SlideShare a Scribd company logo

Skype Botnet Model Proposed

Marco Balduzzi
Marco Balduzzi

The document proposes a new botnet model that uses the Skype peer-to-peer network as a command and control channel. The key advantages are that botnet traffic would be indistinguishable from regular Skype traffic, it has no single point of failure, and losing individual bots has little impact. The model was tested through simulations showing the average distance between bots and the botmaster grows slowly as the botnet size increases. A proof of concept with 40 geographically distributed bots validated the simulation results. Potential limitations include replay attacks mapping the botnet, but this could be mitigated.

Technology
1 of 16
Download to read offline
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Take a deep breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype Antonio Nappa - Universit` degli studi di Milano a Aristide Fattori - Universit` degli studi di Milano a Marco Balduzzi - Eurecom, Sophia-Antipolis, France Matteo Dell’Amico - Eurecom, Sophia-Antipolis, France Lorenzo Cavallaro - Vrije Universiteit Amsterdam, The Nederlands A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Introduction Botnets are something that spreads along with “social software” (IRC, MSN, Skype, P2P clients, Facebook, Twitter). We observed the evolution of the botnet phenomenon and we individuate Skype as a possibile target to easily create a new botnet command and control channel. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Why Skype? We choose Skype because it is a widespread application, it has about 400 million of registered users and a daily presence of 50 million of users. Furthermore we choose it because it has a lot of appealing functionalities (bypass NAT and firewalls, encrypted communications). We wanted to proof that is cost-effective and fast to build a botnet with this application API in order to validate our model. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Advantages Our solution is cost-effective because it is easy to deploy and has a lot of good functionalities (NAT and firewall passthrough, P2P structure) Botnet traffic indistiguishable from ordinary traffic No bottlenecks nor single point of failure Resiliency as the loss of one or many bots influences the infrastructure only slightly. Dynamic and transparent routing based on the Skype’s Usernames. We take advantage of Skype’s protection measures and P2P routing algorithms. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Supernodes A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Botnet We propose a novel botnet model that exploits an overlay network such as Skype to build a parasitic overlay. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Our Model The parasitic overlay model is a botnet built on top of an instant messaging infrastructure using its features for non-standard operations. Our model is generic and can be shaped on different applications that support instant messaging. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Features it is hard to set bots and regular Skype traffic apart the lack of hierarchical structure allows to use any controlled node as an entry point for the master the policy adopted for registering new nodes makes it cost-unattractive to obtain a comprhensive list of all the bots. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Communication protocol To bootstrap each infected node sends a startup messages to its Gate Nodes embedded in the binary. The Gate Nodes are in contact with other nodes and the Master. The startup messages flows through the Gate Nodes and reach the Master. The Master answers to the infected node with a new set of neighbors. When the infected node has its new set of neighbors is able to communicate. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Communication protocol (2) In our botnet messages exchanged between bots and the master flow through the network as legitimate messages Usage of encryption to obtain unicast, multicast and broadcast communication Gnutella-like message passing procedure Ability to react in case of a total takeover of the Gate Nodes A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Experiments We evaluated our model through accurate simulations recreating different botnet magnitudes and connectivity states (alive neighbors per node). The average distance between a node and the botmaster grows slowly with respect to the number of nodes in the botnet. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Experiments (2) - Proof of Concept We created a small real-world scenario to verify our simulations results: PoC bot written in Python through Skype4Py libraries ∼ 40 hosts geographically distributed between France and Italy bootstrapping phase test, validation and measurements communication model test, validation and measurements We observed that the real-world scenario is compliant with the simulated one. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Limitations One important limitation of our Skype botnet is the possibility of an external attacker to perpetrate a replay attack. This attack is done by repeatedly delivering announce messages to progressively obtain neighbor nodes lists during the bootstrap phase to obtain a map of the botnet. One possible mitigation is to limit the number of neighbor nodes sent to new bots within a defined temporal window. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Discussion The availability of the API that can interact with Skype with full privilege raises security issues. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Countermeasures We developed a host-based countermeasure that intercepts the communications between the Skype API and a plugin, acting as a proxy. With this technique we are able to recognize every command issued by a plugin and we aim to find malicious command sequences. At the moment the rate of false positive is quite high. We are working on new heuristics to reduce this rate. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Questions A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype

Recommended

Evans interferenceawaremar2011
Evans interferenceawaremar2011Evans interferenceawaremar2011
Evans interferenceawaremar2011Consciously Unconscious
 
Future Cities Conference´13 / Jacques Magen - "1 Introduction to the INFINITY...
Future Cities Conference´13 / Jacques Magen - "1 Introduction to the INFINITY...Future Cities Conference´13 / Jacques Magen - "1 Introduction to the INFINITY...
Future Cities Conference´13 / Jacques Magen - "1 Introduction to the INFINITY...Future Cities Project
 
