Presentation is loading. Please wait.

Presentation is loading. Please wait.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we."— Presentation transcript:

1 Botnets Abhishek Debchoudhury Jason Holmes

2 What is a botnet? A network of computers running software that runs autonomously. In a security context we are interested in botnets in which the computers have been compromised and are under the control of a malicious adversary.

3 What are botnets used for? Spam o ~85% of email is spam DDoS attacks Identity theft o Cost in 2006: $15.6 billion Phishing attacks o 4500 active sites at any given time, 1 million previously active sites

4 What are botnets used for? Hosting pirated software Hosting and distributing malware Click fraud o ~14% of all advertisement clicks are fraudulent Packet sniffing

5 What's a botmaster? Person(s) controlling the botnet o Business person  Often paid by customers  Willing to rent out botnet o Glory Hound  Brags about size of botnet  Willing to talk to researchers o Script kiddies  Inexperienced

6 Command Topologies Star o Bots tied to centralized C&C server. Multi-Server o Same as star but with multiple C&C servers Hierarchical o Parent bot control child bots Random o Full P2P support

7 Topology Tradeoffs Control vs. Survivability More Control o Easier to get botnet to do your bidding o Easier to shut down Survivability o Harder to shut down o Less control

8 Communication Methods HTTP o Easy for attacker to blend in IRC o Harder to hide since IRC is much less used than HTTP Custom o Makes use of new application protocols

9 Propagation Methods Scanning o 0-day attacks o Worm-like behavior Infected e-mail attachments Drive-by-downloads Trojan horses

10 Infection Procedure

11 History and Notable Botnets 1999 - Sub7 2000 - GTbot a bot based on mIRC 2002 - SDbot small c++ binary with widely available source code 2002 - Agobot staged attacked with modular payload 2003 - Sinit first peer-to-peer botnet 2004 - Bagle and Bobax first spamming botnets 2007 - Storm botnet 2009 - Waledac botnet 2009 - Zeus botnet

12 Defense Three main issues: 1. How to find them 2. Decide how to fight them (defense vs offense) 3. How to negate the threat

13 Detection: Analyze Network Traffic Temporal o Same repeated traffic pattern from node Spatial o Nodes in same subnet likely infected

14 Detection: Packet Analysis Using statistical analysis on network traffic flows Classify packets based on payload signature and destination port o Looking for clusters of similar data packets o n-gram byte distribution IRC botnet traffic it is not very diverse compared to traffic generated by humans

15 Strategy Active: attack the source Shut down C&C server Re-route DNS Pushback Passive: defend at the target Filters Human attestation Collective defense

16 Defense - Change DNS routing Defender figures out domain that attacker is using and takes control Pros: Central point of attack Severs botmaster's ability to communicate with the botnet Cons: Not all bot nets have C&C server C&C domain changes often o > 97% turn over per week

17 Defense -Black Lists Defender creates list of attackers. Used primarily as spam fighting technique Pros: Allows for broad knowledge sharing Easy to maintain/understand Cons: List has to be continually updated Innocent service providers get blocked

18 Defense -Human Attestation Defender requests that client prove his humanity. Requires the client to have a trusted attester o Accomplished through the use of a Trusted Platform Module Several methods for an attester to determine that the actions were initiated by a human o Through the use of secure input devices which cryptographically sign their output o CAPTCHA or secure prompt o Analyze keystrokes and mouse movement

19 Defense - Collective defense We must all hang together or assuredly we shall all hang separately. -- Benjamin Franklin Key contentions o Most end users don't know/care about security o The best way to secure the internet is through a collective effort without relying on end users o Compromised hardware must be quarantined until healthy Authenticate healthiness before network access o Public Health Model for Internet Allow everyone but identify suspicious behavior o Japan's Cyber Clean Center o Finnish national Computer Emergency Response Team

20 Thanks

Download ppt "Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we."

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)

An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)
Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.

Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.
1 Understanding Botnet Phenomenon MITP 458 - Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.

Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.
Detecting Fraudulent Clicks From BotNets 2.0 Adam Barth Joint work with Dan Boneh, Andrew Bortz, Collin Jackson, John Mitchell, Weidong Shao, and Elizabeth.

Detecting Fraudulent Clicks From BotNets 2.0 Adam Barth Joint work with Dan Boneh, Andrew Bortz, Collin Jackson, John Mitchell, Weidong Shao, and Elizabeth.
Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.

Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.
Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.
Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.

Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.
Threat infrastructure: proxies, botnets, fast-flux

Threat infrastructure: proxies, botnets, fast-flux
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Similar presentations

Ads by Google