Big Bad Botnet Day! Xeno Kovah In association with the Corporation for Public Botcasting, and Viewers Like You! Xeno Kovah In association with the Corporation.

Slides:



Advertisements
Similar presentations
Thank you to IT Training at Indiana University Computer Malware.
Advertisements

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Security for Internet Every Day Use Standard Security Practices and New Threats.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.
1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Windows Malware: Detection And Removal TechBytes Tim Ramsey.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.
Sravanthi Vattikuti Sri Harsha Devabhaktuni
Botnets An Introduction Into the World of Botnets Tyler Hudak
Introduction to Honeypot, Botnet, and Security Measurement
Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Article presentation for: The Dark Cloud: Understanding and Defending against Botnets and Stealthy Malware Based on article by: Jaideep Chandrashekar,
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
BotNet Detection Techniques By Shreyas Sali
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
COMP 2903 A27 – Why Spyware Poses Multiple Threats to Security Danny Silver JSOCS, Acadia University.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
BotNets- Cyber Torrirism Battling the threats of internet Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
Lit Space Monitoring for Botnets Stuart Staniford Chief Scientist 1/21/2008.
Nullcon Goa 2010http://nullcon.net Botnet Mitigation, Monitoring and Management - Harshad Patil.
BOTNETS Presented By : Ramesh kumar Ramesh kumar 08EBKIT049 08EBKIT049 A BIGGEST THREAT TO INERNET.
Trojan Virus By Forbes and Mark. What is a Trojan virus Trojans are malicious programs that perform actions that have not been authorised by the user.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Avoiding viruses and malware A quick guide. What is malware?  A virus and malware are the same thing  Spyware  Worm  Trojan  Virus.
Security. Security Flaws Errors that can be exploited by attackers Constantly exploited.
Host and Application Security Lesson 17: Botnets.
Botnets: Infrastructure and Attacks Slides courtesy of Nick Feamster as taught as Georgia Tech/CS6262.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Omar Hemmali CAP 6135 Paul Barford Vinod Yegneswaran Computer Sciences Department University of Wisconsen, Madison.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.
Open Malicious Source Symantec Security Response Kaoru Hayashi.
Measurements and Mitigation of Peer-to-peer Botnets: A Case Study on Storm Worm Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix Freiling.
Understand Malware LESSON Security Fundamentals.
Types of Malware © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.
NETWORK SECURITY Definitions and Preventions Toby Wilson.
Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August
The hidden part of TDSS Sergey (k1k) Golovanov, Malware Expert Global Research and Analysis Team Kaspersky Lab.
Information Systems Design and Development Security Risks Computing Science.
Zhiyu Wan and Shunxing Bao BOTNET ATTACKS ON CYBER-PHYSICAL SYSTEM.
1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.
Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,
R ANSOMWARE CAN ORIGINATE FROM A MALICIOUS WEBSITE THAT EXPLOITS A KNOWN VULNERABILITY, PHISHING CAMPAIGNS,
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
Presented by : Matthew Sulkosky COSC 316 (Host Security) BOTNETS A.K.A ZOMBIE COMPUTING.
Botnets A collection of compromised machines
Various Types of Malware
Botnets A collection of compromised machines
Risk of the Internet At Home
Internet Worm propagation
Botnets An Introduction Into the World of Botnets Tyler Hudak
Acknowledgement This lecture uses some contents from the lecture notes from: Dr. Dawn Song: CS161: computer security Richard Wang – SophosLabs: The Development.
Acknowledgement This lecture uses some contents from the lecture notes from: Dr. Dawn Song: CS161: computer security Richard Wang – SophosLabs: The Development.
Introduction to Internet Worm
An overview over Botnets
Presentation transcript:

Big Bad Botnet Day! Xeno Kovah In association with the Corporation for Public Botcasting, and Viewers Like You! Xeno Kovah In association with the Corporation for Public Botcasting, and Viewers Like You!

What is a bot? botnet? G A “bot” in the botnet sense of the word is a program which was installed by a malicious 3rd party to control the computer G Each bot can accept commands from a controlling entity G When many bots can be controlled simultaneously to perform specific actions, this is a botnet G A “bot” in the botnet sense of the word is a program which was installed by a malicious 3rd party to control the computer G Each bot can accept commands from a controlling entity G When many bots can be controlled simultaneously to perform specific actions, this is a botnet

History. How did we get here?  First D DoS tools (trinoo, TFN2k, Stacheldraht) + G Trojans (BackOrifice, BO2k, SubSeven, others) + G Worms (Code Red, Blaster, Sasser) + G IRC Bots  = “ Bots ” or “ Zombies/Drones ” or “ Trojans ” depending on which “ expert ” you ’ re asking what EXACTLY it does(subtle) or it ’ s context  First D DoS tools (trinoo, TFN2k, Stacheldraht) + G Trojans (BackOrifice, BO2k, SubSeven, others) + G Worms (Code Red, Blaster, Sasser) + G IRC Bots  = “ Bots ” or “ Zombies/Drones ” or “ Trojans ” depending on which “ expert ” you ’ re asking what EXACTLY it does(subtle) or it ’ s context

