Botnets
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

Botnets PowerPoint PPT Presentation


  • 118 Views
  • Uploaded on
  • Presentation posted in: General

Botnets. Alex Lam March 2 nd , 2010 Portland State University Cs347u. Contents. What is a botnet? How are botnets created? How are they controlled? How are bots acquired? What type of attacks are they responsible for? Preventions of getting a bot.

Download Presentation

Botnets

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Botnets

Botnets

Alex Lam

March 2nd, 2010

Portland State University

Cs347u


Contents

Contents

  • What is a botnet?

  • How are botnets created?

  • How are they controlled?

  • How are bots acquired?

  • What type of attacks are they responsible for?

  • Preventions of getting a bot.


Are botnets a treat to internet security

Are botnets a treat to internet security?

  • According to Cisco (2007), “Botnets: The New Threat Landscape”, They are the primary threat on the internet today.

  • They have no limit to there size…

    • Used for large scale attacks such as digital vandalism (SPAM) or financial gain (click fraud).


What is a botnet

What is a botnet?


What s a bot

What’s a bot?

To understand botnets, we need to know what a bot is…

  • A bot is a malicious application, short for software robot.

  • An automated program that runs silently on an infected host (Drone).

  • Bot waits for command from creator (bot master)

  • Communication between the master and drone are through a IRC, such as IM.


What s a botnet

What’s a botnet?

  • A network of bot infected computers. Consisting of hundreds or thousands of drones (zombie army).

  • Central control by a 3rd party.

  • Acting on a single purpose, depending on the motive of the bot master.

  • Often use for a large scale attack


How are botnets created what is needed

How are botnets created?What is needed

  • Simply point/click software

  • Set up a C&C (Command & Control)

  • Need many bot infected computers (drones). The more bots in the zombie army, the more power/capiablity

  • High speed internet connection to communicate with the drones via IRC.


How are they controlled

How are they controlled?

Internet Relay Chat (Centralized)

  • Real time message eg. Text or chat

  • botnetsare controlled by an Internet relay Chat(IRC) system.

  • IRC operates on an open protocol (port) that use TCP.

  • IRC network can be expanded to other IRC network.

  • IM are easier to detected in the IRC

  • IRC networks are taking measures to block access to botnets, Bot master must find their own servers

  • Decentralized central control

  • Requires no open port

  • Messages are encrypted, making it difficult to detect.

  • Able to work behind firewalls

  • Similar to how email work, can be used anywhere.

eXtensible Messaging and Presence Protocol (Decentralized)


Some interesting stats

Some interesting stats

  • With about 600 million system connected to the internet, about 150 million are infected by a bot software.

  • 1 out 4 computers connected to the internet are comprised by a bot.


Acquiring bots

Acquiring Bots

  • Bots are acquire like any other malicious program/software e.g. trojans and virus.

    • Piggybacked software installations

    • Drive-by downloads

    • Browser add-ons such as plug-in

    • Downloads from an untrusted site


Attacks botnets are used for

Attacks Botnets are used for


Capability of a botnet malicious

Capability of a botnet (Malicious)

  • Botnets are flexible and are capable of many attack such as…

    • Distributed Denial of Service attacks (DOS)

    • SPAM

    • Click Fraud

    • Spyware

      AND many more!!!


Dos attack

DOS Attack

  • Digital vandalism

  • Target site becomes slowed or unavailable due to…

    • interruption of physical network mechanism.

    • use of computational resources, eg. bandwidth, disk space.

    • Overwhelm the target by sending many digital package.

      The target site wouldn’t be available to perform normal functions

      Even though targets are sites, routers and switches also fails.


Botnets

.


Spam from botnet

Spam from botnet*

  • A spammer sends money/request to a bot master.

  • Botnet master generates spam details.

  • Spam details is sent to the zombie army.

  • Drones execute the command.

  • Spams are forward to SMPT servers.

  • Spam is delivered to in boxes

  • Info is sent back to the botmaster, if recipients open mail and compromise their computer.

    * Wikipedia/spam


Click fraud

Click Fraud

  • Online advertising pays affiliates for generating clicks per advertisings, also known as pay per clicks advertising (PPC).

  • What if…

    • Ad clicking were simulating

    • Manipulated by botnets


Spyware

Spyware

  • An application installed on your computer without your consent, spyware can monitor your activities by…

    • screen shot capture

    • Network packet captures

    • keystroke logger

    • data theft


Cont spyware

Cont. Spyware

Keystroke Loggers

  • Keystroke logger are able to capture…

    • Passwords

    • Communications e.g. IM and emails

    • CC Info

    • Personal data (identity theft)

  • A program that is able to intercept a data package, route it to the interceptor and analyzed the data.

  • Also, this program can be use to see if competing botnets are with proximity.

    • Bot master can steal that certain bot to make it part of his/her botnet.

Network packet Sniffer


Cont spyware1

Cont. spyware

Screen Shot capture

  • Works just like keystroke logger

  • Capture image

  • Able to enable webcam and mic

  • Search protected storage credentails

  • Search for other valuable data such as passwords

  • Obtaining IM contacts and Email contacts (SPAM list)

  • Able to obtain files such as word and pptx

Data theft


Storm botnet

Storm botnet

  • First discover in January 2007

  • One source says that the network consisting of 1 to 50 million drones by September 2007, another sources says between 250,000 to 1 million.

  • Is responsible of 8% of malware for Windows OS and 8% of spam.

  • Powerful enough to shut down a country’s internet.

  • Using only 10%-20% of its network.


Ways to protect yourself from botnets

Ways to Protect yourself from Botnets

  • Regularly update browser and anti-virus.

  • Switch browser and/or OS

    • Most botnets are written for the most commonly used browser such as IE. The same goes for OS. The safer ones are MAC’s, most botnets target Windows OS.

  • Hire a Web-filtering service

    • Service that informs user of a site of acting unusual and sites that are known for malicious activity and then blocks them from the user.

  • Deploy intrusion-detection and intrusion-prevention systems

    • IDS: An application that monitors network and/or system activities for malicious activities or policy violations.

    • IPS: Same as IDS, but the application filters the malicious package and allow the rest of the content to stream to the user.


Questions

Questions?


Reference

Reference

  • http://www.networkworld.com/research/2007/070607-botnet-side1.html?page=1

  • http://en.wikipedia.org/wiki/Storm_botnet

  • http://www.cert.org/homeusers/ddos.html

  • “Net Living Dead”, 2008, David Harley, pg13-16, www.eset.com

  • http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1030284,00.html

  • http://searchmidmarketsecurity.techtarget.com/sDefinition/0,,sid198_gci213422,00.html

  • http://www.usenix.org/event/hotbots07/tech/full_papers/grizzard/grizzard_html/

  • http://www.networkworld.com/research/2007/070607-botnet-side1.html?page=1

  • http://www.med.miami.edu/hipaa/public/x385.xml

  • http://howto.wired.com/wiki/Build_your_own_botnet_with_open_source_software

  • http://web.pdx.edu/~fernan/cs347uppt_files/frame.htm


  • Login