1 / 20

Botnets

Uses, Prevention, and Examples. Botnets. Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security world Network of compromised machines that can be remotely controlled. Background. Malware with control. Theoretical Structure.

ishi
Download Presentation

Botnets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Uses, Prevention, and Examples Botnets

  2. Robot Network • Programs communicating over a network to complete a task • Adapted new meaning in the security world • Network of compromised machines that can be remotely controlled Background

  3. Malware with control Theoretical Structure

  4. Not Zombies, Servants

  5. Result of an unethical Internet Census that infected over 420,000 machines Spatial Distribution

  6. Uses - for Fun and Profit of Course! • Numbers • Power • Information

  7. Typically rented • DDOS (10K – 120K (10-100 Gbps) for $200 per day) • Spamming (SOCKS proxy) • Web traffic Control (unique IP) • Page/Ad views • Likes • Poll Manipulation Numbers

  8. Cheap super computers (sold, rented, or kept for use) • Bitcoin/Dogecoin mining • Storm Botnet (1mil – 50 mil machines), largest at time • BadLepricondistributed by Google Play • GPU ‘idle’ at 180° F Power

  9. May as well • Traffic sniffing, key loggers and other information theft • Self propagation • Happy Hacker, Zeu$ botnet master • Spreading over network • Detection of other botnets presence • The enemy of my enemy is my competitor Information

  10. What makes them bad can be used for good • Hard to remove or disable • Good at hiding/quiet monitoring • Botnets with good intentions fighting botnets • Phalanx, DDOS protection • Nodes of botnet used as protective mailboxes • Pass on information when requested • Computational puzzle to gain access For the Greater Good

  11. Defensive (users, owners) • Offensive (security agencies, research) Prevention

  12. Treat just like malware • Intrusion Detection System • Main target of botnets don’t follow these • Keeping updated • Quality firewall, anti-virus • Other general security measures • Removal, maybe clean install Defensive

  13. Agencies know people think of security last • Research for IDS • Development of “good” botnets • Gun buying programs, better unused • Tracking down botnet masters • Examining bought/captured botnets • Honeypots Offensive

  14. Originally bots, now popular templates • Agobot • SDBot • Global Threat Bot (Fig. 1) Examples

  15. 500 know versions • Easy to use, little programming knowledge required • Simple to add commands / vulnerability scanners • Offers rootkit capabilities (process hiding) • If you want it there is a version that has it • Advanced form of traffic sniffing • Packet sniffers / key loggers • Self propagation • DDOS commands • Stripped down lipcpapdll registered as system driver • Utilizes libpcredll to lookout for bot commands Agobot - the multi-tool

  16. Written in very poor C but still widely used • Less sophisticated, smaller instruction set • Similar to Agobot in features • Copies self to all mapped drives and shared network resources • Can update itself which is cool • Bad form of traffic sniffing • Processes hiding • Self replication • Based on windows raw socket listining, listens to own traffic SDBot– the cheaper multi-tool

  17. Distributed as a Trojan over Internet Relay Chat (IRC) networks • Runs in stealth mode with the name mIRC Client • Utilizes a number of mIRC bot scripts • Once installed joins IRC channel and waits for commands • Useful for launching DDOS attacks over IRC networks Global Threat Bot - DDOS tool

  18. Botnets are malware with control (NO ZOMBIES) • Numbers, Power, Information and maybe good uses • Offensive and Defensive prevention • 3 common examples Review

  19. http://www.wired.co.uk/news/archive/2013-05/16/internet-censushttp://www.wired.co.uk/news/archive/2013-05/16/internet-census • https://www.youtube.com/watch?v=2GdqoQJa6r4 - How to Steal a Botnet • https://www.youtube.com/watch?v=A5-ewv3zvrM – How to Make a Botnet • https://blog.damballa.com/archives/330 - DDOS pricing • The good stuff is just a search away, but be weary Links

  20. Q&A

More Related