny whitehats working for oppressing companies are hackers. you are not kawai!")

Zitat:No AV will save you. The majority of my bots uses MSE, but its not because its worse but because more popular. AVs however will protect you from the usual trash, like 2008 conficker virus and "stealers" from 14 year old hackforums scum.

Zitat:Question:
1) Thank you for doing this AMA, quite interessting read to be honest 2) Thank you for being patient and ignoring the whiny little pretentious wannabe altruists in here 3) What languages do you primarily code in. Followup: What is your oppinion on C#. 4) What are you planning on doing once you graduate or are done Studying 5) Since you are clearly speaking german (Hallo nur so nebenbei ;) ) i was wondering what your views are regarding "Vorratsdatenspeicherung" and the High courts decision to overturn it declaring it "verfassungswiedrig". Follow up: What security precautions would you have undertaken if this had not happened and VdS would have stayed intact? 6) What are in your views the most disturbing trend changes in regards to policies on Internet Surveillance and regulating it (Europe and Globally)
Krome etova.. u mena netu vaprosoff ;) Spakoynaya Notschi ;)

Answer:
3) Mainly C, but use some features from C++ like namespaces. C# is cancer, just cancer, bad code, slow code. However it's faster to prototype in C# and if performance doesn't count, it's ok. C# is a no-go for malware, C# malware cannot be taken serious.
4) Exact occupation would be too pinpointing to me
5) VDS is harmless yet, there is no deep packet inspection planned yet, but I like Germany isn't going into this direction. If we would have deep packet inspection and logging of every UDP and TCP connection I would use my botnet and the bots of friends to spoof and flood such connections to destroy their statistics and DoS their logging servers. You know, for the lulz. Staying anonymous while everything inside/outside a country is easy, just use an additional hop inside the foreign country hop.
6) If people don't get more educated about computer technology, it will end in a system of total surveillance (except for criminals, who will always know how to circumvent). Internet and computers are seen as simple tools of entertainment, not as skill to master. Thankfully people start to understand 1984 can become pretty real and vote for parties which will try to stop that. The most disturbing thing is that people in Syria, who use TOR get tracked using European and American surveillance software and get lynched and sent in pieces to their family members as a warning.

Zitat:Drive encryption isn't bullshit, as long as its open source and doesn't have cryptographic backdoors. Encryption however will never protect a company against data theft. Encryption only helps if someone breaks into your datacenter and ripps out the harddrive, most data thefts however occur while the system is online and everything is decrypted. Such snakeoil will live just as long as the myth that personal firewalls behind a NAT router give additional security. This will happen NEVER! More firewalls = more difficult to hack the gibsons! More encryption = more difficult to steal credit cardz! If you are a payment processor and your namecard doesn't says VISA or Mastercard you shouldn't have data on your drives that needs to be encrypted in the first place. However incidents happen where 1,5mio credit card magnet stripes get stolen and everyone wonders why the hell they stored them in the first place...

Zitat:Question:
What is your method of infection? Drive by, torrents ect...
Getting pissed at all the haters in this post?
Method of making your malware FUD?
Do you hang about on any online forums? (Please don't say hack forums)
Ever had a takedown? If so how big was that net?
Do you run multiple nets? If not you should as if one gets taken down you still have the back ups and the $$ still rolls on in ;)

Answer:
IRC is easy to maintain and is just as good (I modified UnrealIRC to save traffic, so bots don't recieve PRIVMSG from other bots), but I'm thinking about some own direct connection protocol.
P2P isn't that great, see Waledac, Stormbot and others. P2P has some fundamental flaws. TOR is pretty safe as long as you don't use exit nodes, which I never do, because everything is inside hidden services. Hidden Service guarantees the traffic is only readable at the actual server, the magic of private/public key encryption.
Warez, thinking about studying heap overflows for drivebys, but I can't imagine so many people are still driveby'able
I expected the haters
Randomness is your friend, make your own crypter and make it so fucking random on every compile, that AV reverse engineers kill themselfs (HINT: randomize the crypters sourcecode using perl scripts)
Opensc.ws, but all the hack forums scum now registers there
Never got a takedown, always used tor hidden service, I can easily move my botnet just using the hidden service private key
Redundancy is a must at bigger nets

Zitat:Question:
What's the best way to avoid your bullshit? Or, rather, what shouldn't I be doing in my daily internet activities to best avoid having malware get on my computer?

