Bot and Botnets By : Sitanshu Dubey Security analyst and researcher Hicube Infosec Pvt. Ltd. E-mail: email@example.com
Session Flowo Introductiono Type of Attackso History of Botneto Type of Botneto Workingo Some Statso Preventiono Conclusion
Introductiono Bots : Bots are short form of ‘robots’ which works on commands given by the Administrator. Here bots are refer to malware infected computers which is controlled by a hacker.
Introductiono Botnet : Botnet is a network of infected computers which works on commands issued by attackers. OR Botnet is a group of bots which is controlled by an attacker.
Type of Attackso DDoS Attackso Spammingo Key Loggingo Identity Thefto Phishingo Click Fraudo Distribution of Malwares (Spyware/Adware)
History of Botneto Originally used in IRC as a way to allow automated tasks to be done.o Eventually evolved into a way to automate malicious tasks.o Started with DoS/DDoS against servers. TFN, stacheldraht, trinoo (1999)
Types of Botneto IRC Based Botnet :o HTTP Based Botnet:o P2P Based Botnet:
Working1. Worm/Trojan programthats usually transmittedthrough a spam.
Working1. Worm/Trojan programthats usually transmittedthrough a spam. 2. Bot connects to IRC C&C channel
Working3. Botmaster sendscommands through IRCC&C channel to bots
Working4. Repeat. Soon thebotmaster has an armyof bots to control froma single point
Some Statso DDoS attack on an Asian e-commerce company in Nov. 2011o According to security company Prolexic it was the largest DDoS attacks in 2011o The 15,000 requests per second were performed by a botnet of 250,000 PCs in total, which together peaked at 45Gbps DDoS traffic.
Some Statso The DDoS attack was launched against Spamhaus , an organization that stops spam emails from getting to people’s inboxes, apparently by one or more of groups whose spam was being targeted, on 26 March 2013.o It is the Biggest Cyber Threat till the date.
ExamplesSome popular loaders are here:o Zeus Bot (Http Based)o VertexNet (Http Based)o SpyEye (Http Based)o GT Bot (IRC Based)
Preventiono Using anti-virus and anti-spyware software and keeping it up to date.o Using a firewall to protect your computer from hacking attacks while it is connected to the Internet.o Setting your operating system software to download and install security patches automatically.o Being cautious about opening any attachments or downloading files from emails you receive.
Conclusiono Attacker remains anonymous and hard to trace.o Used in many malicious activity.o It’s a biggest threat of internet.o Works automatically and autonomously