Rewriting the Zeus Botnet in Python!!

[somegrass]

I'm considering converting/rebuilding the Zeus botnet in python and hosting it as an open source python project. Is there any support for this? BTW, the reason I want to do this is to increase development time(python programming tends to be far faster than c++) and to expand the capabilitys of the Zeus framework(I.e. embed a javascript or lua scripting engine, bitcoin mining, exploit database, etc.) I also want to make a large move toward peer to peer networking. Any comments, questions, support, etc.. would be amazing!! And let me know if anyone is interested in getting involved!

[Stackprotector]

Do you have any clue what zeus is ?, do you have any clue what mallware programming is?

[somegrass]

I'm going to reply to that with a simple yes to both. What's your point?

[Stackprotector]

Zeus is not some kind of hacking tool/bot. It is used by big crime organizations and loads of CCers. Writing this in python would take all the power away from zeus.  Unless you are going to convert everything to the python c libs, but that is just plain stupid.

Python  is for scripting, not for programming a huge enterprise virus. You might script a server, but not the bot.

[somegrass]

Python is perfectly legitimate language to write a botnet in. There is very little you can c++ that you can't do in python and then py2exe into an executable. In fact its a better language to write a botnet in.

[Stackprotector]

I am just advising you, you don't have to listen to me. Tough i advise you to . 

Just try it, but i will say, c++ runs much lower than python. Python is written in c/c++. You will learn much more from writing this in c/c++ than in python.

" In fact its a better language to write a botnet in."  Die please .

[bluechill]

Python is perfectly legitimate language to write a botnet in. There is very little you can c++ that you can't do in python and then py2exe into an executable. In fact its a better language to write a botnet in.

You're wrong.  I know both extremely well.  Python is not a good language for anything but scripting minor stuff.  You can script web servers or servers in it but that's about it in my opinion.  C++ is a way better language for rewriting malware in.  Python does not have support for process obfuscation very easily.  Python is also very easy for antivirus to spot and eliminate because it's an interpreted language.  C++ is a lot easier to obfuscate and prevent from being detected than python is even though obfuscation is hard anyways.  If you really want to do this, you *will* fail.  Not a you *might* but a you *will*.  So please, do us a favor and learn more before declaring idiotic things.  Thank you.

[geXXos]

   Python is not a good language for anything but scripting minor stuff. 

Care to elaborate ?

[somegrass]

Ah. You make good points. *I tip my hat to you sir* And although I also consider myself to be very good at both languages granted, I am relatively new to malware writing. Also, thank you for not being so brutal. Anyway, the question then becomes, how unfesible would it be to extend the framework with say an ironpython dll. (I admit, I am of the opinion that there are very few projects that can't be done far faster with python.)

[bluechill]

Ah. You make good points. *I tip my hat to you sir* And although I also consider myself to be very good at both languages granted, I am relatively new to malware writing. Also, thank you for not being so brutal. Anyway, the question then becomes, how unfesible would it be to extend the framework with say an ironpython dll. (I admit, I am of the opinion that there are very few projects that can't be done far faster with python.)

What you would have to do is create your own python interpreter with the source code hard coded and then compile that all into an executable yourself.  (write the interpreter in C++ or something).  Basically it's so much more work than just using C++ it's so unfeasible that I would never even attempt to do it.

Care to elaborate ?

That's just my opinion.  I can't think of anything which isn't faster and easier to do in C++ than some minor scripting stuff.  I'm talking about advanced things btw.  Python is great for minor, non-advanced, stuff like simple brute forcers, simple servers, etc. but when you get to stuff like malware writing and extendible plugins it's easier to just use C++ or C as you can always use SWIG for plugins in languages such as python, java, etc. I would never use anything but C++, C, or Obj-C for the base language of a plugin-based program.  However, this is my opinion, it can be done.  I just personally think it's a lot harder and messier.

[geXXos]

@bluechill
Thank you for the explanation.

[Ragehottie]

Python is not only good for small scripts. It can be used for very large projects, even full 3d games. I will, however agree that c/++ is better for a botnet. Wayyy better. But go for it. It will be a good learning experience.

[bluechill]

Python is not only good for small scripts. It can be used for very large projects, even full 3d games. I will, however agree that c/++ is better for a botnet. Wayyy better. But go for it. It will be a good learning experience.

It *can* be but they're usually very slow and usually a lot more trouble than just using Open GL directly in C or C++.

[centizen]

Yeah, python is a great prototyping tool; but Java or C#/C++ is a far better option for writing malware.


At one point I wrote a keylogger in python; which was near useless due to the fact that the target either needed a python interpreter already or I needed to slipstream it into an .exe which usually ended up around 7mb's in size. It just made it too unwieldy to be used in any real situation.


With Java or C*; your program becomes machine code/bytecode, which is a lot better than interpreting commands. Since most malware works simply by leveraging issues in the windows API, there is just no reason to want to use python except ease of initial programming. 

[Kulverstukas]

Yeah, python is a great prototyping tool; but Java or C#/C++ is a far better option for writing malware.


At one point I wrote a keylogger in python; which was near useless due to the fact that the target either needed a python interpreter already or I needed to slipstream it into an .exe which usually ended up around 7mb's in size. It just made it too unwieldy to be used in any real situation.


With Java or C*; your program becomes machine code/bytecode, which is a lot better than interpreting commands. Since most malware works simply by leveraging issues in the windows API, there is just no reason to want to use python except ease of initial programming. 

The keylogger might be of some use on Linux boxes where python is usually pre-installed.