Puppetnets and Botnets: Information Technology Vulnerability
          Exploits that Threaten Basic Internet Use
With all the publicity over hacker phishing and pharming
security experts to strategize a response to the growing security...
Table 1.     Resource Listing for Comparative Analysis of
attempts are often covert and their source of origin very difficult
A recent breach reported on the local Atlanta news (2007,
appropriate. The same old method of highlighting awareness of
[7] Gaudin, Sharon., (2007, February 6). CDC plagued by virus
[26] Threat analyses: These analyses describe some of the more
[19] Sadasivam, K., Samudrala B., & Yang,T. A., (2005, Apri...
Upcoming SlideShare
Loading in …5

Puppetnets and Botnets: Information Technology Vulnerability Exploits


Published on

The focus of this paper is to identify dominant trends of
information security threats to the Internet 2001 to 2007. This
paper is intended to provide an understanding of the new
emphasis of attacks through use of robotic networks and how
some users and organizations are already preparing a response
using innovative visualization techniques in conjunction with
traditional methods. The scope of research will focus on basic
enterprise level services that are commonly provided by various
corporations; e.g., e-mail, browser applications, wireless and
mobile devices, IP telephony, and online banking. The research
will first review the network infrastructure common to most
corporate organizations and assume basic enterprise components
and functionality in response to the current security threats. The
second emphasis will consider the impact of malware robotic
networks (Botnets and Puppetnets) on the corporate network
infrastructure and how to address these threats with new and
innovative techniques. This approach is pragmatic in application
and focuses on assimilation of existing data to present a
functional rationale of attacks to anticipate and prepare for this
coming year.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Puppetnets and Botnets: Information Technology Vulnerability Exploits

  1. 1. Puppetnets and Botnets: Information Technology Vulnerability Exploits that Threaten Basic Internet Use Erwin Louis Carrow University System of Georgia Board of Regents 270 Washington Str. S.W. Atlanta, Georgia 30334 USA 404-657-9890 erwin.carrow@usg.edu email service, website hosting, Internet web browsing, and Abstract connectivity through both wired and wireless access points. The focus of this paper is to identify dominant trends of Additional services include, depending upon the complexity of information security threats to the Internet 2001 to 2007. This the network, Domain Name Service (DNS), Intrusion Detection paper is intended to provide an understanding of the new Service (IDS), Intrusion Prevention service (IPS), Firewall for emphasis of attacks through use of robotic networks and how network perimeter security, and some type of Domain X500 some users and organizations are already preparing a response Directory service for user level access control. The vector for using innovative visualization techniques in conjunction with hacker exploitation has not dramatically changed over past years, traditional methods. The scope of research will focus on basic but the vehicle for implementation of the attack has become enterprise level services that are commonly provided by various increasingly automated and subversive under the guise of robotic corporations; e.g., e-mail, browser applications, wireless and attacks. These attacks are often made using unknowingly mobile devices, IP telephony, and online banking. The research compromised users’ personal computers or corporate resources will first review the network infrastructure common to most employed for malicious internet attacks through ordinary web corporate organizations and assume basic enterprise components browser code or in underlying background processes through and functionality in response to the current security threats. The some remote control access. These infected systems act as second emphasis will consider the impact of malware robotic conduits for malevolent attacks redirected against individual networks (Botnets and Puppetnets) on the corporate network users, websites, or network domains. Once a hacker or organized infrastructure and how to address these threats with new and crime element has gained control of an extensive array of these innovative techniques. This approach is pragmatic in application computer devices, they can then be used as an army of resources and focuses on assimilation of existing data to present a to launch single or multiple attacks against an Internet objective. functional rationale of attacks to anticipate and prepare for this These networks of hacker control systems are commonly referred coming year. to as Zombies, Botnets, and in lesser degree, Puppetnets. With the introduction of new technology, older exploits are being General Terms retooled for the new infrastructure communications capabilities which include: IP telephony integration, wireless and mobile