Presented by : Matthew Sulkosky COSC 316 (Host Security) BOTNETS A.K.A ZOMBIE COMPUTING.

Slides:

Advertisements

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Advertisements

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

By Hiranmayi Pai Neeraj Jain

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.

1 E LECTRICAL E NGINEERING AND C OMPUTER S CIENCES U NIVERSITY OF C ALIFORNIA Berkeley Combating Stealth Malware and Botnets in Higher Education Educause.

Chapter Nine Maintaining a Computer Part III: Malware.

Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

Internet safety By Lydia Snowden.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

Botnets An Introduction Into the World of Botnets Tyler Hudak

Tyler’s Malware Jeopardy $100 VirusWormSpyware Trojan Horses Ransomware /Rootkits $200 $300 $400 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 $500.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

2012 4th International Conference on Cyber Conflict C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) 2012 © NATO CCD COE Publications, Tallinn 朱祐呈.

MyDoom By: Philippe Bissohong. Background ► MyDoom  Novarg, Mimail.R and Shimgapi ► Computer worm, unlike a virus it attacks a network.

 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.

 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.

Network problems Last week, we talked about 3 disadvantages of networks. What are they?

BOTNETS Presented By : Ramesh kumar Ramesh kumar 08EBKIT049 08EBKIT049 A BIGGEST THREAT TO INERNET.

Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.

Johannes Hassmund (2009), Project Report for Information Security Course, Linkoping University, Sweden. Speaker : Hung-Jen Chiang Studying IDS signatures.

Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Host and Application Security Lesson 17: Botnets.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.

Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.

Malicious Software.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

Understand Malware LESSON Security Fundamentals.

Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.

NETWORK SECURITY Definitions and Preventions Toby Wilson.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.

Zeus Virus By: Chris Foley. Overview  What is Zeus  What Zeus Did  The FBI investigation  The virus for phones  Removal and detection  Conclusion.

Information Systems Design and Development Security Precautions Computing Science.

Computer Security Keeping you and your computer safe in the digital world.

Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.

Botnets A collection of compromised machines

Instructor Materials Chapter 7 Network Security

ISYM 540 Current Topics in Information System Management

Various Types of Malware

Botnets A collection of compromised machines

WJEC GCSE Computer Science

Test 3 review FTP & Cybersecurity

An overview over Botnets

Presentation transcript:

Presented by : Matthew Sulkosky COSC 316 (Host Security) BOTNETS A.K.A ZOMBIE COMPUTING

ROADMAP What is a Bot? Methods of Infection How Botnets Work Ramifications Methods of Protection Case Study : Conficker Worm Implications

WHAT IS A BOT? A “Bot” is a type of malware that is designed to allow an attacker control over your system. Many refer the infected machines as “zombies”, because they only do the attacker’s bidding. Bots rarely are singular, usually they are part of a network of Infected computers called a BotNet. Botnets can vary in size from hundreds of bots to millions of bots. The Conficker Worm has formed a Botnet is estimated between 9 to 12 million in size. Warning signs include: computer slowdown, mysterious messages, crashing, etc.

METHODS OF INFECTION There are numerous ways to be infected. A common method is for an attacker to place a Trojan horse on the machine, then use it to install the bot. There are numerous ways for a computer to become infected, other form of include: Attachments Zero day exploits Social Engineering Web Exploits File Sharing

HOW THE BOTNETS WORK The attacker who controls the bots or botnet are called botherder or controller. Often an application, client program, is used by the controller to issue commands to the botnet. This allows for efficient operation of the botnets, and commands to be issued to one or more of the bots at a time. The connections between the bots and controller is known as a command- and-control infrastructure.

HOW THE BOTNETS WORK

IMPLICATIONS Botnets can be used for a variety of purposes. In my opinion they are one of the most dynamic forms of malware. Since bots follow the commands of a central attacker, they can do anything that a hacker can think of. The common uses fit into the categories of : Cyber attacks, Spam generators, Distributors, Storage, or Fraud.