Padres Communication Protocols
Padres Communication ProtocolsPadres Communication Protocols
Padres Communication ProtocolsArwid Bancewicz
 
Case INDT parte 1
Case INDT parte 1Case INDT parte 1
Case INDT parte 1DecisionScience
 
Http Jaoo.Com.Au Sydney 2008 File Path= Jaoo Aus2008 Slides Dave Thomas Lif...
Http Jaoo.Com.Au Sydney 2008 File Path= Jaoo Aus2008 Slides Dave Thomas Lif...Http Jaoo.Com.Au Sydney 2008 File Path= Jaoo Aus2008 Slides Dave Thomas Lif...
Http Jaoo.Com.Au Sydney 2008 File Path= Jaoo Aus2008 Slides Dave Thomas Lif...qedanne
 
Emerginov, an open PHP PaaS for co-innovation, OW2con'12, Paris
Emerginov, an open PHP PaaS for co-innovation, OW2con'12, ParisEmerginov, an open PHP PaaS for co-innovation, OW2con'12, Paris
Emerginov, an open PHP PaaS for co-innovation, OW2con'12, ParisOW2
 
D tosi portfolio2013
D tosi portfolio2013D tosi portfolio2013
D tosi portfolio2013Daniele Tosi
 
Daniele Tosi - OFSRC projects portfolio
Daniele Tosi - OFSRC projects portfolioDaniele Tosi - OFSRC projects portfolio
Daniele Tosi - OFSRC projects portfolioDaniele Tosi
 

Recommended

Evans interferenceawaremar2011
Evans interferenceawaremar2011Evans interferenceawaremar2011
Evans interferenceawaremar2011Consciously Unconscious
 
Future Cities Conference´13 / Jacques Magen - "1 Introduction to the INFINITY...
Future Cities Conference´13 / Jacques Magen - "1 Introduction to the INFINITY...Future Cities Conference´13 / Jacques Magen - "1 Introduction to the INFINITY...
Future Cities Conference´13 / Jacques Magen - "1 Introduction to the INFINITY...Future Cities Project
 
Padres Communication Protocols
Padres Communication ProtocolsPadres Communication Protocols
Padres Communication ProtocolsArwid Bancewicz
 
Case INDT parte 1
Case INDT parte 1Case INDT parte 1
Case INDT parte 1DecisionScience
 
Http Jaoo.Com.Au Sydney 2008 File Path= Jaoo Aus2008 Slides Dave Thomas Lif...
Http Jaoo.Com.Au Sydney 2008 File Path= Jaoo Aus2008 Slides Dave Thomas Lif...Http Jaoo.Com.Au Sydney 2008 File Path= Jaoo Aus2008 Slides Dave Thomas Lif...
Http Jaoo.Com.Au Sydney 2008 File Path= Jaoo Aus2008 Slides Dave Thomas Lif...qedanne
 
Emerginov, an open PHP PaaS for co-innovation, OW2con'12, Paris
Emerginov, an open PHP PaaS for co-innovation, OW2con'12, ParisEmerginov, an open PHP PaaS for co-innovation, OW2con'12, Paris
Emerginov, an open PHP PaaS for co-innovation, OW2con'12, ParisOW2
 
D tosi portfolio2013
D tosi portfolio2013D tosi portfolio2013
D tosi portfolio2013Daniele Tosi
 
Daniele Tosi - OFSRC projects portfolio
Daniele Tosi - OFSRC projects portfolioDaniele Tosi - OFSRC projects portfolio
Daniele Tosi - OFSRC projects portfolioDaniele Tosi
 
Infinity's Overview
Infinity's OverviewInfinity's Overview
Infinity's OverviewFederico Michele Facca
 
Alfresco Day Madrid - John Newton - Keynote
Alfresco Day Madrid - John Newton - KeynoteAlfresco Day Madrid - John Newton - Keynote
Alfresco Day Madrid - John Newton - KeynoteToni de la Fuente
 
Wireless Broadband Delivers The 21st Century
Wireless Broadband Delivers The 21st CenturyWireless Broadband Delivers The 21st Century
Wireless Broadband Delivers The 21st Centuryandrescarvallo
 
Quoc Le, Stanford & Google - Tera Scale Deep Learning
Quoc Le, Stanford & Google - Tera Scale Deep LearningQuoc Le, Stanford & Google - Tera Scale Deep Learning
Quoc Le, Stanford & Google - Tera Scale Deep LearningKun Le
 
Sip trunking - The route to the new VoIP services
Sip trunking - The route to the new VoIP servicesSip trunking - The route to the new VoIP services
Sip trunking - The route to the new VoIP servicesIvan Gaboli
 
Intro Tellion 20090622
Intro Tellion 20090622Intro Tellion 20090622
Intro Tellion 20090622zipyzigy
 