Management, Measurement, Documentation, Performance, devices, video, and storage area networks. Currently the Design, Security, Human Factors, Theory, Verification. application of technology exploitation is fertile and seemingly limits-less due to the ever-growing avenues of technological Keywords advances. This explosive growth of the internet has challenged effective network infrastructure administration, and more Botnets, Puppetnets, Black holes, Honeypots, Honeynets, importantly, the ability of security for tools and processes to Honeymoles, Security Threat Gateway (STG), user space mitigate malicious exploitation of ordinary users. This paper will summarize common exploits in current use, and propose methods 1. INTRODUCTION in how to identify the basic tactics and respond in a timely manner. Current trends in Information Technology Security exploits have progressively placed more emphasis on targeting common 2. TRENDS AND CURRENT STATE OF services used to support users and corporate entities. The most common services for corporate entities and home users consist of VULNERABILITY The use of automated attacks has become so serious that Permission to make digital or hard copies of all or part of this work for many are questioning the security of Internet use for online personal or classroom use is granted without fee provided that copies are banking, email, or even simple web browsing. In December of not made or distributed for profit or commercial advantage and that 2006 the Microsoft Corporation announced their concerns over copies bear this notice and the full citation on the first page. To copy Botnets, Zero-day exploits, Trojans, and Rootkits infected otherwise, or republish, to post on servers or to redistribute to lists, computers. Starting in January 2007 Microsoft has organized requires prior specific permission and/or a fee. Information Security Curriculum Development Conference’07, several closed doors meetings with a broad cross section of September 28-29, 2007, Kennesaw, Georgia, USA. Copyright 2007 ACM 978-1-59593-909-8/00/0007…$5.00. 85
  2. 2. With all the publicity over hacker phishing and pharming security experts to strategize a response to the growing security and the years of investments corporations have made in educating concerns. Microsoft’s motivation stems from their own statistical users, one would think these social engineering exploits should figures exemplifying that “half of the four million malware now be ineffective. Because the naïve users are often exploited infected systems detected in the second half of 2006 … were through perceived trusted relationships or an organizationally safe under the control of Botnets of one kind or another.” Similarly, environment, basic social engineering within a personal or the Symantec Corporation identified 4.5 million computers in the corporate setting is still being successfully implemented. first half of 2006 which were infected with robotic malware [4, 6]. Organizations still need to provide practical steps to improve Microsoft’s concern and response can clearly be seen in the existing policies and train users in how to respond or more often simple use and function of their new Vista operating system how not to respond to such exploits [16]. The sophistication of which closely monitors all user activities and delivers immediate implementation for these attacks has many recognizing that feedback if an unexpected or unsecured operation is attempted. organized crime is investing more effort in concealing their tracks The underlining threat identified in these meetings is that these by using unsuspected users’ systems. Various experts are Botnets were not isolated autonomous entities, but tightly predicting that criminal organizations will cause unprecedented controlled and organized networks. The consensus is that this losses in 2007 targeting “corporate and consumer defenses” army of zombie computers are being controlled and used for through use of zombie computers organized into Botnets. These various applications by organized crime. Botnets enable spyware, spam, spim, phishing attacks, and DDOS As a part of a survey taken in 2005 of over 1400 attacks resulting in billions of dollars in lost revenue from theft, corporations ranging from finance to manufacturing; over 1240 extortion, or productivity [17] [27]. With this level of were banks located in the United States reported that, 59% were sophistication comes a new level of challenges for system increasing their IT security investment in privacy and transaction administrators in SMB corporate network environments and the processing, 70% were increasing security software, and 80% had already adopted vital security intrusion Comparison of Malware Security Trends from 2001 to 2007 detection and prevention infrastructure Type of Author / Title Number of contributors Year of [5]. This emphasis is not expected to comparis publication / publicatio change for 2007 where the number one on corporation n and two items for technological trends for expansion and development in the Gibson, Spyware was Single Contributor, 2005 Moderate Small Medium Businesses (SMB) Steve Inevitable academic peer reviewed overview market are security and storage area SCMagazine IT security reboot Staff Reviewed 2006 Detailed networks. It is expected that the SMB Staff 2006: The year's overview spending will exceed large businesses top news expenditures [3]. Banking industry’s motivation for leading the way in 2003 Detailed Keizer, Gartner outlines One contributor and security implementation is very clear; overview Gregg top enterprise professionally peer they must protect the interest of their security threats for reviewed clients. 