• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content







Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Botnets Botnets Presentation Transcript

    • BOTNET Study in Internet Crime and Their Threats Presented by: Farheen K. Siddiqui, Richa Srivastava and Shobhini Job M.Tech, CSE Lakshmi Narain College Of Technology ( LNCT ), Bhopal.
      • What are Botnets?
      • How do they work?
      • Threats caused by Botnets
      • Detection and Prevention Methods
      • Analysis of Botnets
      • Conclusion
      • BOT + NET = BOTNET
      • “ A botnet is a collection of computers, connected to the internet, that interact to accomplish some distributed task.”
      • - Typically refers to botnets used for illegal purposes.
      • Controlled by one person or a group of people (aka. the botmaster)
      • - Under a command and control structure (C&C)
      • Botmaster infects victim with bot (worm, social engineering, etc)
      • Bot connects to C&C server. This could be done using HTTP, IRC or any other protocol.
      • Botmaster sends commands through C&C server to bot.
      • Repeat. Soon the botmaster has an army of bots to control from a single point
      • Distributed Denial of Service (DDoS)
      • Spam/Phishing
      • Ad-ware
      • Click Fraud
      • Others…
      • DDoS has been available in bots since the beginning
      • Used for extortion
      • - Take down systems until they pay – threats work too!
      • Many bots are able to send out spam or phishing attempts
      • Spam are bulk emails in mass quantity
      • Gives the spammer/phisher a way to send out
      • thousands of emails and easily beat spam defenses
      • Phishing is luring user to reveal personal detail
      • Ad-ware pays by the number of “installs” a person has
      • Many bots download and install ad-ware when they are loaded
      • - Often multiple versions of ad-ware
      • Generates income from ad-ware revenues
      • Online advertisers pay by the number of unique “clicks” on their ads
      • Thousands of bots can generate thousands of
      • unique clicks
      • Botmaster “rents” out the clicks and gets a piece of the revenue
      • Clickbot.A botnet found with more than 34,000
      • machines in it
      • Malware installation
      • - Rootkits
      • - Other malware to increase the odds of keeping that machine
      • Spyware - Identity Theft
      • - Sniff passwords, keystroke logging
      • - Grab credit card, bank account information
      • Rent out the botnet!
      • - Pay as little as $100 an hour to DoS your favorite
      • site!
      • Anti-Malware Technology
      • IDSes (Intrusion Detection Systems)
      • IPSes (Intrusion Prevention Systems)
      • Honeypots
      • botnet control mechanisms
      • host control mechanisms
      • propagation mechanisms
      • exploits and attack mechanisms
      • malware delivery mechanisms
      • obfuscation methods and
      • deception strategies
      • Finding:
      • The predominant remote control mechanism for botnets remains Internet Relay Chat (IRC) and in general includes a rich set of commands enabling a wide range of use.
      • Implication:
      • Monitors of botnet activity on IRC channels and disruption of specific channels on IRC servers should continue to be an effective defensive strategy for the time being.
      • Finding:
      • The host control mechanisms used for harvesting sensitive information from host systems are ingenious and enable data from passwords to mailing lists to credit card numbers to be gathered.
      • Implication:
      • This is one of the most serious results of our study and suggests design objectives for future operating systems and applications that deal with sensitive data.
      • Finding:
      • There are at present only a limited set of propagation mechanisms available in botnets with Agobot showing the widest variety. Simple horizontal and vertical scanning are the most common mechanism.
      • Implication:
      • The specific propagation methods used in these botnets can form the basis for modeling and simulating botnet propagation in research studies
      • Finding:
      • Exploits refer to the specific methods for attacking known vulnerabilities on target systems.
      • Implication:
      • The set of exploits packaged with botnets suggest basic requirements for host-based anti-virus systems and network intrusion detection and prevention signature sets.
      • Finding:
      • Shell encoding and packing mechanisms that can enable attacks to circumvent defensive systems are common.
      • Implication:
      • A significant focus on methods for detecting polymorphic attacks may not be warranted at this time but encodings will continue to present a challenge for defensive systems.
      • Finding:
      • All botnets include a variety of sophisticated mechanisms for avoiding detection (e.g., by anti-virus software) once installed on a host system.
      • Implication:
      • Development of methods for detecting and disinfecting compromised systems will need to keep pace.
      • Finding:
      • Deception refers to the mechanisms used to evade detection once a bot is installed on a target host. These mechanisms are also referred to as rootkits.
      • Implication:
      • As these mechanisms improve, it is likely to become increasingly difficult to know that a system has been compromised, thereby complicating the task for host-based anti-virus and rootkit detection systems.
      • objective is to expand the knowledge base for security research
      • Some of the most important of findings:
      • - the diverse mechanisms for sensitive information gathering on compromised hosts,
      • - the effective mechanisms for remaining invisible once installed on a local host, and
      • - the relatively simple command and control systems that are currently used moving towards peer-to-peer infrastructure in the near future.