host network selection for botnets

definitely do not try this at home

The best way to build up botnets is through spreading botnet malware inside online ads. Here is a detailed how-to video on how to do it.

In general, for botnet building and expansion you can focus on three things:

• exposing peoples’ devices (botnets)
• exposing server assets of others (cloud botnets)
• using server assets of your own (cloudbots)

In this case we are going to focus on the first and second of the three, where we are targeting assets of others.

A rule of thumb is to focus on assets of companies that are in some kind of distress or in a state of disorganization at the very least. Financial distress is especially potent, as is customer dissatisfaction. Company that is suffering from both is far less likely to have the motivation and/or the resources for that matter, to effectively deal with abuse reports that will inevitably come as a result of your planned activities.

A good starting point to check a company in this light is:

• Read the Wikipedia page of the company for general overview and look for criticism / controversy section that is usually at the bottom of the page
• Read through Glassdoor.com management review and for understanding employee moral
• Study financial reports for indicators of financial distress
• Use Linkedin.com to understand employee retention (search for former employees)
• Google searches with “lawsuit” and other relevant keywords
• If the company is a consumer facing company, check out things like consumer complaint sites

If the company is also one that has a dominant position in its market, that will help. A smart researcher, when seeing strong presence of a given IP/ASN, will always ask “where are the competitors of this company in my dataset?”.

If you are planning for massive-scale activity, consider the number of IPs the company holds, and other factors that give your bots plausible deniability for being on top of log-file sorts when researchers are analysing the data.