2003 Consumers now alerted to the Maguire, Top Ten 2007 One contributor used 2006 Moderate significance and capability of Internet James Security Problems: Corporate feedback for overview deception are requesting more stringent Predictions statistical review constraints to safeguard their online SANS Staff SANS top-20 Significant number of 2006 Very transaction processing. A recent online Internet security contributors from the detailed survey commissioned by RSA Security professional community Inc. in Bedford Massachusetts stated and academic peer review 52% “are ‘somewhat’ or ‘very much’ Schneier, Attack trends 2004 Single Contributor, 2005 Moderate less likely to sign up for or continue to Bruce, and 2005 academic peer reviewed overview use online services from their banks” due to the dominating deceptive SANS Staff The Top 10 Most Significant number of 2001 Very phishing trends. This is an increase of detailed Critical Internet contributors from the 39% from the 2005 survey and 49% Security Threats professional community from the 2004 survey. The survey and academic peer review indicated 82% of the respondents were Interview via a podcast 2007 Limited, SOPHOS Threat analyses: “somewhat” or “very much less likely” broadcast with technical applicatio Staff These analyses to respond to e-mail messages from their security expert n describe some of banks and 5% had actually revealed primarily the more common sensitive information due to phishing focused or interesting [22]. Clearly from consumer feedback, upon IBot threats and the common user is overwhelmed by the activity applications. level of fraud that dominates the Internet. ordinary home user. No longer is it just the larger corporate entity that is at risk, but even more commonly, the Internet user. 86
  3. 3. Table 1. Resource Listing for Comparative Analysis of Trends 3. RECOGNITION OF THE CHALLENGES FOR INTERNET SECURITY Through a comparative analysis of security exploits and trends from various resources, there is relatively little difference between the exploits used today as compared to 2001. Table 1 highlights the research and analysis of exploits from 2001 to the present from various contributors. The research incorporates a broad cross section of organizations with insight and contribution ranging from individuals to large peer-rated committees. There have been new innovations, but the basic hacking attack process Figure 1. Sample code for Puppetnet DDoS attack [12] has remained the same but with a greater emphasis on the Unlike Botnets, a Puppetnet’s level of control is limited and deployment vehicle – Puppets and IBots. These contributors also the infection difficult to detect since the systems themselves are exemplify how organized crime is playing a significance role in not actively infected and activities are limited to the browser their use and application of these exploits. New technology has memory space (sample code is shown in figure 1), where code is afforded more flexibility and freedom since Botnets and piggyback over normal HTTP traffic exchange. The exploit Puppetnets have allowed the attacker to maintain their autonomy limits its activity to the TCP/IP protocol stack application layer and anonymity. Though progress has been made, there are very spawning background session processes through the guise of the few advances in trace-back techniques to clearly identify the browser, never infecting the local host operating system (figure sources of most attacks using TCP and even fewer with UDP due 2). Therefore, little detection is available from traditional to the connectionless characteristics of the protocol [24]. Even malware detection tools. Since the threat is not localized and more significant is the lack of substantial government interacting with the operating systems’ core processes, the user involvement to safeguard individual users from loss. The Federal remains unaware their machine is being used to act against others Bureau of investigation will not involve themselves in any acts of remotely. Also the level of control from the hacker is very loss unless they are substantial. Therefore, careful assessment limited, thus the system is a puppet on a string versus an IBot must be made to ascertain the extent of corporate or individual zombie. This demonstrates the elusive nature of various tools that user liability before government support can be expected. With the new Internet criminal is using for personal gain and profit. that understanding, consideration can be given to the tools the The malicious payload has not changed (can use a variation