EC Council - Botnet Briefings

1,772 views
1,708 views

Published on

Discussion

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,772
On SlideShare
0
From Embeds
0
Number of Embeds
16
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

EC Council - Botnet Briefings

  1. 1. 1 3rd and 4th Generation Botnets EC-Council Briefings – (USA) Nov 13th Aditya K Sood. Founder , SecNiche Security
  2. 2. 2 Briefings Agenda • 3rd and 4th Generation Botnets • Restricted Botnets • Bot Toolkits – SpyEye • Conclusion
  3. 3. 3 3rd Generation Botnet • Economic Gains • Social Engineering Tricks • Exploiting Browsers and Software Vulnerabilities • Rootkit Operations • Stealth Hacking Techniques • Automated Infections Examples: SpyEye, Zeus, IRC bots
  4. 4. 4 4th Generation Botnet • Spreading Threats and Fear • Exploiting Dedicated Targets • Motive is not Money • Weaponizing the Bots • Cyber Weapon • Exploiting Industry Control Systems – Infecting Programming Logic Controllers – Exploiting SCADA Vulnerabilities Examples: Stuxnet
  5. 5. 5 Real and Deadly Botnet • What makes Botnet Deadly ? • Capabilities – Distributed Denial of Service – Spear Phishing, Spyware & Adware – Fast Flux – Spamdexing – Bot Wars – Killing the Paradigm – Stealing $$ from Targets
  6. 6. 6 Restricted Botnets • Driven with Specific Capabilities • Infection Channel is Unique • Inherent Bot Toolkits • Primarily, Monetary Benefits • Ineffective Usage – Spamming – Denial of Service • Example – SpyEye, Zeus
  7. 7. 7 Present Botnets – Only This !
  8. 8. 8 SpyEye - Framework • Bot Generation Toolkit • Banking Malware • Similar Structure as Zeus • Termed as Trojan – Stealing Nature • Restricted Botnet in Practice • Monetary Benefits • Does not Harness the Power of Bots for Third Party Attacks
  9. 9. 9 SpyEye - Framework • Components – Builder – Admin Panel – Form Grabber Admin Panel – Backend Database Server • Written in C++, PHP, MySql • Zeus Killing Mutex Code • Exploits Browser Functions
  10. 10. 10 SpyEye - Framework • Tactics and Techniques – Malicious Plugins Support – Self Designed SDK – Web Injects – Web Fakes – Bank Credential Grabbers – Bypassing NAT with SOCKS – Userland Rootkit – Ring 3
  11. 11. 11 SpyEye HTTP Interface Hooking
  12. 12. 12 SpyEye – Web Injects
  13. 13. 13 SpyEye – Web Fakes
  14. 14. 14 Conclusion • Botnet Taxonomy is Important • 3rd Generation Botnets – Too Good • Botnet Future is Never Ending • Require Sophisticated Protections
  15. 15. 15 Contact & Websites • Email adi_ks [at] secniche.org • SecNiche Security http://www.secniche.org • Malware at Stake Blog http://secniche.blogspot.com

×