Infection vector G EVERYTHING! :) G virii, IE browsing exploits, remote exploits, social engineering, trojaned binaries, etc G EVERYTHING! :) G virii, IE browsing exploits, remote exploits, social engineering, trojaned binaries, etc

What do they COMMONLY do? G DDoS (origin) G SPAM G Phishing/Identity Theft G Keystroke logging G Stealing registration keys or files G Click fraud G Whatever you pay for them to do! Or whatever makes money or is fun for the operator. G DDoS (origin) G SPAM G Phishing/Identity Theft G Keystroke logging G Stealing registration keys or files G Click fraud G Whatever you pay for them to do! Or whatever makes money or is fun for the operator.

Botnet economics 101 G Extortion = $$$ (IF you pick a good target) G SPAM = $$ (easy money, but beware supply & demand) G Phishing = $$ G Click fraud = $ (likely to be shut down) G The feeling of intoxicating raw power commanding an army of undead computers to do your every bidding? Priceless G Extortion = $$$ (IF you pick a good target) G SPAM = $$ (easy money, but beware supply & demand) G Phishing = $$ G Click fraud = $ (likely to be shut down) G The feeling of intoxicating raw power commanding an army of undead computers to do your every bidding? Priceless

Typical botnet topology G IRC based (hence the name ;) G Centralized control G Stepping stones to get to control G Exact machine controlling can be changed thanks to handy dandy free dynamic DNS services G password protected control (sort of, mainly just obscurity) G Customized/stripped down IRC clients G IRC based (hence the name ;) G Centralized control G Stepping stones to get to control G Exact machine controlling can be changed thanks to handy dandy free dynamic DNS services G password protected control (sort of, mainly just obscurity) G Customized/stripped down IRC clients

Botnet using only strait lines! Entire Chain(s) observed, All zombies identified

Emergent control structure? G Gao/Ago/Phatbot added P2P control G Phatbot allows WASTE… G BUT it’s kinda pointless stripped out the good bits, presumably for “ease of use”, and from the looks of it it’s still centralized, but you just might not need a dyn-DNS provider G Ago’s P2P technique? G Gao/Ago/Phatbot added P2P control G Phatbot allows WASTE… G BUT it’s kinda pointless stripped out the good bits, presumably for “ease of use”, and from the looks of it it’s still centralized, but you just might not need a dyn-DNS provider G Ago’s P2P technique?

Improved topology? Tricky G P2P is both good and bad, depending on assumptions G Good: distributed C&C, possible better anonymity (integrated mixnets/tor?) G Bad: distributed C&C :), more information about network structure directly available to good guys IDS, overhead, typical p2p problems like partitioning, join/leave, etc G P2P is both good and bad, depending on assumptions G Good: distributed C&C, possible better anonymity (integrated mixnets/tor?) G Bad: distributed C&C :), more information about network structure directly available to good guys IDS, overhead, typical p2p problems like partitioning, join/leave, etc

Detection/Prevention G Detection: fairly easy G MINDS cheated!, but it COULD do G Honeynet G Harder if P2P? Maybe G Prevention/Shutting down entire network: very hard G Much harder if P2P G Detection: fairly easy G MINDS cheated!, but it COULD do G Honeynet G Harder if P2P? Maybe G Prevention/Shutting down entire network: very hard G Much harder if P2P

Anti-anti-virus & anti- debugging/disassembly G (quick word on malware “best practices” ;) G Terminate known AV software processes G Refuse to run in debugging/VM environment G Rootkit obfuscation G (quick word on malware “best practices” ;) G Terminate known AV software processes G Refuse to run in debugging/VM environment G Rootkit obfuscation

On innovation G Major families of bots have had their source code “leaked” at some point G Therefore there’s a LOT of code reuse G Previously it was all about recognition G Becoming profit driven  (just like the “security industry”!) :P G Major families of bots have had their source code “leaked” at some point G Therefore there’s a LOT of code reuse G Previously it was all about recognition G Becoming profit driven  (just like the “security industry”!) :P

Related Buzzwords! G OS hardening G IPS/IDS G Stepping Stones G Sybil Attack G Encrypted, Obfuscated, or Anonymous P2P G DDoS G Worm prevention (in particular flash worms) G Many others G OS hardening G IPS/IDS G Stepping Stones G Sybil Attack G Encrypted, Obfuscated, or Anonymous P2P G DDoS G Worm prevention (in particular flash worms) G Many others

Refs G / (Germans being germane ) / G (1 yr old) G (kinda old, but still fairly informative about the IRC aspect)  G Lots of little news articles found by googling & searching The Register G / (Germans being germane ) / G (1 yr old) G (kinda old, but still fairly informative about the IRC aspect)  G Lots of little news articles found by googling & searching The Register

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.