Eclipse Con2010 Composites
Eclipse Con2010 CompositesEclipse Con2010 Composites
Eclipse Con2010 Compositestjwats
 
Overview of LBS for the Enterprise
Overview of LBS for the EnterpriseOverview of LBS for the Enterprise
Overview of LBS for the Enterpriseeddy1b
 
Genetics, structure, and prevalence of FP967 T-DNA in flax
Genetics, structure, and prevalence of FP967 T-DNA in flaxGenetics, structure, and prevalence of FP967 T-DNA in flax
Genetics, structure, and prevalence of FP967 T-DNA in flaxJamille McLeod
 
Malware Detection and Classification
Malware Detection and ClassificationMalware Detection and Classification
Malware Detection and Classificationsuzhigang
 
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Marco Balduzzi
 
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014Amazon Web Services
 
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...Amazon Web Services
 
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...Marco Balduzzi
 
600.412.Lecture02
600.412.Lecture02600.412.Lecture02
600.412.Lecture02ragibhasan
 
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyAvian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyMariangeles Rivera
 
Christmas
ChristmasChristmas
Christmasbogomolova1879
 
Abusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingAbusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingMarco Balduzzi
 
A New Form of Dos attack in Cloud
A New Form of Dos attack in CloudA New Form of Dos attack in Cloud
A New Form of Dos attack in CloudSanoj Kumar
 
Family tree
Family treeFamily tree
Family treebogomolova1879
 
TUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEMTUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEMika aprilia
 
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряАсылбек Айтматов
 

More Related Content

What's hot

Alfresco Day Madrid - John Newton - Keynote
Alfresco Day Madrid - John Newton - KeynoteAlfresco Day Madrid - John Newton - Keynote
Alfresco Day Madrid - John Newton - KeynoteToni de la Fuente
 
Wireless Broadband Delivers The 21st Century
Wireless Broadband Delivers The 21st CenturyWireless Broadband Delivers The 21st Century
Wireless Broadband Delivers The 21st Centuryandrescarvallo
 
Quoc Le, Stanford & Google - Tera Scale Deep Learning
Quoc Le, Stanford & Google - Tera Scale Deep LearningQuoc Le, Stanford & Google - Tera Scale Deep Learning
Quoc Le, Stanford & Google - Tera Scale Deep LearningKun Le
 
Sip trunking - The route to the new VoIP services
Sip trunking - The route to the new VoIP servicesSip trunking - The route to the new VoIP services
Sip trunking - The route to the new VoIP servicesIvan Gaboli
 
Intro Tellion 20090622
Intro Tellion 20090622Intro Tellion 20090622
Intro Tellion 20090622zipyzigy
 
Eclipse Con2010 Composites
Eclipse Con2010 CompositesEclipse Con2010 Composites
Eclipse Con2010 Compositestjwats
 
Overview of LBS for the Enterprise
Overview of LBS for the EnterpriseOverview of LBS for the Enterprise
Overview of LBS for the Enterpriseeddy1b
 

What's hot (8)

Infinity's Overview
Infinity's OverviewInfinity's Overview
Infinity's Overview
 
Alfresco Day Madrid - John Newton - Keynote
Alfresco Day Madrid - John Newton - KeynoteAlfresco Day Madrid - John Newton - Keynote
Alfresco Day Madrid - John Newton - Keynote
 
Wireless Broadband Delivers The 21st Century
Wireless Broadband Delivers The 21st CenturyWireless Broadband Delivers The 21st Century
Wireless Broadband Delivers The 21st Century
 
Quoc Le, Stanford & Google - Tera Scale Deep Learning
Quoc Le, Stanford & Google - Tera Scale Deep LearningQuoc Le, Stanford & Google - Tera Scale Deep Learning
Quoc Le, Stanford & Google - Tera Scale Deep Learning
 
Sip trunking - The route to the new VoIP services
Sip trunking - The route to the new VoIP servicesSip trunking - The route to the new VoIP services
Sip trunking - The route to the new VoIP services
 
Intro Tellion 20090622
Intro Tellion 20090622Intro Tellion 20090622
Intro Tellion 20090622
 
Eclipse Con2010 Composites
Eclipse Con2010 CompositesEclipse Con2010 Composites
Eclipse Con2010 Composites
 
Overview of LBS for the Enterprise
Overview of LBS for the EnterpriseOverview of LBS for the Enterprise
Overview of LBS for the Enterprise
 

Viewers also liked

Genetics, structure, and prevalence of FP967 T-DNA in flax
Genetics, structure, and prevalence of FP967 T-DNA in flaxGenetics, structure, and prevalence of FP967 T-DNA in flax
Genetics, structure, and prevalence of FP967 T-DNA in flaxJamille McLeod
 
Malware Detection and Classification
Malware Detection and ClassificationMalware Detection and Classification
Malware Detection and Classificationsuzhigang
 
