Upload File

what is botnet?

13
WHAT IS BOTNET? Milan Petrásek 21/5/2014

Upload: milan-petrasek

Post on 22-Nov-2014

503 views

Category:

Technology


0 download

Report

DESCRIPTION

Info about botnet, summary, history, technology and future

TRANSCRIPT

Page 1: What is botnet?

WHAT IS BOTNET?

Milan Petrásek

21/5/2014

Page 2: What is botnet?
Page 3: What is botnet?

Content

• Introduction

• Star and multiserver topology botnets

• Hierarchical topology botnets

• Random topology botnets

• Types of attacks

• Famous botnets through history

• Summary

Page 4: What is botnet?

Intro - terms BOT or „zombie“. Short for roBOT. NET short for interNET Botnet a lot of infected computers Bot Herder or „bot master“ can control

the botnet remotely C&C Server command-and-control centre

for botnet managing

Page 5: What is botnet?

Star and multiserver topology

Page 6: What is botnet?

Hierarchical topology

Page 7: What is botnet?

Random topology

Page 8: What is botnet?

Types of attacks • Distributed denial-of-service (DDoS) • Adware advertises • Spyware • E-mail • Click fraud • Fast flux • Brute-forcing remote machines services • Worms • Scareware • Exploiting systems

Page 9: What is botnet?

Famous botnets through history • 2001 – First Botnet

(http://www.bizjournals.com/atlanta/stories/2002/07/22/story4.html?page=all)

• 2005 Torpig • 2006 Virut • 2007 Zeus – one of the biggest (compromised U.S. computers: 3.6

million) • 2007 Storm • 2008 Conficker • 2008 Grum • 2008 Lethic • 2008 Mariposa • 2009 SpyEye • 2010 Waledac • 2011 ZeroAccess • 2012 FlashFake (Mac OS X) • 2012 Jeef • 2012 Smoke

http://www.bizjournals.com/atlanta/stories/2002/07/22/story4.html?page=all
http://www.bizjournals.com/atlanta/stories/2002/07/22/story4.html?page=all
http://www.bizjournals.com/atlanta/stories/2002/07/22/story4.html?page=all
http://www.bizjournals.com/atlanta/stories/2002/07/22/story4.html?page=all
http://www.bizjournals.com/atlanta/stories/2002/07/22/story4.html?page=all
http://www.bizjournals.com/atlanta/stories/2002/07/22/story4.html?page=all
http://www.bizjournals.com/atlanta/stories/2002/07/22/story4.html?page=all
http://www.bizjournals.com/atlanta/stories/2002/07/22/story4.html?page=all
Page 10: What is botnet?

Summary • Botnets are serious problem today

– Malware as a Service

• Bleak future awaiting us – Mobile botnets on the rise

– Internet of Things botnets

Page 11: What is botnet?

IoT Botnet

Internet of Things botnets

In December 2013 a researcher at Proofpoint noticed that hundreds of thousands of malicious emails logged through a security gateway had originated from botnet that included not only computers, but also other devices – including SmartTV, a refrigerator and other household appliances.

IoT worm used to mine cryptocurrency – worm Linux.Darlloz

http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency

Infecting DVRs with Bitcoin-mining malware even easier than you suspected

http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/

http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
http://arstechnica.com/security/2014/05/infecting-dvrs-with-bitcoin-mining-malware-even-easier-you-suspected/
Page 12: What is botnet?

QUESTIONS?

Page 13: What is botnet?

Resources

• http://en.wikipedia.org/wiki/Botnet

• http://www.welivesecurity.com/2011/06/27/tdl-tracking-peer-pressure/

• http://www.abuse.ch/?p=3499

• http://www.securelist.com/en/analysis/204792227/The_anatomy_of_Flashfake_Part_1

• http://www.networkworld.com/news/2009/072209-botnets.html

• Fortinet – White Paper: „Anatomy of a Botnet“

• Fortinet – 2013 Cybercrime Report

• Gunter Ollmann, VP of Research, Damballa Inc. – Botnet Communication Topologies

