FUD
FEAR, UNCERTAINTY AND DOUBT

      Dark Designs Symposium
      Yverdon - October 14 2008
BOT
• derived from the word "robot"
• program that performs repetitive
  functions
• infected computer controlled by
  ano...
BOTNET
• a network of bots
• commonly used to control or
  attack computer systems
• controlled through an IRC
  channel.
...
USE OF BOTNETS
• distributing spam
• mounting DDoS attacks
• sniffing network traffic
• key logging
• click fraud (Google Ad...
IRC
• Internet Relay Chat
• created in 1988
• first bots : 1993
• client / server
HISTORY
• 1999: SETI@home
• screensaver program
• prove the viability and
practicality of the 'distributed grid
computing'...
SETI@home
February 2000
• first widely publicized botnet
  incident
• floods CNN.com, Amazon.com,
  eBay...
• 75 computers in 52 diffe...
SubSeven
       Discovered: June 6, 1999

   also known as: Backdoor.SubSeven
(Kaspersky Lab), Backdoor.SubSeven22
    (Sy...
SubSeven
SubSeven

• server / client
• control over IRC
• monitor keystrokes
• remote desktop application
SubSeven
SubSeven
SubSeven

• october 2000
• 800 infected computers found
• SexxxyMovie.mpeg.exe
GTbot
• modified IRC client
• coupled with the hackers own scripts
• port scanning
• DDoS attacks
DDoS
• Distributed Denial of Service Attack
• attacker causes a network of
computers to “flood” a victim
computer with larg...
GTbot
GTbot
DDoS
Agobot
• most widely circulated virus in
  history
• best-written source code
• C++ base plugin framework
• GPL license
Op.Cyberslam
• October 2003
• Agobot used in DDoS attack
• Botnet: 5000 to 15000 computers
• FBI investigation
Op.Cyberslam
Op.Cyberslam
October 2005

• Discovery of a botnet counting
  1.5 million compromised computers
January 2007

• The Storm Botnet is identified.
• Estimate: from 600 million computers
  on the Internet, 150 million belon...
STORM BOTNET

• 1 million to 50 million computer
  systems
• encrypted P2P control
• more computing power than the
  world...
Russian Business
    Network
RBN
• cybercrime organization
• personal identity theft
• bulletproof hosting
• child pornography, phishing, spam,
and mal...
Companies
RBNet,              TcS Network,
RBNetwork,          Nevcon Ltd.
RBusinessNetwork,   (Panama),
iFrame Cash,     ...
Malware
Gozi, Grab, Haxdoor, Metaphisher,
Mpack, Ordergun, Pinch, Rustock,
Snatch, Torpig, URsnif...


• viruses or worms
...
October 2007

• Storm Botnet reduces size
• fallen to 160,000 systems
• partitioning / smaller networks
• 40-byte key encr...
November 2007

• RBN vanishes from the web
• unusual bulk registries of
thousands of Web addresses in
China
• servers move...
KRAKEN BOTNET
• largest botnet as of april 08

• over 400’000 bots

• also known as:
  Bobax, Oderoor, Cotmonger
Fear, Uncertainty and Doubt
Fear, Uncertainty and Doubt
Fear, Uncertainty and Doubt
Upcoming SlideShare
Loading in …5
×

Fear, Uncertainty and Doubt

843 views
764 views

Published on

Presentation given in collaboration with Laurent Schmid (electric-haze.org) at the Espace Jules Verne of the Maison D\'ailleurs, Yverdon, Switzerland.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
843
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Fear, Uncertainty and Doubt

  1. 1. FUD FEAR, UNCERTAINTY AND DOUBT Dark Designs Symposium Yverdon - October 14 2008
  2. 2. BOT • derived from the word "robot" • program that performs repetitive functions • infected computer controlled by another computer
  3. 3. BOTNET • a network of bots • commonly used to control or attack computer systems • controlled through an IRC channel. • also referred to as “zombies” or “drones”
  4. 4. USE OF BOTNETS • distributing spam • mounting DDoS attacks • sniffing network traffic • key logging • click fraud (Google AdWords)
  5. 5. IRC • Internet Relay Chat • created in 1988 • first bots : 1993 • client / server
  6. 6. HISTORY • 1999: SETI@home • screensaver program • prove the viability and practicality of the 'distributed grid computing' concept
  7. 7. SETI@home
  8. 8. February 2000 • first widely publicized botnet incident • floods CNN.com, Amazon.com, eBay... • 75 computers in 52 different networks
  9. 9. SubSeven Discovered: June 6, 1999 also known as: Backdoor.SubSeven (Kaspersky Lab), Backdoor.SubSeven22 (Symantec), BackDoor.SubSeven (Doctor Web), Troj/Sub7-1.7 (Sophos), Backdoor:Win32/SubSeven.A (RAV)...
  10. 10. SubSeven
  11. 11. SubSeven • server / client • control over IRC • monitor keystrokes • remote desktop application
  12. 12. SubSeven
  13. 13. SubSeven
  14. 14. SubSeven • october 2000 • 800 infected computers found • SexxxyMovie.mpeg.exe
  15. 15. GTbot • modified IRC client • coupled with the hackers own scripts • port scanning • DDoS attacks
  16. 16. DDoS • Distributed Denial of Service Attack • attacker causes a network of computers to “flood” a victim computer with large amounts of data or specific commands
  17. 17. GTbot
  18. 18. GTbot
  19. 19. DDoS
  20. 20. Agobot • most widely circulated virus in history • best-written source code • C++ base plugin framework • GPL license
  21. 21. Op.Cyberslam • October 2003 • Agobot used in DDoS attack • Botnet: 5000 to 15000 computers • FBI investigation
  22. 22. Op.Cyberslam
  23. 23. Op.Cyberslam
  24. 24. October 2005 • Discovery of a botnet counting 1.5 million compromised computers
  25. 25. January 2007 • The Storm Botnet is identified. • Estimate: from 600 million computers on the Internet, 150 million belong to a botnet (Vint Cerf).
  26. 26. STORM BOTNET • 1 million to 50 million computer systems • encrypted P2P control • more computing power than the world’s 500 top supercomputers
  27. 27. Russian Business Network
  28. 28. RBN • cybercrime organization • personal identity theft • bulletproof hosting • child pornography, phishing, spam, and malware distribution • physically based in St. Petersburg
  29. 29. Companies RBNet, TcS Network, RBNetwork, Nevcon Ltd. RBusinessNetwork, (Panama), iFrame Cash, Too coin Software Aki Mon Telecom, (UK), 4Stat, 76service, Eexhost, MalwareAlarm... Rusouvenirs Ltd.,
  30. 30. Malware Gozi, Grab, Haxdoor, Metaphisher, Mpack, Ordergun, Pinch, Rustock, Snatch, Torpig, URsnif... • viruses or worms • send data back to RBN servers
  31. 31. October 2007 • Storm Botnet reduces size • fallen to 160,000 systems • partitioning / smaller networks • 40-byte key encryption
  32. 32. November 2007 • RBN vanishes from the web • unusual bulk registries of thousands of Web addresses in China • servers move to Shangai/Taiwan
  33. 33. KRAKEN BOTNET • largest botnet as of april 08 • over 400’000 bots • also known as: Bobax, Oderoor, Cotmonger

×