botnets
DESCRIPTION
Uses, Prevention, and Examples. Botnets. Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security world Network of compromised machines that can be remotely controlled. Background. Malware with control. Theoretical Structure. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/1.jpg)
BotnetsUses, Prevention, and Examples
![Page 2: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/2.jpg)
Background• Robot Network
• Programs communicating over a network to complete a task
• Adapted new meaning in the security world
• Network of compromised machines that can be remotely controlled
![Page 3: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/3.jpg)
Theoretical Structure• Malware with control
![Page 4: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/4.jpg)
Not Zombies, Servants
![Page 5: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/5.jpg)
Spatial Distribution• Result of an unethical Internet Census that infected over 420,000
machines
![Page 6: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/6.jpg)
Uses - for Fun and Profit of Course!
• Numbers
• Power
• Information
![Page 7: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/7.jpg)
Numbers• Typically rented
• DDOS (10K – 120K (10-100 Gbps) for $200 per day)
• Spamming (SOCKS proxy)
• Web traffic Control (unique IP)o Page/Ad viewso Likeso Poll Manipulation
![Page 8: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/8.jpg)
Power• Cheap super computers (sold, rented, or kept for use)
• Bitcoin/Dogecoin mining o BadLepricon distributed by Google
Playo GPU ‘idle’ at 180° F
o Storm Botnet (1mil – 50 mil machines), largest at time
![Page 9: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/9.jpg)
Information• May as well
• Traffic sniffing, key loggers and other information theft
• Self propagation o Spreading over networko Detection of other botnets presenceo The enemy of my enemy is my competitor
o Happy Hacker, Zeu$ botnet master
![Page 10: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/10.jpg)
For the Greater Good• What makes them bad can be used for good
o Hard to remove or disableo Good at hiding/quiet monitoringo Botnets with good intentions fighting
botnets • Phalanx, DDOS protection
o Nodes of botnet used as protective mailboxes
o Pass on information when requestedo Computational puzzle to gain access
![Page 11: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/11.jpg)
Prevention• Defensive (users, owners)
• Offensive (security agencies, research)
![Page 12: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/12.jpg)
Defensive• Treat just like malware
• Intrusion Detection System
• Main target of botnets don’t follow these
o Keeping updatedo Quality firewall, anti-viruso Other general security measures
o Removal, maybe clean install
![Page 13: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/13.jpg)
Offensive• Agencies know people think of security last
• Research for IDS
o Development of “good” botnetso Gun buying programs, better unused o Tracking down botnet masters
o Examining bought/captured botnetso Honeypots
![Page 14: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/14.jpg)
Exampleso Agoboto SDBoto Global Threat Bot (Fig. 1)
• Originally bots, now popular templates
![Page 15: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/15.jpg)
Agobot - the multi-tool
• 500 know versions• Easy to use, little programming knowledge required• Simple to add commands / vulnerability scanners• Offers rootkit capabilities (process hiding)• If you want it there is a version that has it
• Advanced form of traffic sniffing
o Packet sniffers / key loggers o Self propagation o DDOS commands
o Stripped down lipcpap dll registered as system driver
o Utilizes libpcre dll to lookout for bot commands
![Page 16: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/16.jpg)
SDBot – the cheaper multi-tool
• Written in very poor C but still widely used• Less sophisticated, smaller instruction set• Similar to Agobot in features
• Copies self to all mapped drives and shared network resources
• Can update itself which is cool • Bad form of traffic sniffing
o Processes hidingo Self replication
o Based on windows raw socket listining, listens to own traffic
![Page 17: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/17.jpg)
Global Threat Bot - DDOS tool
• Distributed as a Trojan over Internet Relay Chat (IRC) networks
• Runs in stealth mode with the name mIRC Client
• Utilizes a number of mIRC bot scripts
• Once installed joins IRC channel and waits for commands
• Useful for launching DDOS attacks over IRC networks
![Page 18: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/18.jpg)
Review• Botnets are malware with control (NO ZOMBIES)
• Numbers, Power, Information and maybe good uses
• Offensive and Defensive prevention
• 3 common examples
![Page 19: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/19.jpg)
Links• http://www.wired.co.uk/news/archive/2013-05/16/internet-census• https://www.youtube.com/watch?v=2GdqoQJa6r4 - How to Steal a
Botnet• https://www.youtube.com/watch?v=A5-ewv3zvrM – How to Make
a Botnet• https://blog.damballa.com/archives/330 - DDOS pricing• The good stuff is just a search away, but be weary
![Page 20: Botnets](https://reader035.vdocument.in/reader035/viewer/2022062812/568163e9550346895dd55a2c/html5/thumbnails/20.jpg)
Q&A