What you will need to use it?
- You need access to linux machines(specially from china, doing brute force from compromised machines do not go down) or If you are a coder(PHP) you can adapt the brute force to work on windows as well(personally I do it from linux machines, oh boy I have a lot).
- You need to know to install a mysql database, some PHP.
- Some money to invest in the database server where are the logs will come.
- This botnet required human interaction, is not AUTOMATED. I DO plan to make all things I do manually daily but I just don't have the time.
- And also you need time
. Once you get the drill things became more easier and faster.What my botnet does:
- All the logs are sent via mysql and collected from a web interface from a STABLE machine(you need to invest to buy one somewhere on an island or somewhere where they can't take it down), because someone will be very interested to take down that specific machine.
- SMTP/POP3 brute force globally, I get around 1000-1500 compromised accounts daily, however only a few hundred are valid(which they actually sent emails) and kind of 100 of them are hitting the inbox on all webmails. I do use only inbox SMTPs while I do spam.
- Bash sender from SMTPs is actually the PHPMailer from github modified to send from list of hundred SMTPs in multi-threading mode(works only on Ubuntu machines, I couldn't figure out how to make on other distributions but personally I don't care, I have about 10k comprimised unix machines and I just pick a few Ubuntu machines while I do send.)
- POP3 Email extractor from compromised accounts, I do send emails only from actually extracted from real email accounts with semi complex password, I don't even bother extracting emails from a POP3 with username info password info because they are already spammed, is useless.
What are my results?
- Well my smtps list is always between 2000-3000 SMTPs that are sending emails, I do send about 100k-200k per day and depending by scheme I do make around 500-1000$ per day.
- I do brute force globally with a few hundred on ssh, a few hundred for pop3, a few hundred for smtps. As I said... You really need access somehow to machines and specially from china! Doing brute force from another country never worked for me. The more machines you have on brute force, the more results you get... right?
- I do send at VERY slow rate, and very small number on each SMTP. I did test it, I tried to send 1 million emails and high rate and 100-200k at slow rate and the profit that I made is kind of the same however sending at high rate the chance for SMTP to go down incrase so is better to send slower and BETTER than faster are pretty bad. It was tested...
EDIT: This post was written in rush so there are a lot details that are not specified but feel free to ask anything... the price I guess will be between 300$-500$, this is not a rocket science but is working... at least for me.