on a hacker is using to exploit resources or extort information. Once common worm infestation), but the method of delivery has now associated pitfalls are effectively identified then the proper become virtually untraceable making it difficult to determine if constraints can be implemented to mitigate loss. you are the medium for carrying out someone else’s misdeeds Botnets, more common than Puppetnets, have been (figure 3). The system application layer infection incurred for cultivated and allowed hackers to remotely take control of a puppet-like control of your system through visiting an infected user’s machine to do their own bidding through some backdoor or “authentic” websites. Here the sponsor is unaware that they are rootkit application embedded on some unsuspected host. A basic transmitting a worm infection to propagate Puppets and create limitation once the computer device has been taken over is that Puppetnets. The same situation can occur as with many of the they must be on and accessible via the Internet. The level of current phishing and pharming scams, whereby users are lured to control is extensive and system process domination is very a malicious website to exploit personal information gained obvious. There are currently many malware applications on the through social engineering, and in the process the victim can also market today that are capable of monitoring and identifying receive a piggybacked puppet exploit, as well as lose valuable whether a system is infected or not [15]. The use of these personal information. [12]. applications can limit the affect of possible infection. A common scenario process for infection to occur is for an unsuspecting user to download some utility they find on the network. Upon installing the application to their system, not realizing in the background, code from the same install adds a backdoor to their system created for the hackers’ later use. Once installed, some malicious utilities are capable of replicating themselves to other systems on the same network, extending the hackers influence and capability. These common exploits are referred to as Viruses, Trojans, and Worms with the distinctive term identified from the extent of their capabilities. Figure 2. DDoS using Puppetnets [12] 87
  4. 4. attempts are often covert and their source of origin very difficult to trace [1]. Though there are degrees of success, many issues still need to be addressed for wireless and mobile technology applications. Less common than wireless exploits, mobile cell phone devices can be subject to Distributed Denial of Service attacks. In these types of attacks, the wireless device is flooded with unsolicited traffic where at a minimum, the users’ cell phone battery is drained of power and rendered useless [23]. Today there are many Zero Day exploits and application layer vulnerabilities that are not detected by scanning software. Traditional malware vulnerability schemes attempt to address the current functionality of malware that has been embedded into operating systems. This process of observation identifies and monitors process events that make calls to application resources not initiated by the system user. Many such applications position themselves between the kernel and system application to measure process calls and identify patterns and behaviors. For most malware to be effective, it must evade user and anti-malware Figure 3. How Puppetnets propagate worms from infected applications’ detention as demonstrated with Puppetnet server through browsers [12] technology. The new strands of attacks demonstrate the elusive characteristics and capability of malware. New patterning The Centers for Disease Control on February 2, 2007, fell methods must be developed for event processing in anticipation of victim to a virus attack that was spread to many innocent viewers zero-day attacks [15]. In a recent interview with a representative through their websites’ video downloads. Currently the breach is from Sana Security, Jon Summers (personal communications, being investigated, and the full extent of the exploits is being February 13, 2007) highlighted the time lag seen in figure 4, determined [7]. This event brought in the support of the Federal between when an anomaly is identified, and a fix is posted by government due to the risk of the target being attacked. What is most antiviral solution providers. What is significant is the significant is that a public radio announcement along with public minimum of 30 hours before a fix can be released and applied, announcement services suggested that if you had visited the site and the 30 days for full deployment to be implemented. This you could be vulnerable to virus infection. This announcement figure should alert us all to level of risk inherent till an shrouded in ambiguity suggests a footprint similar to the very appropriate patch can be created, deployed, and implemented. nature of a puppet viral infection. Therefore even if you viewed The obvious question is, if a vulnerability is identified, how are the site you could now be a tool for hacker exploitation infected the unsuspecting victim’s