Presentation is loading. Please wait.

Presentation is loading. Please wait.

Botnets: Yesterday, Today, and Tomorrow CS 598: Advanced Internet Presented by: Imranul Hoque.

Published byGinger Gallagher Modified over 9 years ago

Similar presentations

Presentation on theme: "Botnets: Yesterday, Today, and Tomorrow CS 598: Advanced Internet Presented by: Imranul Hoque."— Presentation transcript:

1 Botnets: Yesterday, Today, and Tomorrow CS 598: Advanced Internet Presented by: Imranul Hoque

2 How to Study Botnets? Passive analysis – Study spam e-mail, DNS queries by bot-infected machines, DNS blacklists, analyze network traffic, etc. Infiltration – Today’s paper (Spamcraft) Hijack! – Collaboration with domain registrars, future prediction in case of domain flux – UCSB researchers hijack Torpig for 10 days! 2

3 This Talk Centralized botnet – Agobot P2P botnet – Storm Interesting facts – Death of Srizbi – Twitter-based Botnet Command Channel Discussion – Tomorrow’s botnet 3

4 Botnet: The Old Way Internet Bot Herder IRC Server Execute Remote Command on Zombie Machines Webserver 4

5 Example: Agobot Public source code release: 2002 IRC based command and control DoS attack library Limited polymorphic obfuscations Harvests PayPal passwords, AOL keys, etc. Defends compromised systems – Killing anti-virus, testing for VMWare, altering anti- virus DNS entry Anti-disassembly mechanisms – Testing for debugger presence 5

6 Today’s Botnet Internet 6

7 Example: Storm Overnet Bot Herder Master Servers Publish Subscribe Give me work 7

8 Storm: Features Appeared in 2006, gained prominence in Jan 2007 First major botnet to employ P2P command and control architecture Recruits new bots using a variety of attack vectors – Email messages with exe – Email messages with link to infected sites – E-card spam User computing power of compromised machines – Sends and relays SPAM – Hosts the exploits and binaries – Conducts DDoS attacks First to spam with embedded mp3 (non-malicious) Provision for partial rental 8 Slide from: CS463

9 Effectiveness of Storm 9

10 Anti-malware Response Botnet variations make signature-based detection difficult – New email subject lines and file attachment names – Re-encoded malware binary twice per hour Anti-malware Response – Microsoft Malicious Software Removal Tool patch issued in September 2007 Correlated with 20% drop in size of the Storm Worm botnet Shows that aggressive removal of bots from botnet can make a significant impact on the size of the botnet 10 Slide from: CS463

11 Spamcraft Objective – Analyze spam templates and e-mail target list – Analyze how harvested e-mails are used Methodology – Request workload from proxy bot – Insert marker e-mails in worker harvest and report Important results – Frightening scale – Web based harvesting << bot-based harvesting 11

12 Srizbi McColo disconnected by upstream providers McColo disconnected by upstream providers 12

13 Twitter 13

14 Related Materials A Storm (Worm) Is Brewing. Brad Smith. IEEE Computer, vol. 41, no. 2, pp. 20-22, Feb. 2008. Spamalytics: An Empirical Analysis of Spam Marketing Conversion. C. Kanich, C. Kreibich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, and S. Savage. Proceedings of the 15th ACM Conference on Computer and Communications Security (ACM CCS), Alexandria, Virginia, pp. 3-14. On the Spam Campaign Trail. Kreibich, C., Kanich, C., Levchenko, K., Enright, B., Voelker, G. M., Paxson, V., and Savage, S. 2008. Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, San Francisco, California. Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm. Holz, T., Steiner, M., Dahl, F., Biersack, E., and Freiling, F. Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, San Francisco, California. An Inside Look at Botnets. Paul Barford and Vinod Yegneswaran. Advances in Computer Security, Springer 2007. Your Botnet is My Botnet: Analysis of a Botnet Takeover. Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna. Proceedings of CCS 2009, Chicago, Illinois. 14

15 Discussion How would you design tomorrow’s botnet? Preventive measures against tomorrow’s botnet? A botnet in the clouds? 15

Download ppt "Botnets: Yesterday, Today, and Tomorrow CS 598: Advanced Internet Presented by: Imranul Hoque."

Similar presentations

Botnets. Botnet Threat Botnets are a major threat to the Internet because: Consist of a large pool of compromised computers that are organized by a master.

Botnets. Botnet Threat Botnets are a major threat to the Internet because: Consist of a large pool of compromised computers that are organized by a master.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Your Botnet is My Botnet: Analysis of a Botnet Takeover

Your Botnet is My Botnet: Analysis of a Botnet Takeover
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.
Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.

Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.
The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.

The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.
463.4 Botnets Computer Security II CS463/ECE424 University of Illinois.

463.4 Botnets Computer Security II CS463/ECE424 University of Illinois.
Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.

Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
Threat infrastructure: proxies, botnets, fast-flux

Threat infrastructure: proxies, botnets, fast-flux
Borrowed from Brent ByungHoon Kang, GMU. A Network of Compromised Computers on the Internet IP locations of the Waledac botnet. Borrowed from Brent ByungHoon.

Borrowed from Brent ByungHoon Kang, GMU. A Network of Compromised Computers on the Internet IP locations of the Waledac botnet. Borrowed from Brent ByungHoon.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.

1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.
Botnets An Introduction Into the World of Botnets Tyler Hudak

Botnets An Introduction Into the World of Botnets Tyler Hudak
Introduction to Honeypot, Botnet, and Security Measurement

Introduction to Honeypot, Botnet, and Security Measurement
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Similar presentations

Ads by Google