200 likes | 348 Views
Uses, Prevention, and Examples. Botnets. Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security world Network of compromised machines that can be remotely controlled. Background. Malware with control. Theoretical Structure.
E N D
Uses, Prevention, and Examples Botnets
Robot Network • Programs communicating over a network to complete a task • Adapted new meaning in the security world • Network of compromised machines that can be remotely controlled Background
Malware with control Theoretical Structure
Result of an unethical Internet Census that infected over 420,000 machines Spatial Distribution
Uses - for Fun and Profit of Course! • Numbers • Power • Information
Typically rented • DDOS (10K – 120K (10-100 Gbps) for $200 per day) • Spamming (SOCKS proxy) • Web traffic Control (unique IP) • Page/Ad views • Likes • Poll Manipulation Numbers
Cheap super computers (sold, rented, or kept for use) • Bitcoin/Dogecoin mining • Storm Botnet (1mil – 50 mil machines), largest at time • BadLepricondistributed by Google Play • GPU ‘idle’ at 180° F Power
May as well • Traffic sniffing, key loggers and other information theft • Self propagation • Happy Hacker, Zeu$ botnet master • Spreading over network • Detection of other botnets presence • The enemy of my enemy is my competitor Information
What makes them bad can be used for good • Hard to remove or disable • Good at hiding/quiet monitoring • Botnets with good intentions fighting botnets • Phalanx, DDOS protection • Nodes of botnet used as protective mailboxes • Pass on information when requested • Computational puzzle to gain access For the Greater Good
Defensive (users, owners) • Offensive (security agencies, research) Prevention
Treat just like malware • Intrusion Detection System • Main target of botnets don’t follow these • Keeping updated • Quality firewall, anti-virus • Other general security measures • Removal, maybe clean install Defensive
Agencies know people think of security last • Research for IDS • Development of “good” botnets • Gun buying programs, better unused • Tracking down botnet masters • Examining bought/captured botnets • Honeypots Offensive
Originally bots, now popular templates • Agobot • SDBot • Global Threat Bot (Fig. 1) Examples
500 know versions • Easy to use, little programming knowledge required • Simple to add commands / vulnerability scanners • Offers rootkit capabilities (process hiding) • If you want it there is a version that has it • Advanced form of traffic sniffing • Packet sniffers / key loggers • Self propagation • DDOS commands • Stripped down lipcpapdll registered as system driver • Utilizes libpcredll to lookout for bot commands Agobot - the multi-tool
Written in very poor C but still widely used • Less sophisticated, smaller instruction set • Similar to Agobot in features • Copies self to all mapped drives and shared network resources • Can update itself which is cool • Bad form of traffic sniffing • Processes hiding • Self replication • Based on windows raw socket listining, listens to own traffic SDBot– the cheaper multi-tool
Distributed as a Trojan over Internet Relay Chat (IRC) networks • Runs in stealth mode with the name mIRC Client • Utilizes a number of mIRC bot scripts • Once installed joins IRC channel and waits for commands • Useful for launching DDOS attacks over IRC networks Global Threat Bot - DDOS tool
Botnets are malware with control (NO ZOMBIES) • Numbers, Power, Information and maybe good uses • Offensive and Defensive prevention • 3 common examples Review
http://www.wired.co.uk/news/archive/2013-05/16/internet-censushttp://www.wired.co.uk/news/archive/2013-05/16/internet-census • https://www.youtube.com/watch?v=2GdqoQJa6r4 - How to Steal a Botnet • https://www.youtube.com/watch?v=A5-ewv3zvrM – How to Make a Botnet • https://blog.damballa.com/archives/330 - DDOS pricing • The good stuff is just a search away, but be weary Links