Answer:
Trash your AV
Deactivate your firewall (you most likely have NAT on your router anyway).
Check your autostart entries every now and then from a boot disc. Autostart is the most sensitive spot of every malware, every malware needs to start with the system, yet it is just a fragile registry entry...
Use GMER (http://www.gmer.net/) every now and then when your spider sense is tingling. Srsly, you can't fool GMER, it scans from the deepest possible point in your system, at ring0 and is impossible to fool, there is nothing deeper than ring0 on a usual PC where malware can hide stuff from. I always wondered why other AV vendors don't do it like GMER, it can detect all rootkits. But when a AV can detect everything, who will pay 30$ a year for signature updates...
Scan your traffic while your PC is idle and see if you find something suspicious (You should do that using a transparent proxy, but I haven't heard of rootkits filtering traffic lower than WinPCap drivers, so Wireshark will do)
Most important: Try to step out of your consumer role, think about how malware works, the core functions of malware all work the same and are very fragile

Zitat:Every major AV system in a default installation vmware for testing. There are enough ebooks around, if you know the winapi and some native language you can immidiatly switch profession to malware coding. If you are interested in exploitation, read some security researchers blogs, like http://grey-corner.blogspot.com . Where do you NOT find the sourcecode of ZeuS? The sourcecode is well written and very structured so it's easy expandable. However you need to understand the WHOLE sourcecode at first before you can safely include changes. (Took me some weeks reading and understanding). Before posting something on the net or even surfing I check every possible conclusions that someone could get from my informations. I always expect that everything is recorded and investigated, call me paranoid. I own the server myself, of course not registered on an existing name. No, that feature is called "hidden service". Because they are full of pubescents sharing emo pics of their trojan victims and code C# shit malware, because they were forced to learn it in school.

Zitat:Linux is only safe because it has smaller market share and every distro is different in its structure. http://www.opensc.ws and http://www.indetectables.net are pretty decend forums. Don't visit a forum, that has leetspeak in their domain and you're good. If you are not sophisticated in coding I recommend AV Vendor blogs. Even Symantec has a nice blog, although their products are a big pile of shit, that gets marketed just like rogue AVs.

Zitat:Code your own software and don't use 3rd party's unless you really know what you are doing, otherwise you will end up in jail. Start up fee was around 20$ for my first VPS, but you should move quickly to a dedicated server so you can crypt everything.

Zitat:If you rely on signature based detection you loose. Use read-only harddrives (the ones with hardware locks, not the snakeoil software ones). You can overcome software "write-blocks" using your own low level harddrive driver. If your coworkers need to save data, use network shares like samba and blacklist executable files there. PDFs should be scanned all the time, AVs are 'ok' at scanning generic PDF exploits, but you better have a record who wrote which PDF.
One does not simply "monitor" https, you can't sniff https unless you do some mitm with your own people, that's not how a secure connection is suppossed to work. If you whitelist domains and ips it's decend.
AVG is pretty bad antivirus, but doesn't rape performance as Kaspersky does, it protects you from mass sent and therefor known malware, but not from very fresh or targeted attacks. Once one system is compromised it might get updated to a new signature of the malware, maybe even a unique one, the antivirus will never find it.
I assume your company has atleast someone who can code scripts like perl or python, if your admin doesn't have a minimum of coding experience you are gonna have a bad time.
Edit: If you are targeted by custome malware there are lots of funny ways to tunnel traffic outside. DNS tunnels for example can even tunnel from computers that are not connected to the internet, but to the intranet. Some firewalls know about such tunnels.