Presentation is loading. Please wait.

Presentation is loading. Please wait.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

Published byPhebe Randall Modified over 9 years ago

Similar presentations

Presentation on theme: "BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing."— Presentation transcript:

1 BOTNETS & TARGETED MALWARE Fernando Uribe

2 INTRODUCTION  Fernando Uribe  Email:furibe.mia@gmail.com  IT trainer and Consultant for over 15 years specializing in Cyber security.

3 WHAT IS A BOT?  Bot, Standing for Robot, is the name given to malware which I installed on vulnerable devices and used to receive commands.  Once a vulnerable machine is infected with a bot, it can also be called a “Zombie”; since the bot lies dormant

4 WHAT IS A BOTNET?  When one has multiple zombie machines under a single controller, it’s known as a botnet.  Botnets can be used for good, like web crawling or search engine indexing.  Majority of the time botnets are used for Distributed denial of service attack.  DDOS is when a target is being attack by multiple zombie machines simultaneously.  Usually bots are controlled through an IRC channel via a command and control program.  People whom operate bonnets are usually called bot herder

5 HOW DO BOTNETS GET CREATED?  There are several phases to this:  Setup of command and control  Release bot to infect  Have zombie propagate  Bots connect to C&C ready to receive instructions  Command is given to attack target  Bots attack said target

6 SETUP OF COMMAND AND CONTROL  Attackers may use various tools, one example is poison ivy, or they may create their own.

7 RELEASE BOT TO INFECT  This could be done via social engineering, phishing, fake websites.

8 PROPAGATE  Depending on the bot, this could occur in similar ways of worm infection or malware installation.

9 CONNECT TO C&C  Think “ET phone home!” the bots try to connect to the programmed irc channel and report status

10 COMMAND SENT  The command is for a coordinated and automated attack of a target.

11 ATTACK ORDERED  Once the bots receive the command, they start the attack till told otherwise.  Usually a DDOS

12 RECOGNIZING DOS  Few ways to recognize a possible DDOS attack  Websites unavailable  Specific site not available  Network access bogged down  Increase of spam received in large amounts

13 DETECTING DDOS  Ways to Detect :  Activity Profiling  Changepoint Detection  Wavelet-Based signal analysis

14 ACTIVITY PROFILING  This is the average packet rate for network flow  It’s made up continuous packets with like fields  An attack if identified when activity level increases

15 CHANGEPOINT DETECTION  Points out the change traffic during attack  Identifies difference in actual vs. expected traffic  Can also be use to identify scanning activities within your network

16 WAVE SIGNAL ANALYSIS  Analyzes input signal when it comes to spectral components  They give you concurrent time and how often description  By analyzing the spectral data one can determine the presence of an anomaly  So they help you get the time when anomalies may have occurred

17 ONCE WE KNOW WE MITIGATE ATTACK  2 examples of methods to mitigate a DDOS:  Load Balancing  Throttling

18 DEFENDING AGAINST BOTNETS  RFC 3704 filtering  Black hole filtering  Cisco IPS Source ip reputation filtering  DDOS prevention offering from ISP or DDOS service

19 RFC 3704 FILTERING  Also knows as Ingress filtering for multihomed networks  You're basically filtering out address space originating from internet that is using private IP addresses  Remember that private IP are not routable on public networks

20 BLACK HOLE FILTERING  Drops packets at routing level  Normally, hen a packet did not reach its destination it sends a request to resend, which would continue the attack.  Simply drops packet, but does not inform source

21 CISCO IPS SOURCE IP REPUTATION FILTERING  Used by cisco IPS  Database that deems whether an ip or service are to be a possible threat

22 DDOS PREVENTION FROM ISP  Helps prevent ip spoofing at the isp level  Uses DHCP snooping to make sure host use ip addresses assigned to them  Creates a white list in a way, of what ip address can access your network

23 TARGETED MALWARE  Different method for malware attacks, where an individual or entity are specifically targeted.  Usually malware uses a “artillery” approach, to hit and infect as many as possible.  Main objectives could be to obtain access to sensitive information, or disruption.

24 HOW IT WORKS  Attackers use all the tricks in the book fake emails, malware filled websites.  They research their victims, to be able to extract information  With the information gathered, a greater social engineering attack Can be successfully completed  Since the attacks are targeted to a smaller audience, it sometimes slip through the cracks due to them not getting reported

25 EXAMPLES OF TARGETED MALWARE  Stuxnet worm  Specifically targets industrial control systems  Hotord Trojan and Ginwui4  Both used in corporate espionage

26 DETECT AND MITIGATE  Some methods of detecting and mitigating malware:  Heuristics  Multi-layered pattern scanning  Traffic-origin scanning  Behavior observation

27 THANK YOU

Download ppt "BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing."

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.

PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.
Botnets An Introduction Into the World of Botnets Tyler Hudak

Botnets An Introduction Into the World of Botnets Tyler Hudak
Introduction to Honeypot, Botnet, and Security Measurement

Introduction to Honeypot, Botnet, and Security Measurement
Denial of Service A Brief Overview. Denial of Service Significance of DoS in Internet Security Low-Rate DoS Attacks – Timing and detection – Defense High-Rate,

Denial of Service A Brief Overview. Denial of Service Significance of DoS in Internet Security Low-Rate DoS Attacks – Timing and detection – Defense High-Rate,
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Similar presentations

Ads by Google