Why aren't you finding exploits in botnet CPanels and stealing all their bots and logs to get rich as fuck?

Do it yourself faggot

I am not a neet, i am just asking why NEETs here on Sup Forums with a little too much freetime aren't doing this

bump

>average lone skids are an international mafia like organisation

because anime

if it were the case I'm pretty sure people like Brian Krebs or xylitol would have been killed by now with how much they're disliked

Because even the shittiest panels made by the biggest skids are more or less secure because of modern hand holding framework usage.
Also finding malware is quite hard believe it or not.
>Neat this looks promising
>.NET backdoor that connects to the skids main box and you cant really do anything with it due to .NET being a VM not allowing memory exploits
>mfw

How does xylitol do it then?

There's always some backdoor and sometimes skids use leaked sources of old versions of betabutt or zeus with known vulnerabilities

Krebs goes after big fish and all he's had was shit in plastic grocery bags and heroin from (insert current dominant tor drug market here)
Xylitol hasint been doxed afaik.
Anyway if skids were as dangerous as the original user implied MalwareMustDie should have been executed cartel style long ago.

>Brian Krebs
"Someone pointed me in the direction of [X] and I looked it over. I just discovered a flaw!"
That guy is the biggest fraud around.

Most panels he exploited were from old shitty malware like Andromeda and Athena.
If i heard correctly the authors did not know how to properly webdev and just copy pasted the panels or had even bigger skids help with it.
Im surprised that some zeus panel was actually vulnerable as far as i know Slavik was supposed to have an actual IT degree.
And I'm not familiar with any problems with the betabot panel , the author was actually competent for once.

>>average lone skids are an international mafia like organisation
The real contenders in the world of botnets, literally are mafia like organisations. You're the one who threw skids into the mix.

>Bunch of slavs that leave chat logs and phone numbers in the source files are scary mafia
Frankly hunting down whoever somehow hurt your botnet is not worth the time , since most of the time its possible to set it up again quite fast.
Besides if one somehow manages to cap a blogger it will only attract even more unwanted attention.
>Look they killed a blogger
>Lmao i gotta take down the botnet cuz now its well known in the infosec community

Yeah he isn't a malware researcher I know, I'm just saying that if HE of all people hasn't gotten killed by a hitman yet, i doubt some guy stealing a few bots would.

It's kind of weird too given how much more money there is in malware and botnets compared to drugs where sometimes people die over $1000

>And I'm not familiar with any problems with the betabot panel

Xylitol has a video of some exploit and the working builder has been posted on HH for years

But yeah it is weird how some really shoddily coded shit is making people millions of dollars. Makes me wonder if they've had the right idea all along instead of working like a cuck

I'm not talking about capping a blogger. Some of these guys are millioniares or doing well enough in their shithole countries, that it may mean enough to them to protect their interests. That's all I ever meant to imply. No skids,no Krebs (lol). OP was talking about stealing bots (and therefore, profits) as a get rich scheme. Nobody would waste their time with small time skids would they? Or are you all mongoloids?

>Some of these guys are millionaires

Not most of them, few actually

>implying that huge botnets like zeroaccess or TDL4 have any flaws that can be exploited for an infrastructure takeover.
I bet you know what phishing is and call your self some sort of an infosec expert

>bitcoin mining or click fraud

what's the point of this when banking trojans make millions a month? Zeroaccess seems like a meme botnet

Go ahead nigga make me a botnet that can bypass 2FA with as little user interaction as possible.
Also how would one even laundry the banking bot money ? And most of them don't , maybe one or 2 in the world right now tops, this is not 2007 anymore.

>I am not a neet, i am just asking why NEETs here on Sup Forums with a little too much freetime aren't doing this

You sit on this thread and bump it all day, you're a no life faggot.

>>implying that huge botnets like zeroaccess or TDL4 have any flaws that can be exploited for an infrastructure takeover
>implying I'm implying
That's why I'm saying the whole thing is retarded.

sorry bro chill I'm not an expert or the guy you were originally responding to i'm just curious

Do most banks even have 2fa

Yes it's the standard like everywhere.

fyi the vast majority of botnets don't generate very much profit

How do you figure? I was under the impression they make tons even with

Ok.

Can you then explain how this money was laundered because I'm unsure how people could consistently be stealing hundreds of thousands to millions of dollars from banks and the banks not noticing or reversing the transaction. Did they just funnel it through dozens of accounts and mules in many countries before the main destination?

Were the customers' whose money had been stolen reimbursed?

>You guys are NEETs, arent you? So you have plenty of time to find vulnerabilities
Unfortunately, that's not how crippling depression works.

Most of the time they get reimbursed.
As for laundering i have no god damn clue , they don't steal huge sums from single banks most of those gains(more than 100k) are from like 100 banks around the world in over a year or so.

most of the markets are saturated and competitive, for hire services (ips to rotate your servers onto, ddos, bulk spam, SEO manip) are dominated by large players / people with expertise.

if you want to remain functional & profitable, you need sufficient knowledge to stay ontop of developments in the field. companies are constantly trying to better catch automated traffic.

i don't know much about the average profit w/r/t personal info sales though, that is one area that is probably (~speculation~) reasonably profitable if your net has consistent growth.

I was thinking that maybe only certain banks are actually lenient to be stolen from in this way (similar to how only certain credit card companies are targetted primairly for carding as opposed to all of them)

All this stuff is really interesting, it's like a separate world

>they don't steal huge sums from single banks
Bangladesh and the Phillipines disagree.
en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist

I think he's talking about first world countries.

