Presentation is loading. Please wait.

Presentation is loading. Please wait.

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: " What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? "— Presentation transcript:

1

2  What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for?  Preventions of getting a bot.

3  According to Cisco (2007), “Botnets: The New Threat Landscape”, They are the primary threat on the internet today.  They have no limit to there size… › Used for large scale attacks such as digital vandalism (SPAM) or financial gain (click fraud).

4

5 To understand botnets, we need to know what a bot is… › A bot is a malicious application, short for software robot. › An automated program that runs silently on an infected host (Drone). › Bot waits for command from creator (bot master) › Communication between the master and drone are through a IRC, such as IM.

6  A network of bot infected computers. Consisting of hundreds or thousands of drones (zombie army).  Central control by a 3 rd party.  Acting on a single purpose, depending on the motive of the bot master.  Often use for a large scale attack

7  Simply point/click software  Set up a C&C (Command & Control)  Need many bot infected computers (drones). The more bots in the zombie army, the more power/capiablity  High speed internet connection to communicate with the drones via IRC.

8 Internet Relay Chat (Centralized) eXtensible Messaging and Presence Protocol (Decentralized)  Real time message eg. Text or chat  botnets are controlled by an Internet relay Chat(IRC) system.  IRC operates on an open protocol (port) that use TCP.  IRC network can be expanded to other IRC network.  IM are easier to detected in the IRC  IRC networks are taking measures to block access to botnets, Bot master must find their own servers  Decentralized central control  Requires no open port  Messages are encrypted, making it difficult to detect.  Able to work behind firewalls  Similar to how email work, can be used anywhere.

9  With about 600 million system connected to the internet, about 150 million are infected by a bot software.  1 out 4 computers connected to the internet are comprised by a bot.

10  Bots are acquire like any other malicious program/software e.g. trojans and virus. › Piggybacked software installations › Drive-by downloads › Browser add-ons such as plug-in › Downloads from an untrusted site

11

12  Botnets are flexible and are capable of many attack such as… › Distributed Denial of Service attacks (DOS) › SPAM › Click Fraud › Spyware AND many more!!!

13 Digital vandalism Target site becomes slowed or unavailable due to…  interruption of physical network mechanism.  use of computational resources, eg. bandwidth, disk space.  Overwhelm the target by sending many digital package. The target site wouldn’t be available to perform normal functions Even though targets are sites, routers and switches also fails.

14

15 1. A spammer sends money/request to a bot master. 2. Botnet master generates spam details. 3. Spam details is sent to the zombie army. 4. Drones execute the command. 5. Spams are forward to SMPT servers. 6. Spam is delivered to in boxes 7. Info is sent back to the botmaster, if recipients open mail and compromise their computer. * Wikipedia/spam

16  Online advertising pays affiliates for generating clicks per advertisings, also known as pay per clicks advertising (PPC).  What if… › Ad clicking were simulating › Manipulated by botnets

17  An application installed on your computer without your consent, spyware can monitor your activities by… › screen shot capture › Network packet captures › keystroke logger › data theft

18 Keystroke Loggers Network packet Sniffer  Keystroke logger are able to capture… › Passwords › Communications e.g. IM and emails › CC Info › Personal data (identity theft)  A program that is able to intercept a data package, route it to the interceptor and analyzed the data.  Also, this program can be use to see if competing botnets are with proximity. › Bot master can steal that certain bot to make it part of his/her botnet.

19 Screen Shot capture Data theft  Works just like keystroke logger  Capture image  Able to enable webcam and mic  Search protected storage credentails  Search for other valuable data such as passwords  Obtaining IM contacts and Email contacts (SPAM list)  Able to obtain files such as word and pptx

20  First discover in January 2007  One source says that the network consisting of 1 to 50 million drones by September 2007, another sources says between 250,000 to 1 million.  Is responsible of 8% of malware for Windows OS and 8% of spam.  Powerful enough to shut down a country’s internet.  Using only 10%-20% of its network.

21  Regularly update browser and anti-virus.  Switch browser and/or OS › Most botnets are written for the most commonly used browser such as IE. The same goes for OS. The safer ones are MAC’s, most botnets target Windows OS.  Hire a Web-filtering service › Service that informs user of a site of acting unusual and sites that are known for malicious activity and then blocks them from the user.  Deploy intrusion-detection and intrusion- prevention systems › IDS: An application that monitors network and/or system activities for malicious activities or policy violations. › IPS: Same as IDS, but the application filters the malicious package and allow the rest of the content to stream to the user.

22

23  http://www.networkworld.com/research/2007/070607-botnet- side1.html?page=1 http://www.networkworld.com/research/2007/070607-botnet- side1.html?page=1  http://en.wikipedia.org/wiki/Storm_botnet http://en.wikipedia.org/wiki/Storm_botnet  http://www.cert.org/homeusers/ddos.html http://www.cert.org/homeusers/ddos.html  “Net Living Dead”, 2008, David Harley, pg13-16, www.eset.com  http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1030284,00. html  http://searchmidmarketsecurity.techtarget.com/sDefinition/0,,sid198_gci 213422,00.html  http://www.usenix.org/event/hotbots07/tech/full_papers/grizzard/grizzar d_html/  http://www.networkworld.com/research/2007/070607-botnet- side1.html?page=1  http://www.med.miami.edu/hipaa/public/x385.xml  http://howto.wired.com/wiki/Build_your_own_botnet_with_open_source _software http://howto.wired.com/wiki/Build_your_own_botnet_with_open_source _software  http://web.pdx.edu/~fernan/cs347uppt_files/frame.htm

Download ppt " What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? "

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Internet Safety Basics Never share names, schools, ages, phone numbers, or addresses. Never open an email from a stranger – it may contain viruses that.

Internet Safety Basics Never share names, schools, ages, phone numbers, or addresses. Never open an from a stranger – it may contain viruses that.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.

Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.

Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.
BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.
1 Understanding Botnet Phenomenon MITP 458 - Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.

Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

Similar presentations

Ads by Google