Based On Irc Protocol Asynchronous Trojan System Design And Realization

With the rapid development of network technology, information security has often been invaded by Bot attacking. Whereas Bot attacking is also a powerful anti-attacking weapon. Therefore, asynchronism Botnet systems are widely used and intensely emphasized due to their asynchronous communicating characteristic and distributed attacking ability. However, planting an current Botnet system is very inefficient because Bot can not transmit itself. In addition. Firewalls can easily detect and block the special data streams from ordinary Bot communicating. In order to solve the above-mentioned problems, an IRC-based Botnet System is developed in this paper.This system is composed of a main function module and an auxiliary function module, with the combination of advantages of Bot, IRC and Worm technology. The main function module is constituted by communication module, command control module and dissemination module. The communication module implements a subset of IRC protocol, which can transmit disguised Bot commands through hidden IRC channel like normal chat messages. The command control module implements the IRCPEP protocal, which defines a set of Bot command to support IRC Server communicate with Zombie in argot. The dissemination module insert the Bot location into webpages, which tempts the worm-infected host to initiate connecting to Bot source, download and auto-run Bot program, and become a Zombie. On attacking, firstly attacker sends the attack command through a hidden pattern IRC chat channel to Bot Server, and then Bot Server disseminates the attack command to a group of Zombie through another hidden model IRC chat channel. The auxiliary module is mainly used to test Botnet attacking ability, which includs sending spam, updating Bot program, etc.In this paper, the main work and innovations are as following:(1) Using double hidden model IRC channel in the system made Bot Server act as the agent of Attacker, which can isolate the attacker from Botnet so as to hide the attacker's identity and improve the flexiblity of management;(2) A new IRCPEP protocal was defined to standardize and encrypt attack command, which can disguise Bot command like normal chat messages so as to enhance the system's anti-kill ability, moreover, only implementing a subset of IRC protocol reduced the size of Bot and accelerated the dissemination of Botnet;(3) Recuring to worm technique disseminating Bot can make Bot be planted more active and efficient. In addition, auto-updating function enhanced Bot's self-adaptability.