Botconf Author Listing

Ivan Korolev

Last known affiliation: Doctor Web, Ltd.

Date: 2019-12-04
Unrevealing the Architecture Behind the Counter-Strike 1.6 Botnet: Zero-Days and Trojans
Ivan Korolev 🗣 | Igor Zdobnov 🗣

Abstract (click to view)

The Belonard Botnet was designed to promote servers in Counter-Strike 1.6. In order to achieve that, the botmaster employed the Belonard Trojan, which was spread via malicious game server; an infected pirated build of the Counter-Strike 1.6 client distributed online; and exploits of several RCE vulnerabilities inside the Counter-Strike 1.6 client, from which two are zero-days in the official steam version. Its main objective was to create a botnet from CS 1.6 clients where each infected machine would create fake servers that redirect players to the malicious master server. The Belonard Trojan registered a total of 1,951 fake servers, taking 39% of all game servers on steam. In our presentation, we will disclose the vulnerabilities of the Counter-Strike 1.6 client used by Belonard, uncover its architecture, inner workings and describe the shutdown process.

Scroll to Top