IMPLICATIONS Cyber attacks such as Denial of Service in order to extort money or carry out an agenda. Spam generators are a common use of botnets. It is estimated that 60% of spam s are bot generated. Distribution of malware is another use of botnets. They spread viruses, Trojan horses, rootkits, and can create new bots. Theft of personal or propriety information Storage of illicit or questionable information. Could be anything from personal information to violated copyright software. Clickfraud is a major use for botnets, the bots automatically click on webpage advertising to generate revenue for the page owner.

METHODS OF PROTECTION The Best Methods of Protection against bot infection: Anti-virus software Keep all software up to date and install new patches Increased security settings for web browsers Don’t open unverified attachments Limit user capabilities when online

METHOD OF PROTECTION Inorder to Stop a Botnet: There is only one effective way to kill it Shut Down the C&C server Typically done by legal authorities such as national Computer Emergency Response Teams (CERT). However, controller’s often implement their network through multiple C&C Servers for redundancy purposes or switch machines to make it more difficult to eliminate.

CASE STUDY : CONFICKER WORM First discover of the Conficker worm was in It is a worm that uses a combination of exploits to gain access to computer’s core operating system and add them to the Botnet. The well known methods are: exploitation of a vulnerability in security update (MS08-67), targeting networks with open share or weak passwords, using AutoPlay. Multiple variants of the Conficker worm, each can vary in infection medium and the command-and-control infrastructure.

CASE STUDY : CONFICKER

CASE STUDY : CONFICKER WORM Two largest variants are A and B, both use the same exploitation techniques. C&C infrastructure Conficker Variant A Every 3 hours a list of 250 domain names are generated and an URL request is sent to TCP port 80. If a Windows binary is returned and is validated against a public key stored by the worm. Conficker Variant B Differences include: Checks for commands every 2 hours, GEO IP included in Variant B, doesn’t attempt to download fake antivirus, attempts to disable host security, and anti-reverse engineering features

CASE STUDY : CONFICKER WORM Variant C Takes a big step up from variants A & B in C&C infrastructure. It can utilize a P2P structure. It allows for infected hosts to find other Conficker C peers using IP mappings, distribute/receive cryptographically signed content (only by Conficker Author), and execute verified content. Basically, each infected machine serves as a client and a server in order to spread and execute botmaster commands. It eliminates the Achilles' heel of variants A & B.

CASE STUDY : CONFICKER WORM Variant C Still has the capability for the C&C infrastructure of variant A & B. Generates 50,000 domains that possible could be the controller, of which 500 are chosen daily to query. Unlike A&B, who queried on five second intervals, variant C issues queries in random intervals between 10 and 50 seconds. The other major updates to this variant are: Virtual Machine Detection Website blocking Removal Prevention Features.

WORKS CITED Osborne, Charlie. “Symantec takes on one of the largest botnets in history.” CNET. CNET, 1 October Web. 28 October “About Botnets.” F-Secure. F-Secure, n.d. Web. 28 October 2013 Rouse, Margaret. “Botnet (Zombie Army).” SearchSecurity. TechTarget, February Web. 28 October 2013 “Bots and Botnets – A Growing Threat” Symantec. Norton. n.d. Web. 28 October Microsoft Support Site. Safety and Security, Web, 10 November Burton, Kelly. “The Conficker Worm”. SANS. SANS, n.d. Web 10 November 2013 Porras, Phillip, Saidi, Hassan, and Yegneswaran, Vinod. "An Analysis of Conficker's Logic and Rendezvous Points." SRI. February 4, Web. 10 November Porras, Phillip, Saidi, Hassan, and Yegneswaran, Vinod. "An Analysis of Conficker's Logic and Rendezvous Points." SRI. Fitzgibbon, Niall and Wood, Mike. "Conficker.C A Technical Analysis." Sophos. April 1, Web. 10 November Fitzgibbon, Niall and Wood, Mike. "Conficker.C A Technical Analysis." Sophos.