systems being utilized till a fix is from a Puppet sick website (figure 3). This deceptive charade of applied? representing websites as valid representations of commercial institutions sites to gain personal information from unknowing users has been prevalent since 2004. Commonly known as phishing, the basic principles employed by hackers is to combine social engineering with technical deception by making it look authentic and safe. Awareness and validation are key considerations that users and businesses should incorporate into their understanding and security practices in combating loss and avoidance of deception. This means one cannot be indifferent. Internet security is more than a proper technological application of standards. It is the knowledge and understanding of who one’s enemy is and how to avoid being exploited [28]. These attack models can be used to exploit not just Local Area Network (LAN) or Wide Area Network (WAN) topologies, but also Wireless Local or Metropolitan Networks as well (WLAN, WMAN). Stanford researches are focusing on the Figure 4. Time delay comparison of malware detection to current wireless technology afforded to hackers and the various deployment of safeguard - SanaSecurity. vulnerabilities this technology provides to interrupt normal operations. Their study describes wireless frequency patterning to 4. DISCUSSION establish signal-prints of would-be attackers spoofing various MAC addresses. From these signal-prints, cross-referenced Solutions for the avoidance of hacker’s exploits, whether vectors can geographically pinpoint origins of disruption. The they are Botnets, Puppetnets, or other maladies have not really cross vectoring of signals identifies typical patterns behind the changed; they now just require more diligence and caution. sources of various attacks; it can confirm that an attack is actually Common sense mitigation includes: system patch updates, occurring and locate the origin of the transmissions. Part of the disabling JavaScript, filtering attack signatures, implementing problem encountered in combating penetrations and attacks is tighter controls for client-side and server-side behavior, determining if they are really occurring in real-time since monitoring traffic flows, and employing tracing methods as 88
  5. 5. A recent breach reported on the local Atlanta news (2007, appropriate. The same old method of highlighting awareness of February 22) identified how a hacker had infiltrated a university the problem and then of addressing the problem to the proper network infrastructure and accessed faculty, staff and student authorities or corporate stakeholders to determine a cost effective information. Details are still pending, but it is clear these method to mitigate risk still applies. Training of staff regarding activities were discovered and captured with Honeynet tools the operational procedures that must be applied for conducting currently being implemented at Georgia Technical University. business using Internet resources must be consistently emphasized Per a recent interview with Chris Lee (personal communications, and regularly scheduled [16]. Training for the common Internet February 15, 2007), the administrator at Georgia Institute of user poses a different sort of problem which can only be Technology Honeynet research Project, there are many variations addressed informally. But even more than the operational of the Honeypot application. Honeypots at Georgia Institute of procedures, technical applications embracing new relevant tools Technology are purposely being deployed for high-interaction, that defend or define the extent or application of an attack need to low-interaction (nepenthes), WiFi, as virtual systems in VMware, be incorporated into the strategic makeup of every network. VPN bridged-ethernets to form large Honeynets, and Honeymoles The Black Hole network is one such method. A Black Hole which redirects traffic to remote network locations. The network is a strategic practice of network placement for significance of this approach is that attackers are constantly being redirection of unused address space traffic to a black hole address tracked and monitored to identify the extent of their capabilities space for statistical analysis to include avoidance of malicious IP for analysis and documentation. traffic originating from Internet attackers and has been in practice Some scholars have focused their efforts on attempting to for many years [2]. Various applications for this practice are now create visual representations of identified attacks so that through starting to be employed in many practical ways to mitigate attacks simple observation a user can immediately respond [11]. Through through redirection of bogus packets for statistical analysis to this tracking and observing of tagged session flows, a visual dead address space (figure 5). Because a hacker quickly representation can be seen of any perceived attack (figure 6). discovers that their attempts are being redirected, those that Attack detection is, therefore, not dependent upon signature or employ black hole techniques are combining