In the following, we cover the more popular commands implemented in the common bots we have captured in the wild. Presenting all the commands is beyond the scope of this paper, as Agobot comes along with over 90 commands in the default configuration.
start a targa3 flood
* targa3 - 1999 (c) Mixter <firstname.lastname@example.org>
* IP stack penetration tool / 'exploit generator'
* Sends combinations of uncommon IP packets to hosts
* to generate attacks using invalid fragmentation, protocol,
* packet size, header values, options, offsets, tcp segments,
* routing flags, and other unknown/unexpected packet values.
* Useful for testing IP stacks, routers, firewalls, NIDS,
* etc. for stability and reactions to unexpected packets.
* Some of these packets might not pass through routers with
* filtering enabled - tests with source and destination host
* on the same ethernet segment gives best effects.
Anubis Bagle CPanel DCOM DCOM2 Doom DW Ethereal HTTP Locator LSASS NetBios Optix SQL UPNP WKS
webdav ntpass netbios dcom135 dcom445 dcom1025 dcom2 iis5ssl mssql beagle1 beagle2 mydoom lsass_445 lsass_139 optix upnp netdevil DameWare kuang2 sub7
Spam Logic - Send HTML emails
stops the spamming
AOL - starts the spamming
Checks for "PAYPAL" "SET-COOKIE"
(c_join|c_j) [clonenumber] [channel]