First world countries' banks first of all don't transfer over $10,000 without stipulation and second don't tend to wire money to foreign countries, let alone huge amounts

Only botnets that have working 0day access or working exploitkit would be valuable but I guess most of the botnets are just .exe spreading clones

I work in a bank as a dev and have talked about these types of attacks with our security for a bit. They do happen all the time, along with various other attacks which cause retarded users to lose their money. And the best ones are getting pretty sophisticated.

Now the bank isn't responsible if the user has displayed gross negligence. What exactly is gross negligence isn't really well defined, like any other shit in banking. Yes there are compliance and legal shit you gotta follow but no one actually knows what it actually means so legal just comes up with something they feel that fits into all the rules. For us it means quite often "no, you can't do this". Anyway this means that pretty much anything short of straight up giving their login/2fa details to someone we won't take them to court most of the time.

It all goes case by case and depends hugely on how much monetary losses were there. Absolutely no point fighting over 3k in court if there is absolutely no clear indication they fucked up and we can absolutely show it. Obviously if they had lost huge sums of money we might be more likely to fight for it even if it weren't as clear cut.

...

>Now the bank isn't responsible if the user has displayed gross negligence

How can being a victim of fraud not be the bank's responsibility?

Basically i'm asking if a customer had lost a lot of money to this malware, would he almost always be reimbursed? Isn't that what bank's liability and insurance for?

Because getting hit by a 0day exploitkit and getting your money stolen then being told "Sorry you just lost your life savings bro, not going to refund you' seems a little bit ridiculous

>gross negligence
what you described isn't gross negligence, the user did everything correctly so the bank has no legal basis to dispute.

So how often does this shit happen?

Just reading wikipedia articles and blogs it seems like shit is an hourly occurrence. Also some articles say "Infecting multiple financial institutions", does that mean some malware is literally infecting the actual bank networks? what if fraud happens from that angle?

Whats the point of wasting time on botnets if m$ pay 100k $ for documented 0days in windows?

Google in cali pays like 120k $/year and you have wage slave 40+ h/week

then its better to just find one 0day/year

amIright?

motherboard.vice.com/read/cybersecurity-researchers-are-hunted-from-all-sides

>Cybersecurity researcher Peter Kruse, founder of CSIS Security Group in Denmark, thought his mother was calling. Her number appeared on his phone, but when he answered, it wasn’t her. Instead, a male voice told him to stop what he was doing as a computer expert.

because people make several times this a month from botnets

>what if fraud happens from that angle?
obviously the banks fault
but i doubt attacks that steal money from banks directly are even remotely common, these mentioned attacks are probably small information leaks or things like that.
I would guess that the vast majority of infected PCs are not to 0days, even if you always keep your software up-to-date(which certainly isn't always the case) you can simply download a malicious executable and boom you're infected. Also phishing is huge and highly effective.
good luck, windows is terrible but that's not because it's easy to find 0days

So are you always reimbursed for this short of literally giving your login away?

Because quite frankly after reading about all of this stuff i'm getting a little scared.

>good luck, windows is terrible but that's not because it's easy to find 0days

Explain? Because this seems like a legit way to make money, and you're actually helping society too

its hard to find 0day and you they would pay several times more on black market

They would pay you hundreds of thousands of dollars for an 0day exploit on some chinese/russian forum?

Kind of skeptical of that, they'd probably just take it and then not pay you anything

>Anyway this means that pretty much anything short of straight up giving their login/2fa details to someone we won't take them to court most of the time.
Consider the massive amount of normies who've never heard of "executables" or ".exe files" and will happily download and run registrybooster.exe
those are the target, not you.
>They would pay you hundreds of thousands of dollars for an 0day exploit on some chinese/russian forum?
of course, they can make millions from it.

there are legal companies that pays reschearchers for 0days and resell it to govs, there is atleast one in europe but I do not remember name, something with V

kek

So are we safe or not then?

I try to be as security-conscious as i can be as a typical Sup Forums fag but after reading a lot of this malware shit I am getting scared.

Are we safe for the most part? or do we have to constantly be scared of our life savings getting stolen?

Did you even read the fucking post.

Pretty much anything short of them straight up giving their login information gets reimbursed. Especially since most of the time it's only a few thousand dollars. No one really knows what really counts as gross negligence since pretty much only the slam dunk cases ever get to court. There's also the case of PR to keep in mind, no point in going after 3500 dollars when a short facebook post or a ranting news article about how banks are after the little guy in a newspaper can cause way more in losses.

Getting hit by a 0day isn't a case if gross negligence.

Attempts happen all the time. I'm not sure how successful they are but I do know that our systems ask for SMS confirmation to any larger transactions pretty eagerly.

>Are we safe for the most part?
you are completely safe as long as you don't do something really stupid like accessing your bank account from a public computer(i. e. library, internet cafe etc.) or something from the sort. Even if you do, it's very unlikely that your shit will get stolen, and even more unlikely that your back won't reimburse you

But there's so much different bank malware and exploitkits it seems. They usually steal smaller amounts don't they? Not like cleaning your entire shit at once

They steal smaller amounts because any sensible bank will block, or at least ask for confirmation on, large suspicious transactions, especially if they are going abroad.

Also there are plenty of bank malware and exploits but as user already said it's mostly targeted to the crowd who will download anything an email/website with awful grammar tells them to.

ah okay thanks for clearing that up at least

because NEETs are stupid... that's why they're NEETs

what kind of a dumb question is this

>You guys are NEETs
Says who?