1 / 13

B O T N E T By Dinesh Kumar Hewlett Packard

B O T N E T By Dinesh Kumar Hewlett Packard. 4 th August 2012. Overview. What are botnets? Terminology Security Threats How it works ? How are they spread What Are Botnets Being Used For ? Topology Bot Attack Strategy Preventing Botnet Infections.

daw
Download Presentation

B O T N E T By Dinesh Kumar Hewlett Packard

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. B O T N E T By Dinesh Kumar Hewlett Packard 4th August 2012

  2. Overview • What are botnets? • Terminology • Security Threats • How it works ? • How are they spread • What Are Botnets Being Used For? • Topology • Bot Attack Strategy • Preventing Botnet Infections

  3. What Are Botnets? • Botnets are networks of malware infected machines or Zombies, capable of being controlled by a remote attacker. • A Bot is a malicious software that enables cyber criminals to control your computer. These criminals use Command and Control (C&C) servers to remotely takeover your computer and execute illegal activities.

  4. Botnet Terminology • Bot Herder : The attacker controlling the malicious network (also called a Botmaster). • Bot: A small program to remotely control a computer. compromised computers under the Bot herders control (also called zombies, or drones). • Command and Control (C&C) channel: The communication channel over which the Botmaster communicates with and issues commands to the bots • Bot client: The malicious Trojan installed on a compromised machine that connects it to the Botnet.

  5. Botnet Security Threats • 88% of all spam is thought to originate from botnets • 160 billion spam messages per day! • There are approximately 5 million spam sending botnets worldwide • Internet users are getting infected by bots • 50% of fortune 1000 companies were compromised by the data stealing botnet, Mariposa • Today 16-25% of the computers connected to the internet are members of a botnet • In this network bots are located in various locations • It will become difficult to track illegal activities • This behavior makes botnet an attractive tool for intruders and increase threat against network security

  6. How it works ?

  7. Popular Botnets Propagation Methods

  8. What Are Botnets Being Used For? • Privacy: Stealing User name & password, serial no, financial information, personal information, information harvesting • Mining: Reading a user’s clipboard • Attacks : Distributed Denial of Service (DDOS) attack • Hosting: Set up a web server presumably for phishing • Other Goals : SPAM relays, Adware, click fraud • Making Additional Income!!!

  9. Topology • Based on C&C channels, there are two typical botnettopologies: • Centralized - Communication between attacker and zombies goes via centralized server Ex: IRC (Internet Relay Chat) • Decentralized (P2P) - P2P (peer-to-peer) communication • zombies talking to each other • no central server • Now shifting to HTTP based Botnet

  10. Bot Attack Strategy • Recruitment of the agent network • Finding vulnerable systems • Bot herder sends viruses, worms, etc. to unprotected PCs • Direct attacks on home PC without patches or firewall • Indirect attacks via malicious HTML files that exploit vulnerabilities especially in MS Internet Explorer) • Malware attacks on peer-to-peer networks • Controlling the agent network • Direct, Indirect commands • Binary starts and attempts to connect to the hard-coded master IRC server • Dynamic DNS name can be used to allow the server to move around • Updating malware • Unwitting agents

  11. Preventing Botnet Infections • Protecting the network from a botnet’s many attack vectors requires “Defense in Depth.” • Use a Firewall • Patch regularly and promptly • Use Antivirus (AV) and Anti-spyware software • Deploy an Intrusion Prevention System (IPS) and IDS to watch for: • IRC/P2P activity • DOS traffic coming from the network • Attacks coming from the network • Implement application-level content filtering • Define a Security Policy • Share Policies with your users systematically and educate the end users

  12. Conclusion • Botnets pose a significant and growing threat against cyber security • It provides key platform for many cyber crimes (DDOS) • As network security has become integral part of our life and botnets have become the most serious threat to it • It is very important to detect botnet attack and find the solution for it

  13. Email : jdineshkumar@gmail.com

More Related