botnets
TRANSCRIPT
BotnetsMONSTERS OF INTERNET
By : Vishwadeep C. Badgujar | Jalgaon
What is a Bot ( Bot/Botnets/Zombies)
The word bot comes from Robot A network of private computers/devices
infected with malicious software and controlled as a group without the owners' knowledge.
Recent news about bot attacks
BBC website crashed using 300 gbps ddos attacks
Pokemongo game website crashed using 200 gbps ddos attacks
ISPs in Maharashtra are facing DDoS attack
Botnet – 25,000 CCTV Cameras Hacked to launch Ddos Attack
Interesting facts - Bots
60% internet traffic consume by bot worldwide
Group of Bots can crack 1 TB password file into 10 hours , Single computer takes 10 years
Types of Bot
There are two main Communication Protocols used for bot attacks: IRC HTTP
IRC Protocol
IRC Botnets are the predominant version IRC mainly designed for one to many
conversations but can also handle one to one Most corporate networks due not allow any IRC
traffic so any IRC requests can determine and external or internal bot Outbound IRC requests means an already infected computer on the
network Inbound IRC requests mean that a network computer is being
recruited
HTTP Protocol
Due to prevalence of HTTP usage it is harder to track a botnet that uses HTTP Protocols
Using HTTP can allow a botnet to skirt the firewall restrictions that hamper IRC botnets
Detecting HTTP botnets is harder but not impossible since the header fields and the payload do not match usual transmissions
Some new options emerging are IM and P2P protocols and expect growth here in the future
HTTP Botnet Example: Fast-flux Networks
Commonly used scheme
Used to control botnets w/ hundreds or even thousands of nodes
C&C Centralized Model Example
3 Steps of Authentication
a. Bot to IRC Server
b. IRC Server to Bot
c. Botmaster to Bot
bots : How exactly work
Suppose attacker have hash file containing important password. And attacker have one 1 Tb file for password cracking.
He spilt this file into 10000 segments
Wordlist file ( Size 1 TB )
First attacker Spreads bot in vulnerable devices like routers and cctvs. ( most of the cctv are vulnerable coz of default username and passwords)
C & CC & C
Attacker setup C&C server first, then spread bot using C&C server ( Attacker always use Proxy Ip ) Then bots send to vulnerable devices. Then Attacker sends password file segments to bots ( approx each 1 Gb ) Now attackers needs to send command for cracking , As soon as
command sends every bots start working for cracking Hash file. Single computer needs 1 years to crack 1 Tb file So 10000 computer or devices proportionally need 10 hours (approx).
bots : How exactly work
what can botnets do Distributed Denial-of-Service Attacks Sniffing Traffic Keylogging Spreading new malware Installing Advertisement Addons Attacking IRC Chat Networks Create fake website visitors Manipulating online polls/games
Common bot attacks
Denial-of-service
Another popular use of a bot, denial-of-service attacks look to invade a network or an Internet service provider, usually by stealth, in order to disrupt or cripple service. Here, the attacker tries to get as many computers infected as possible in order to have a bigger botnet network.
Spyware Spyware is any malware that can be used to gain information
from its target or targets, anything from passwords and credit card information to the physical data contained within files. These can be lucrative to a bot herder, as they can sell the data on the black market. If a bot herder gains control of a corporate network, these can be all the more lucrative, as they may be able to sell the “rights” to their bank accounts and their intellectual property.
Click fraud
his form of remote control can allow a bot herder to surreptitiously click links on Web sites and online advertising, bolstering numbers for advertisers and producing more money.
Wordlist bruteforce
This type of bot work for cracking passwords using bruteforce methods
Prevention Against Bots
Use best Antivirus software ( Norton/Avast/Avg) and take precautions for auto updates
Always use and enable firewall software Update ur operating system regularly Update ur routers regularly Malwarebytes is best software for bots detections
Present By HackTech | Jalgaon
Institute for Advanced Hacking & Cyber Crime Investigation