Presentation is loading. Please wait.

Presentation is loading. Please wait.

Host and Application Security Lesson 17: Botnets.

Published byWinfred Price Modified over 8 years ago

Similar presentations

Presentation on theme: "Host and Application Security Lesson 17: Botnets."— Presentation transcript:

1 Host and Application Security Lesson 17: Botnets

2 Almost done with Malware  Now that you’re done with traditional malware, let’s look at an important class or two we’ve ignored: rootkits and botnets

3 Rootkit  Actually, a pretty loose definition  Can think of it as a piece of malware that is designed to allow an attacker privileged access to a computer Rootkits usually allow access via the network Rootkits usually are very stealthy, and provide ways an attacker can hide on the box

4 Botnet  Really, a form of rootkit, but the emphasis is on remote control

5 The Botnet Lifecycle RecruitmentManagementExploitation

6 Recruitment  Machines get recruited into botnets a large number of ways  Typically, web or email based exploit  This installs the bot on the machine

7 Command and Control  This can be thought of as the “Achilles heel” of the botnet  A botnet needs remote control  Thus, if we can detect the network traffic, we can detect the botnet  However, the botherder makes a large effort to protect his (her) investment

8 Exploitation  Lots of uses: DDoS attacks Adware installation Spyware installation Spam Click fraud Spread to other machines ID theft …

9 C2 Techniques  Simple: IRC  Complicated: Domain flux Generate different candidate domain names every day Bots “check in” with new domains every day Not all domains need to be registered for this approach to work

10 C2 features  Can break down into: Topology: hub and spoke? P2P? Rallying Mechanism: How new bots locate and join the botnet. Communication Protocol: The underlying protocol used… Control Mechanism: How new commands are sent. Callback? Polling? Command Authentication Mechanism: How can we tell if a command is really from the botherder?

11 To Do  Download and read “Your botnet is my botnet: Analysis of a Botnet Takeover”  Questions about this could be on the final…

12 Questions?

Download ppt "Host and Application Security Lesson 17: Botnets."

Similar presentations

Nick Feamster Research: Network security and operations Teaching CS 7260 in Spring 2007 CS 7001 Mini-projects: –http://www.cc.gatech.edu/~feamster/mini-projects/

Nick Feamster Research: Network security and operations Teaching CS 7260 in Spring 2007 CS 7001 Mini-projects: –
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Identity Theft Jody Nadeau. Project Description What is Identity theft What is Identity theft Types of identity theft Types of identity theft Fraud Fraud.

Identity Theft Jody Nadeau. Project Description What is Identity theft What is Identity theft Types of identity theft Types of identity theft Fraud Fraud.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.

AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.
Threats To A Computer Network

Threats To A Computer Network
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
1 Understanding Botnet Phenomenon MITP 458 - Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.

Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.
Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.

Botnet Dection system. Introduction  Botnet problem  Challenges for botnet detection.
Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
Threat infrastructure: proxies, botnets, fast-flux

Threat infrastructure: proxies, botnets, fast-flux
Borrowed from Brent ByungHoon Kang, GMU. A Network of Compromised Computers on the Internet IP locations of the Waledac botnet. Borrowed from Brent ByungHoon.

Borrowed from Brent ByungHoon Kang, GMU. A Network of Compromised Computers on the Internet IP locations of the Waledac botnet. Borrowed from Brent ByungHoon.
DIGITAL Download Sharing and Copying. Digital Download Process of downloading content or materials with the elimination of physical media. (dvd/cdrom)

DIGITAL Download Sharing and Copying. Digital Download Process of downloading content or materials with the elimination of physical media. (dvd/cdrom)
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.

How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.
Botnets An Introduction Into the World of Botnets Tyler Hudak

Botnets An Introduction Into the World of Botnets Tyler Hudak

Similar presentations

Ads by Google