1 / 8

BOTNETS/Cyber Criminals

BOTNETS/Cyber Criminals. How do we stop Cyber Criminals. Words you should know!. Zombie Computers- is a computer attached to the Internet that has been compromised by Hackers, computer virus, or even a Trojan horse Compromised- something that combines qualities or elements of different things

torsten-markku
Download Presentation

BOTNETS/Cyber Criminals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BOTNETS/Cyber Criminals • How do we stop Cyber Criminals

  2. Words you should know! • Zombie Computers- is a computer attached to the Internet that has been compromised by Hackers, computer virus, or even a Trojan horse • Compromised- something that combines qualities or elements of different things • Spamming- is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages • Ddos attack- Denial-of-services attack is a attempt to make a computers resources unviable • IRC(Internet Relay Chat) This is how different zombies are able to chat with the head master and listen for further instructions

  3. Botnet is the word to refer to a collection of compromised computers called (zombie computers) One of the most common and efficient Ddos attack methods is based on using hundreds of Zombie Hosts, Zombies are usually controlled and managed Via IRC(Internet Relay Chat) Uses of Botnets Sniffing Traffic-Bots can also use a packet sniffer to watch for interesting clear-text data passing by a compromised machine, The sniffers are mostly used to retrieve sensitive information like usernames and passwords Mass Identity Theft- Often the combination of different functionality described above can be used for a large scale identity theft, one of the fastest growing crimes on the internet. Bogus Emails (fake paypals or banking emails) What are Botnets?/What Are They Used for?

  4. How Do Botnets Work Figure 1: Structure of a typical botnet • An attacker first spreads a trojan horse, which infects various hosts. These hosts become zombies and connect to the IRC server in order to listen to further commands. • The IRC server can either be a public machine in one of the IRC networks or a dedicated server installed by the attacker on one of the compromised hosts. • Bots run on compromised computers, forming a botnet.

  5. Different Types Of Botnets • Agobot/phatbot/forbot/Xtremebot- This is probably the best known bot. Currently the AV vendor Sophos lists more than 500 known different versions of Agobot(sophos virus analyses) and this number is steadily increasing. The bot itself is written in C++ with cross-platform capabilities • Bots found on a daily basis • Q8bots- Q8bot is very small bot, consisting of only 926 lines of C-code. And it has one additional noteworthiness. Its written for Unix/Linux systems. It implements all common features of a bot. Dynamic updating via HTTP-downloads. Various Ddos- attacks • Perl-based bots- There are many different versions of very simple based on the programming language Perl. These bots are very small and contain in most cases only a few hundred lines of code. They offer only a ruimentary set of commands

  6. Interesting Botnet Cases • A teenager from New Zealand who was the ringleader of a hacking ring. The economic impact of the ring may have totaled 9.7 million dollars teenager was the head of an international spybot ring that has infiltrated computers around the world with their malicious software • London Oct 14th the former King of spam, the most talked about and studied botnet ever, has stopped producing spam say security experts from Marshal’s trace team. The storm botnet first came to prominence in January 2007 when the botnets creators spammed fake news headlines to entice web users into clicking on links that infected the user’s PC with malware. • A 20 year old hacker has plead guilty to seizing control of hundreds of thousands of internet- connected computers without their owners consent of knowledge. Some networks controlled were two military basis, he was doing this for 14 months started 2004 and earned him 61,000 dollars. The PC’s were marshaled into “zombies”

  7. Prevent Botnet on Your Computer • If a machine receives a denial-of service attack from a botnet, few choices exist. • Passive OS fingerprinting can identify attacks originating from a botnet. Network administrators can configure newer firewall equipment to take action on a botnet attack by using information obtained from passive OS fingerprinting • Some botnets use free DNS hosting services sush as DynDns.org. while these free DNS services do not themselves host attacks, they provide reference points (often hard-coded into the botnet executable) removing such services can cripple an an entire botnet

  8. Discussion • How can we stop botnets ? • Has anyone in this class every had a botnet on their computer?

More Related