Current capabilities of JavaScript turns the browser into the perfect host for a botnet agent. It can be compromised through different vectors, offers a wide range of functionalities, provides persistence and storage, communicates freely with many C&C channels, and behaves like a perfect pivoting point for further propagation into the internal network, or anywhere else.
Therefore JavaScript is to be considered as a powerful botnet enabler, deeply interlaced with other underlying technologies, such as HTML5, WebRTC or even local shells, and able to interfere at any level of the botnet lifecycle.
This presentation aims at identifying most of the recent JavaScript-based techniques which have proved to be efficient in the implementation of core botnet capabilities (injection, control, persistence, propagation, and of course operations from the compromised browser), and to show how one could build a 100% javascript botnet able to defeat most of the defenses currently found in today’s IT.
