Presentation is loading. Please wait.

Presentation is loading. Please wait.

Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.

Published byEvan Wells Modified over 8 years ago

Similar presentations

Presentation on theme: "Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army."— Presentation transcript:

1 Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army

2 Outline 2 Introduction How botnets began Island hopping botnets Phishing with botnets Exploiting DNS Devilish uses for dynamic DNS Fighting online crime with databases Fixing DNS No silver bullet

3 Introduction Years ago hackers were little more than script kiddies who busied themselves in their bedrooms writing malicious code. The criminal underground has found its way into online scams, creating a boom in cybercrime. Criminals have realised that they can make a lot of money with relatively little risk. 3

4 How botnets began Botnets emerged in the late nineties, as ecommerce proliferated and the internet’s user base grew. Once compromised, these PCs become ‘bots’, ready to carry out the commands of the botnet controller, or botmaster. A typical use of botnets is running spamming campaigns. 4

5 Island hopping botnets A recent ploy favoured by spam-issuing botmasters is island hopping. A botnet is often used to steal PINs, passwords and other sensitive information from home PC users, which is then fed back to the botmaster. Harvesting and controlling a huge number of PCs gives the botmaster enormous power. For example, he can launch distributed denial of service (DDoS) attacks for revenge or profit. 5

6 Phishing with botnets Distributing the attack also has the advantage of ensuring that the attacker is untraceable. The boom in the theft of personal information has also given rise to botnet malware with phishing capabilities. Advanced malware triggers the bot to display a web page mimicking a legitimate site. 6

7 Exploiting DNS 1/2 Botnets themselves are as versatile as they are valuable. That being able to make a bot even more agile, to be able to exploit even more vulnerabilities, is an exciting prospect for the botmaster. By using dynamic DNS, websites can be hosted from an IP address that is constantly changing. This way, their website or domain is always available, regardless of the IP address it is using. 7

8 Exploiting DNS 2/2 8 www.123.com.tw

9 Devilish uses for dynamic DNS This service can be used for illegitimate purposes. Criminals can use it to keep phishing sites online for longer. Let’s imagine a fictional domain registered with the dynamic DNS service called 123.net.the website at its IP address is a phishing site. When the phishing site is discovered the botmaster simply logs into the dynamic DNS account and changes the IP address of the fake site to point to a new address hosting another phishing site. 9

10 Fighting online crime with databases One way of combating phishing attacks is to build databases that contain lists of all known phishing websites. OpenDNS, a company that specializes in domain name resolution, is more astute. Rather than keeping the information to itself, OpenDNS has created a phishing database that can be accessed by anyone. criminals circumvent phishing databases by using zombie PCs to operate as rogue DNS servers on compromised systems. 10

11 Fixing DNS 1/2 One solution is to make the DNS system more secure, called Domain Name System Security Extensions(DNSSEC), intended to secure certain kinds of information provided by the Domain Name System. Many believe that deploying DNSSEC will help in securing the Internet as a whole, but there are challenges. 11

12 Fixing DNS 2/2 Years ago, many botnets could be disabled by isolating and shutting down the control server to which all the bots reported. Compromised PCs then had no central server to report to, or receive instructions from, and were essentially useless. Dynamic DNS solves this problem for botmasters, by continuously enabling the bots to report to a valid address. 12

13 No silver bullet Will dynamic DNS and domain management be the conduit for future hacking attacks? It’s impossible to know. The cat and mouse relationship between the hacker and the security industry. Technicians can continue to refine standards and tools at the network’s core, but protection from online crime starts at the edge of the network, with the people using it. 13

Download ppt "Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army."

Similar presentations

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.

Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.
The Integritas System to enforce Integrity in Academic Environments Prof Basie von Solms Mr Jaco du Toit Prof Basie Von Solms Academy for IT University.

The Integritas System to enforce Integrity in Academic Environments Prof Basie von Solms Mr Jaco du Toit Prof Basie Von Solms Academy for IT University.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Network and Internet Security and Privacy.  Explain network and Internet security concerns  Identify online threats.

Network and Internet Security and Privacy.  Explain network and Internet security concerns  Identify online threats.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
CS426Fall 2010/Lecture11 Computer Security CS 426 Lecture 1 Overview of the Course.

CS426Fall 2010/Lecture11 Computer Security CS 426 Lecture 1 Overview of the Course.
BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.

Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.
Teach a man (person) to Phish Recognizing email scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.

Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Similar presentations

Ads by Google