Skip navigation.

Jitko a tool to turn any Javascript enabled browser into a component of a botnet

It seems that the Javascript botnet code that was announced at Shmoocon last month has been leaked.

The code known as Jitko was designed to turn any Javascript enabled browser into a component of a botnet. Written by Billy Hoffman from Spy Dynamics the code was presented at Shmoocon, the code was placed unprotected on a publicly visible web server where eagle-eyed conference goers where able to copy the URL and download a copy of the code for themselves.

When originally announced at Shmoocon Jitko created a little stir in the Security community as the code serves no purpose other than prove that you can turn any web browser with Javascript enabled into a botnet component. At the time Billy said that he would not release the code. This served as an indication that there was no legitimate use for the code, releasing it would probably result in it or variants being adapted by the not so legit element of the security community into being used offensively.

The version that is now floating around has been modified by various people as it has been passed about, however it looks like the bulk of the code is the same. According to Billy it seems that someone called LogicX managed to grab the initial copy of the code from the server hosting it.

go here for info & code:


A contributer sent me this
Scmoocon Video of Hoffman's Talk

Which seems to be informative.