1 / 23

Botnets - PowerPoint PPT Presentation

  • Uploaded on

Botnets. Alex Lam March 2 nd , 2010 Portland State University Cs347u. Contents. What is a botnet? How are botnets created? How are they controlled? How are bots acquired? What type of attacks are they responsible for? Preventions of getting a bot.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Botnets' - airlia

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript


Alex Lam

March 2nd, 2010

Portland State University



  • What is a botnet?

  • How are botnets created?

  • How are they controlled?

  • How are bots acquired?

  • What type of attacks are they responsible for?

  • Preventions of getting a bot.

Are botnets a treat to internet security
Are botnets a treat to internet security?

  • According to Cisco (2007), “Botnets: The New Threat Landscape”, They are the primary threat on the internet today.

  • They have no limit to there size…

    • Used for large scale attacks such as digital vandalism (SPAM) or financial gain (click fraud).

What is a botnet
What is a botnet?

What s a bot
What’s a bot?

To understand botnets, we need to know what a bot is…

  • A bot is a malicious application, short for software robot.

  • An automated program that runs silently on an infected host (Drone).

  • Bot waits for command from creator (bot master)

  • Communication between the master and drone are through a IRC, such as IM.

What s a botnet
What’s a botnet?

  • A network of bot infected computers. Consisting of hundreds or thousands of drones (zombie army).

  • Central control by a 3rd party.

  • Acting on a single purpose, depending on the motive of the bot master.

  • Often use for a large scale attack

How are botnets created what is needed
How are botnets created?What is needed

  • Simply point/click software

  • Set up a C&C (Command & Control)

  • Need many bot infected computers (drones). The more bots in the zombie army, the more power/capiablity

  • High speed internet connection to communicate with the drones via IRC.

How are they controlled
How are they controlled?

Internet Relay Chat (Centralized)

  • Real time message eg. Text or chat

  • botnetsare controlled by an Internet relay Chat(IRC) system.

  • IRC operates on an open protocol (port) that use TCP.

  • IRC network can be expanded to other IRC network.

  • IM are easier to detected in the IRC

  • IRC networks are taking measures to block access to botnets, Bot master must find their own servers

  • Decentralized central control

  • Requires no open port

  • Messages are encrypted, making it difficult to detect.

  • Able to work behind firewalls

  • Similar to how email work, can be used anywhere.

eXtensible Messaging and Presence Protocol (Decentralized)

Some interesting stats
Some interesting stats

  • With about 600 million system connected to the internet, about 150 million are infected by a bot software.

  • 1 out 4 computers connected to the internet are comprised by a bot.

Acquiring bots
Acquiring Bots

  • Bots are acquire like any other malicious program/software e.g. trojans and virus.

    • Piggybacked software installations

    • Drive-by downloads

    • Browser add-ons such as plug-in

    • Downloads from an untrusted site

Attacks botnets are used for
Attacks Botnets are used for

Capability of a botnet malicious
Capability of a botnet (Malicious)

  • Botnets are flexible and are capable of many attack such as…

    • Distributed Denial of Service attacks (DOS)

    • SPAM

    • Click Fraud

    • Spyware

      AND many more!!!

Dos attack
DOS Attack

  • Digital vandalism

  • Target site becomes slowed or unavailable due to…

    • interruption of physical network mechanism.

    • use of computational resources, eg. bandwidth, disk space.

    • Overwhelm the target by sending many digital package.

      The target site wouldn’t be available to perform normal functions

      Even though targets are sites, routers and switches also fails.


Spam from botnet
Spam from botnet*

  • A spammer sends money/request to a bot master.

  • Botnet master generates spam details.

  • Spam details is sent to the zombie army.

  • Drones execute the command.

  • Spams are forward to SMPT servers.

  • Spam is delivered to in boxes

  • Info is sent back to the botmaster, if recipients open mail and compromise their computer.

    * Wikipedia/spam

Click fraud
Click Fraud

  • Online advertising pays affiliates for generating clicks per advertisings, also known as pay per clicks advertising (PPC).

  • What if…

    • Ad clicking were simulating

    • Manipulated by botnets


  • An application installed on your computer without your consent, spyware can monitor your activities by…

    • screen shot capture

    • Network packet captures

    • keystroke logger

    • data theft

Cont spyware
Cont. Spyware

Keystroke Loggers

  • Keystroke logger are able to capture…

    • Passwords

    • Communications e.g. IM and emails

    • CC Info

    • Personal data (identity theft)

  • A program that is able to intercept a data package, route it to the interceptor and analyzed the data.

  • Also, this program can be use to see if competing botnets are with proximity.

    • Bot master can steal that certain bot to make it part of his/her botnet.

Network packet Sniffer

Cont spyware1
Cont. spyware

Screen Shot capture

  • Works just like keystroke logger

  • Capture image

  • Able to enable webcam and mic

  • Search protected storage credentails

  • Search for other valuable data such as passwords

  • Obtaining IM contacts and Email contacts (SPAM list)

  • Able to obtain files such as word and pptx

Data theft

Storm botnet
Storm botnet

  • First discover in January 2007

  • One source says that the network consisting of 1 to 50 million drones by September 2007, another sources says between 250,000 to 1 million.

  • Is responsible of 8% of malware for Windows OS and 8% of spam.

  • Powerful enough to shut down a country’s internet.

  • Using only 10%-20% of its network.

Ways to protect yourself from botnets
Ways to Protect yourself from Botnets

  • Regularly update browser and anti-virus.

  • Switch browser and/or OS

    • Most botnets are written for the most commonly used browser such as IE. The same goes for OS. The safer ones are MAC’s, most botnets target Windows OS.

  • Hire a Web-filtering service

    • Service that informs user of a site of acting unusual and sites that are known for malicious activity and then blocks them from the user.

  • Deploy intrusion-detection and intrusion-prevention systems

    • IDS: An application that monitors network and/or system activities for malicious activities or policy violations.

    • IPS: Same as IDS, but the application filters the malicious package and allow the rest of the content to stream to the user.





  • “Net Living Dead”, 2008, David Harley, pg13-16,