ESET Article Sample

Bflient is a commercial kit that is sold to criminals to enable them to create and maintain botnets. Each customer receives a custom version of the kit in order to distinguish one customer from another. Once his purchase is configured and deployed, the customer can command his botnet to perform the usual tasks, such as launching a DDoS (Distributed Denial of Service attack), infect other computers, and most importantly, download and install dubious software at will.

For security researchers, it is often hard to monitor the entire lifecycle of a botnet, from its creation to its day-to-day activity and, hopefully, its takedown. There are so many botnets and so many malware families out there, it is simply impossible to track them all. But sometimes we get lucky and witness a botnet creation or a merger/acquisition. This fall, we saw two Peerfrag botnets entirely drop their 'management' software in favor of a newer model, Bflient.k. This allowed us to learn more about how botnet owners work.