Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

EC Council - Botnet Briefings

1,947 views

Published on

Discussion

Published in: Technology
  • Be the first to comment

EC Council - Botnet Briefings

  1. 1. 1 3rd and 4th Generation Botnets EC-Council Briefings – (USA) Nov 13th Aditya K Sood. Founder , SecNiche Security
  2. 2. 2 Briefings Agenda • 3rd and 4th Generation Botnets • Restricted Botnets • Bot Toolkits – SpyEye • Conclusion
  3. 3. 3 3rd Generation Botnet • Economic Gains • Social Engineering Tricks • Exploiting Browsers and Software Vulnerabilities • Rootkit Operations • Stealth Hacking Techniques • Automated Infections Examples: SpyEye, Zeus, IRC bots
  4. 4. 4 4th Generation Botnet • Spreading Threats and Fear • Exploiting Dedicated Targets • Motive is not Money • Weaponizing the Bots • Cyber Weapon • Exploiting Industry Control Systems – Infecting Programming Logic Controllers – Exploiting SCADA Vulnerabilities Examples: Stuxnet
  5. 5. 5 Real and Deadly Botnet • What makes Botnet Deadly ? • Capabilities – Distributed Denial of Service – Spear Phishing, Spyware & Adware – Fast Flux – Spamdexing – Bot Wars – Killing the Paradigm – Stealing $$ from Targets
  6. 6. 6 Restricted Botnets • Driven with Specific Capabilities • Infection Channel is Unique • Inherent Bot Toolkits • Primarily, Monetary Benefits • Ineffective Usage – Spamming – Denial of Service • Example – SpyEye, Zeus
  7. 7. 7 Present Botnets – Only This !
  8. 8. 8 SpyEye - Framework • Bot Generation Toolkit • Banking Malware • Similar Structure as Zeus • Termed as Trojan – Stealing Nature • Restricted Botnet in Practice • Monetary Benefits • Does not Harness the Power of Bots for Third Party Attacks
  9. 9. 9 SpyEye - Framework • Components – Builder – Admin Panel – Form Grabber Admin Panel – Backend Database Server • Written in C++, PHP, MySql • Zeus Killing Mutex Code • Exploits Browser Functions
  10. 10. 10 SpyEye - Framework • Tactics and Techniques – Malicious Plugins Support – Self Designed SDK – Web Injects – Web Fakes – Bank Credential Grabbers – Bypassing NAT with SOCKS – Userland Rootkit – Ring 3
  11. 11. 11 SpyEye HTTP Interface Hooking
  12. 12. 12 SpyEye – Web Injects
  13. 13. 13 SpyEye – Web Fakes
  14. 14. 14 Conclusion • Botnet Taxonomy is Important • 3rd Generation Botnets – Too Good • Botnet Future is Never Ending • Require Sophisticated Protections
  15. 15. 15 Contact & Websites • Email adi_ks [at] secniche.org • SecNiche Security http://www.secniche.org • Malware at Stake Blog http://secniche.blogspot.com

×