this technique with a anomaly based applications to alert the user. One of the major viable target to maintain the attackers’ interest for further analysis problems that system administrators experience is determining of their tactics. whether an attack is occurring in real-time. Typically system administrators spent valuable time having to sift through superfluous data before assuming a course of action to counter an attack. With a visual representation of suspicious qualifiable patterns, administrators gain more insight in how to initiate an immediate response to an attack [13]. Therefore, we have moved beyond basic signature or anomaly based detection methods with preprogrammed responses often seen in most IDS or IPS application to a more intuitive human sensory approach that can clearly identify and distinguish traffic patterns quickly and respond accordingly. Visualization of attack patterns gives the system administrator for a network another definitive tool of what is actually happening on the network in real-time [18]. The application of visual representation of network traffic is becoming a dominant trend in the war to combat Internet crime. Figure 5: Internet traffic sensor redirection architecture [2] To maintain a hacker’s interest, researchers at the University of Houston in Houston, Texas justify the use and application of “Honeypots” to aide in computer forensic efforts. A common deployment for system administrators maintaining a hacker’s attention is to include a computer system’s presence in the dead address space (Blackhole) that demonstrates potential for exploitation. Through the safe and effective practice of Honeypots, hacking strategies are analyzed and trends determined to more effectively counter criminal exploits. A more extensive application of the Honeypot concept is when multiple devices listed in unused address space are available and vulnerably configured. This concept is called a Honeynet. Security technicians need to gain more understanding of the hackers attack trends so loss may be minimized. Honeypots and Honeynets provided a controlled test environment that identifies these exploit trends and provides valuable insight [19]. Now that ethical Figure 6: Impromptu Client with Activity Wear, User practices and legal constraints have been clearly identified, Characterization, and Media Characterization [11] Honeynets are common in application providing valuable data to aid research in combating Internet abuse. 89
  6. 6. [7] Gaudin, Sharon., (2007, February 6). CDC plagued by virus 5. CONCLUSION AND FUTURE WORK of a different strain. Information Week. Retrieved February The general motivation and methods of common information 16 2007, from technology exploits have not changed in the past five years. http://www.informationweek.com/news/showArticle.jhtml?a Instead, the methods have become more technically elite and rticleID=197003756. challenging to identify. Clearly, various organizations are voicing [8] Gibson, Steve, (2005, August). Spyware was Inevitable. a concern over the influence and capability of Botnets and Communications of the ACM, Vol. 48, No. 8. Puppetnets and the elements of organized crime propagating their use. New technical innovations provide many opportunities for [9] Keizer, Gregg, (2003). Gartner outlines top enterprise the reworking of older known hacker exploitations, with a new security threats for 2003. Retrieved January 25 2007, from medium for transmission. Though there are new methods, they http://www.techweb.com/wire/26800849. are often nothing more than a variation of a past exploits. Social [10] IT security reboot 2006: The year's top news. (2006, Engineering, Viruses, Trojans, DDOS, and Worms can be December 14). Retrieved January 25 2007, from repackaged in many different ways. The social mindset and http://www.scmagazine.com/us/news/article/610018/it- orientation of the attacker and the typical strategic approach of security-reboot-2006-years-top-news/. their attacks has remained the same [29]. Our response today must [11] Jennifer Rode, Carolina Johansson, Paul DiGioia, Roberto have the same level of sophistication employed by the new Silva Filho, Kari Nies, David H. Nguyen, Jie Ren, Paul innovations that hackers are implementing. We need to educate Dourish, and David Redmiles, (2006, July). Seeing further: Internet users of the hackers’ exploits and current trends. We also Extending visualization as a basis for usable security. need to track and monitor exploits being employed in order to SOUPS 2005, July 12-14, 2006, Pittsburgh, PA, USA, 145- anticipate future attacking strategies, graduating level of hacker 155 enticement with containment through methods seen in Blackhole and Honeynet applications. There are many new strategic [12] Lam, V. T., Antonatos, S., Akritidis P., & Anagnostakis, K. methods and tools of application that can be deployed to identify G., (2006, October). Puppetnets: Misusing web browsers as a and anticipate an attack. Extensive research should be devoted to distributed attack infrastructure. Proceedings of the 13th visualization techniques. More practical tools should