botnets n.
Skip this Video
Loading SlideShow in 5 Seconds..
Botnets PowerPoint Presentation
Download Presentation

Loading in 2 Seconds...

play fullscreen
1 / 23

Botnets - PowerPoint PPT Presentation

Download Presentation
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Botnets Alex Lam March 2nd, 2010 Portland State University Cs347u

  2. Contents • What is a botnet? • How are botnets created? • How are they controlled? • How are bots acquired? • What type of attacks are they responsible for? • Preventions of getting a bot.

  3. Are botnets a treat to internet security? • According to Cisco (2007), “Botnets: The New Threat Landscape”, They are the primary threat on the internet today. • They have no limit to there size… • Used for large scale attacks such as digital vandalism (SPAM) or financial gain (click fraud).

  4. What is a botnet?

  5. What’s a bot? To understand botnets, we need to know what a bot is… • A bot is a malicious application, short for software robot. • An automated program that runs silently on an infected host (Drone). • Bot waits for command from creator (bot master) • Communication between the master and drone are through a IRC, such as IM.

  6. What’s a botnet? • A network of bot infected computers. Consisting of hundreds or thousands of drones (zombie army). • Central control by a 3rd party. • Acting on a single purpose, depending on the motive of the bot master. • Often use for a large scale attack

  7. How are botnets created?What is needed • Simply point/click software • Set up a C&C (Command & Control) • Need many bot infected computers (drones). The more bots in the zombie army, the more power/capiablity • High speed internet connection to communicate with the drones via IRC.

  8. How are they controlled? Internet Relay Chat (Centralized) • Real time message eg. Text or chat • botnetsare controlled by an Internet relay Chat(IRC) system. • IRC operates on an open protocol (port) that use TCP. • IRC network can be expanded to other IRC network. • IM are easier to detected in the IRC • IRC networks are taking measures to block access to botnets, Bot master must find their own servers • Decentralized central control • Requires no open port • Messages are encrypted, making it difficult to detect. • Able to work behind firewalls • Similar to how email work, can be used anywhere. eXtensible Messaging and Presence Protocol (Decentralized)

  9. Some interesting stats • With about 600 million system connected to the internet, about 150 million are infected by a bot software. • 1 out 4 computers connected to the internet are comprised by a bot.

  10. Acquiring Bots • Bots are acquire like any other malicious program/software e.g. trojans and virus. • Piggybacked software installations • Drive-by downloads • Browser add-ons such as plug-in • Downloads from an untrusted site

  11. Attacks Botnets are used for

  12. Capability of a botnet (Malicious) • Botnets are flexible and are capable of many attack such as… • Distributed Denial of Service attacks (DOS) • SPAM • Click Fraud • Spyware AND many more!!!

  13. DOS Attack • Digital vandalism • Target site becomes slowed or unavailable due to… • interruption of physical network mechanism. • use of computational resources, eg. bandwidth, disk space. • Overwhelm the target by sending many digital package. The target site wouldn’t be available to perform normal functions Even though targets are sites, routers and switches also fails.

  14. .

  15. Spam from botnet* • A spammer sends money/request to a bot master. • Botnet master generates spam details. • Spam details is sent to the zombie army. • Drones execute the command. • Spams are forward to SMPT servers. • Spam is delivered to in boxes • Info is sent back to the botmaster, if recipients open mail and compromise their computer. * Wikipedia/spam

  16. Click Fraud • Online advertising pays affiliates for generating clicks per advertisings, also known as pay per clicks advertising (PPC). • What if… • Ad clicking were simulating • Manipulated by botnets

  17. Spyware • An application installed on your computer without your consent, spyware can monitor your activities by… • screen shot capture • Network packet captures • keystroke logger • data theft

  18. Cont. Spyware Keystroke Loggers • Keystroke logger are able to capture… • Passwords • Communications e.g. IM and emails • CC Info • Personal data (identity theft) • A program that is able to intercept a data package, route it to the interceptor and analyzed the data. • Also, this program can be use to see if competing botnets are with proximity. • Bot master can steal that certain bot to make it part of his/her botnet. Network packet Sniffer

  19. Cont. spyware Screen Shot capture • Works just like keystroke logger • Capture image • Able to enable webcam and mic • Search protected storage credentails • Search for other valuable data such as passwords • Obtaining IM contacts and Email contacts (SPAM list) • Able to obtain files such as word and pptx Data theft

  20. Storm botnet • First discover in January 2007 • One source says that the network consisting of 1 to 50 million drones by September 2007, another sources says between 250,000 to 1 million. • Is responsible of 8% of malware for Windows OS and 8% of spam. • Powerful enough to shut down a country’s internet. • Using only 10%-20% of its network.

  21. Ways to Protect yourself from Botnets • Regularly update browser and anti-virus. • Switch browser and/or OS • Most botnets are written for the most commonly used browser such as IE. The same goes for OS. The safer ones are MAC’s, most botnets target Windows OS. • Hire a Web-filtering service • Service that informs user of a site of acting unusual and sites that are known for malicious activity and then blocks them from the user. • Deploy intrusion-detection and intrusion-prevention systems • IDS: An application that monitors network and/or system activities for malicious activities or policy violations. • IPS: Same as IDS, but the application filters the malicious package and allow the rest of the content to stream to the user.

  22. Questions?

  23. Reference • • • • “Net Living Dead”, 2008, David Harley, pg13-16, •,,sid14_gci1030284,00.html •,,sid198_gci213422,00.html • • • • •