Electronic Jihad

Last week, we came across a very interesting piece of software that mixes freedom of speech, network security, and religion.  This software is called “e-Jihad” and is freely distributed on the Internet.  This software is used to let the owner of a computer give control of his system to the creator of e-Jihad.  The makers of e-Jihad can then use a network of “zombies” to attack web sites and other Internet servers.

After installing e-Jihad, the user is asked for a username and password that is sent to a central web server.  If the user doesn’t have a username yet, he can register a new one; he can even enter the username of the person who invited him to e-Jihad.  The software receives “orders” from the central server and can be instructed to either initiate a large number of queries on a web server or flood a server with “ping” requests.  The software is also programmed to keep count of the amount of time that the computer is made available for attacks and potentially rewards user with high amounts of time.

Analysis of the e-Jihad software shows that the programmer who created it is not a professional malware creator.  The queries to the command and control server are easy to spot and are even sent in clear text (leaving username and passwords easily readable for anyone listening on the wire).  Furthermore, the user agent that is used when attacking a web server is “Attacker”, showing that stealth is not an issue for the creators.  The only difficulty in reverse engineering this program was that all text messages in it were written in Arabic.

People installing this software are running a great risk:  Not only are they giving control of their computer to somebody they don’t know, they also run the risk of a third-party taking control of the e-Jihad network and having their computer used for any other purpose.

SETI@home and Folding@home have already demonstrated how distributed computing power can be harnessed on a voluntary basis for good. Virtually anything that can be used for good can be abused for bad. One of the reasons bots are considered harmful is because they run surreptitiously in the background, stealing a computer’s resources, reducing its reliability and security and being used for criminal purposes.  E-Jihad is an example of an opt-in botnet used for malicious purposes. People who opt-in to e-Jihad make themselves responsible of any action that is performed using their computer system.  They may be subject to legal prosecution for intentional participation in criminal activities.

Pierre-Marc Bureau

Author Pierre-Marc Bureau, ESET

  • CurtW

    Do you have a commands list we could use to generate snort rules? I’d like to catch any of this crap on our network and the people that might be involved. Thanks in advance for any extra info.

  • Hi CurtW,

    The command and control server that was used by the version 2.0 of e-Jihad is now down. Since the server’s name was hard coded in the program, this means that even if the program is installed on a machine, it will not be able to register and get any orders. We will keep you advised if we find any new version!

Follow us

Copyright © 2017 ESET, All Rights Reserved.