be explored ACM Conference on Computer and Communications to empower the common Internet user. The Internet today is Security CCS '06, ACM Press, 221-234. faster, more information enriched, and sadly, unsafe from [13] Lee, C. P., & Copeland, J. A., (2006, November). FlowTag: malicious exploitation of the ordinary user. A collaborative attack analysis, reporting, and sharing tool for security researchers. Proceedings of the 3rd International 6. REFERENCES Workshop on Visualization for Computer Security VizSEC '06, ACM Press, 103-107. [1] Cheriton, D. R., & Faria, D. B., (2006, September). Detecting identity-based attacks in wireless networks using [14] Maguire, James, (2006, December 20). Top Ten 2007 signalprints. Proceedings of the 5th ACM workshop on Security Problems: Predictions. Retrieved January 25 2007, Wireless security WiSe '06, ACM Press, 43-52. from http://www.esecurityplanet.com/article.php/11162_3650151 [2] Cooke, E., Bailey, M., Mao, Z. M., McPherson, D., Watson, _2. D., & Jahanian, F., (2004, October 29). Toward understanding distributed blackhole placement. WORM, [15] Moffie, M., Cheng, W., Kaeli, D., & Zhao, Q., (2006, ACM Press, 54-64. October). Hunting Trojan Horses. Proceedings of the 1st Workshop on Architectural and System Support for [3] Cox, Mark, (2007, February). Top ten trends among SMBs. Improving Software Dependability ASID '06, ACM Press, eChannelLine Daily News, Retrieved February 15 2007, 12-17. from http://www.connectitnews.com/usa/story.cfm?item=437. [16] Orgill, G. L., Romney, G. W., Bailey, M. G., & Orgill, P. M., (2004, October). The urgency for effective user privacy- [4] Criminals increasingly turn to zombie PCs – Microsoft fears education to counter social engineering attacks on secure the rise of the Botnet. (2006, December 27). Techworld computer systems. Proceedings of the 5th Conference on Kavanagh Report, Retrieved January 25 2007, from Information Technology Education CITC5 '04, ACM Press, http://www.techworld.com/news/index.cfm?newsID=7674. 177-181. [5] De Guzman, Mari-Len, (2005, June 20). Banks to spend [17] Reavis, James, (2007, January 17). Ready or not, here comes more on IT security, survey says privacy regulations and 2007! Retrieved January 25 2007, from other compliance issues are behind the spending uptick. IDG http://www.riskbloggers.com/jimreavis/2007/01/ready-or- News Service. Retrieved January 25 2007, from not-here-comes-2007/. http://www.computerworld.com/action/article.do?command= viewArticleBasic&articleId=102642. [18] Rode, J., Johnansson, C., DiGioia, P., Filho, R. S., Nies, K., Nguyen, D.H., Ren, J., Dourish, P., & Redmiles, D., (2005, [6] Dunn, John E., (2007, January 24). Microsoft Holds Botnet July 12-14). Seeing further: Extended visualization as a basis Summit – Secret Squirrels Mull Security Threats. Techworld for usable security. Symposium on Usable Privacy and Kavanagh Report. Retrieved January 25 2007, from Security, SOUP, 145-155. http://www.techworld.com/news/index.cfm?newsID=7835. 90
  7. 7. [26] Threat analyses: These analyses describe some of the more [19] Sadasivam, K., Samudrala B., & Yang,T. A., (2005, April). common or interesting threats and applications. They only Design of network security projects using honeypots. cover a small proportion of the viruses, spyware, Trojans, Journal of Computing Sciences in Colleges, Volume 20 Issue worms, adware and PUAs detected by our products, (2006). 4, 282-293. [Podcast, sophos-podcast-011] Retrieved January 25 2007, [20] SANS top-20 Internet security attack targets (2006 Annual from www.sophos.com/podcasts. Update) version 7. (2006, November 15). Retrieved January [27] Treese, Win, (2004, September). The State of Security on the 25 2007, from http://www.sans.org/top20/2006/. Internet. - Putting It Together. netWorker Volume 8 , Issue [21] Schneier, Bruce, (2005, June). Attack trends 2004 and 2005. 3. Queue Volume 3, Issue 5. [28] Van der Merwe, A., Loock, M., & Dabrowski, M., (2005, [22] Security issues are eroding trust in online banking, survey January). Characteristics and responsibilities involved in a shows. (2007, January 29). Retrieved January 30 2007, from phishing attack. Proceedings of the 4th International http://www.digitaltransactions.net/newsstory.cfm?newsid=12 Symposium on Information and Communication 32 Technologies WISICT '05, Trinity College Dublin, 249-254. [23] Swami, Yogesh Prem & Tschofenig, Hannnes, (2006). [29] Zhang, L., (2003, September). Why do people attack Protecting mobile devices from TCP flooding attacks. ACM information? And what will be the trend in the future? Press, 63-68. Department of Computer Science, University of Helsinki, [24] Tupakula, Udaya Kiran & Varadharajan, Vijay, (2006). Finland, 1-5. Retrieved January 25 2007, from Analysis of traceback techniques. Conferences in Research http://www.cs.helsinki.fi/u/lamsal/ and Practice in Information Technology, CRPIT, Volume 54. teaching/autumn2003/student_final/lili_zhang.pdf. [25] The Top 10 Most Critical Internet Security Threats - (2000- 2001 Archive) Version 1.33. (2001 June 25). Retrieved January 25 2007, from http://www.sans.org/top20/2000/. 91