http://en.wikipedia.org/wiki/Botnet
http://www.welivesecurity.com/2011/06/27/tdl-tracking-peer-pressure/
http://www.welivesecurity.com/2011/06/27/tdl-tracking-peer-pressure/
http://www.welivesecurity.com/2011/06/27/tdl-tracking-peer-pressure/
http://www.welivesecurity.com/2011/06/27/tdl-tracking-peer-pressure/
http://www.welivesecurity.com/2011/06/27/tdl-tracking-peer-pressure/
http://www.welivesecurity.com/2011/06/27/tdl-tracking-peer-pressure/
http://www.welivesecurity.com/2011/06/27/tdl-tracking-peer-pressure/
http://www.welivesecurity.com/2011/06/27/tdl-tracking-peer-pressure/
http://www.welivesecurity.com/2011/06/27/tdl-tracking-peer-pressure/
http://www.welivesecurity.com/2011/06/27/tdl-tracking-peer-pressure/
http://www.welivesecurity.com/2011/06/27/tdl-tracking-peer-pressure/
http://www.abuse.ch/?p=3499
http://www.abuse.ch/?p=3499
http://www.securelist.com/en/analysis/204792227/The_anatomy_of_Flashfake_Part_1
http://www.securelist.com/en/analysis/204792227/The_anatomy_of_Flashfake_Part_1
http://www.securelist.com/en/analysis/204792227/The_anatomy_of_Flashfake_Part_1
http://www.networkworld.com/news/2009/072209-botnets.html
http://www.networkworld.com/news/2009/072209-botnets.html
http://www.networkworld.com/news/2009/072209-botnets.html
http://www.networkworld.com/news/2009/072209-botnets.html

Your Botnet is My Botnet: Analysis of a Botnet Takeover · our results to IP-based techniques that are commonly used to esti-mate botnet populations. Second, Torpig is a data harvesting

Improve DDoS Botnet Tracking With Honeypots - …...DDoS botnet tracking •It’s aimed to learn botnet assisted DDoS attacks –4w: who is being attacked by what botnet families

ZEUS BOTNET DEFINED Samuel Egiefameh Advisor: Dr. Willie ...€¦ · Zeus uses a botnet to create and distribute bots to its victims. A botnet (also known as a zombie army) is a number

How to confuse a port scanner - icecube.wisc.edumnewcomb/cs838-zmap.pdf · Your botnet is my botnet: analysis of a botnet takeover CCS '09 Proceedings of the 16th ACM conference on

Botnet ppt

Étude des réseaux de logiciels malveillants - Ensiwiki · • Your Botnet is My Botnet: Analysis of a Botnet Takeover • Université de Californie . Références 19 Etude des réseaux

Botnets - pbg.cs.illinois.edupbg.cs.illinois.edu/courses/cs598fa09/slides/23-Imranul.pdf · • Your Botnet is My Botnet: Analysis of a Botnet Takeover. Brett Stone-Gross, Marco Cova,

Your Botnet is My Botnet: Analysis of a Botnet Takeoverebk2141/teaching/csci599-sp13/papers/... · 2017-09-05 · as scanning or long-lived IRC connections) [24]. While the analy-sis

Botnet slide

Botnet detection using correlated anomalies · deals with machine learning techniques and algorithms used for training botnet ... Botnet detection faces a number of ... Botnet detection

Cybersecurity A critical component for Emergency Management Conferenc… · Cybersecurity – A critical component for Emergency ... Your Botnet is My Botnet: Analysis of a Botnet

Gorynch botnet

Your Botnet is My Botnet: Analysis of a Botnet Takeover · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin

Botnet Architecture

Your Botnet is My Botnet: Analysis of a Botnet TakeoverWhile botnets have been “hijacked” and studied previously, the Torpig botnet exhibits certain properties that make the analysis

cloud - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/cloud.pdf · cloud computing & e-crime ... [Your Botnet is My Botnet: Analysis of a Botnet Takeover, 2009

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets

Your Botnet is My Botnet: Analysis of a Botnet Takeoverchris/research/doc/ccs09_botnet.pdf · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett ... (such as bank account

How to Steal a Botnet and What Can Happen When You Do · How to Steal a Botnet and What Can Happen When You Do Security Group Department of Computer Science University of California,

Your Botnet is My Botnet: Analysis of a Botnet Takeover · vice (DNS), as bots typically resolve domain names to connect to their command and control infrastructure. Therefore, by

Botnet Communication Patterns · This article is the accepted version of ”Botnet Communication Patterns” in the journal ”Communications Surveys & Tutorials”

Part One - What is a Botnet?

Botnet Tutorial

Paper Presentation - "Your Botnet is my Botnet : Analysis of a Botnet Takeover"

Botnet zombies

Your Botnet is My Botnet: Analysis of a Botnet Takeoverchris/research/doc/ccs09... · 2020-06-06 · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett Stone-Gross, Marco

Mariposa Botnet

Botnet Dection system. Introduction Botnet problem Challenges for botnet detection

Botnet hálózatok jellemzői, a Zeus botnet valós képességei, lehetőségei

Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer,

Tracing Botnet in Taiwan - FIRST Botnet Analysis Module (BAM) – C&C Tracer – Botnet Tracer The Botnet in Taiwan – Case Study Ⅰ IRC Botnet ... Tracing Botnet in Taiwan Author:

Botnet Infiltration

Roadrunners Botnet

Worms and Bots - Stanford University · Slide: S Savage. 29 Content sifting ... • Botnet • Fast Flux • Worm Generation 2 • Underground Economy. What is a botnet ? botmaster

Botnet Classification