Unrevealing the Architecture Behind the Counter-Strike 1.6 Botnet: Zero-Days and Trojans
The Belonard Botnet was designed to promote servers in Counter-Strike 1.6. In order to achieve that, the botmaster employed the Belonard Trojan, which was spread via malicious game server; an infected pirated build of the Counter-Strike 1.6 client distributed online; and exploits of several RCE vulnerabilities inside the Counter-Strike 1.6 client, from which two are zero-days in the official steam version. Its main objective was to create a botnet from CS 1.6 clients where each infected machine would create fake servers that redirect players to the malicious master server. The Belonard Trojan registered a total of 1,951 fake servers, taking 39% of all game servers on steam. In our presentation, we will disclose the vulnerabilities of the Counter-Strike 1.6 client used by Belonard, uncover its architecture, inner workings and describe the shutdown process.