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Marco Balduzzi
 
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014Amazon Web Services
 
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...Amazon Web Services
 
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...Marco Balduzzi
 
600.412.Lecture02
600.412.Lecture02600.412.Lecture02
600.412.Lecture02ragibhasan
 
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyAvian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyMariangeles Rivera
 
Abusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingAbusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingMarco Balduzzi
 
A New Form of Dos attack in Cloud
A New Form of Dos attack in CloudA New Form of Dos attack in Cloud
A New Form of Dos attack in CloudSanoj Kumar
 
TUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEMTUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEMika aprilia
 
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряАсылбек Айтматов
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
 
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
HTTP(S)-Based Clustering for Assisted Cybercrime InvestigationsMarco Balduzzi
 
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)Marco Balduzzi
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Marco Balduzzi
 
Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Venkatesh Prabhu
 

Viewers also liked (20)

Genetics, structure, and prevalence of FP967 T-DNA in flax
Genetics, structure, and prevalence of FP967 T-DNA in flaxGenetics, structure, and prevalence of FP967 T-DNA in flax
Genetics, structure, and prevalence of FP967 T-DNA in flax
 
Malware Detection and Classification
Malware Detection and ClassificationMalware Detection and Classification
Malware Detection and Classification
 
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
 
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
 
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
 
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
 
600.412.Lecture02
600.412.Lecture02600.412.Lecture02
600.412.Lecture02
 
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyAvian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
 
Christmas
ChristmasChristmas
Christmas
 
Abusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingAbusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User Profiling
 
A New Form of Dos attack in Cloud
A New Form of Dos attack in CloudA New Form of Dos attack in Cloud
A New Form of Dos attack in Cloud
 
Family tree
Family treeFamily tree
Family tree
 
TUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEMTUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEM
 
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
 
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
 
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
 
Personal informatic
Personal informaticPersonal informatic
Personal informatic
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)
 
Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...
 

Similar to Skype Botnet Model Proposed

Internet Programming With Python Presentation
Internet Programming With Python PresentationInternet Programming With Python Presentation
Internet Programming With Python PresentationAkramWaseem
 
Acceleo Day - Orange
Acceleo Day - OrangeAcceleo Day - Orange
Acceleo Day - Orangesliard
 
Internet of Threads (IoTh), di Renzo Davoli (VirtualSquare)
Internet of Threads (IoTh), di Renzo Davoli (VirtualSquare) Internet of Threads (IoTh), di Renzo Davoli (VirtualSquare)
Internet of Threads (IoTh), di Renzo Davoli (VirtualSquare) Codemotion
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1changcai
 
Eclipse Paho - MQTT and the Internet of Things
Eclipse Paho - MQTT and the Internet of ThingsEclipse Paho - MQTT and the Internet of Things
Eclipse Paho - MQTT and the Internet of ThingsAndy Piper
 
Guide presentation aegis-fp7-projects-round_table_2011-11-30_v0.1
Guide presentation aegis-fp7-projects-round_table_2011-11-30_v0.1Guide presentation aegis-fp7-projects-round_table_2011-11-30_v0.1
Guide presentation aegis-fp7-projects-round_table_2011-11-30_v0.1AEGIS-ACCESSIBLE Projects
 
Nolan Wright: Appcelerator's World-Class Ecosystem
Nolan Wright: Appcelerator's World-Class Ecosystem Nolan Wright: Appcelerator's World-Class Ecosystem
Nolan Wright: Appcelerator's World-Class Ecosystem Axway Appcelerator
 
Arch Rock Overview
Arch Rock OverviewArch Rock Overview
Arch Rock Overviewpauldeng
 
Implementation - Communote Enterprise Microblogging (engl.)
Implementation - Communote Enterprise Microblogging (engl.)Implementation - Communote Enterprise Microblogging (engl.)
Implementation - Communote Enterprise Microblogging (engl.)Communote GmbH
 
JSR82: Past, Present and Future
JSR82: Past, Present and FutureJSR82: Past, Present and Future
JSR82: Past, Present and FutureSean O'Sullivan
 

Similar to Skype Botnet Model Proposed (20)

Internet Programming With Python Presentation
Internet Programming With Python PresentationInternet Programming With Python Presentation
Internet Programming With Python Presentation
 
10 fn s15
10 fn s1510 fn s15
10 fn s15
 
10 fn s15
10 fn s1510 fn s15
10 fn s15
 
Acceleo Day - Orange
Acceleo Day - OrangeAcceleo Day - Orange
Acceleo Day - Orange
 
Internet of Threads (IoTh), di Renzo Davoli (VirtualSquare)
Internet of Threads (IoTh), di Renzo Davoli (VirtualSquare) Internet of Threads (IoTh), di Renzo Davoli (VirtualSquare)
Internet of Threads (IoTh), di Renzo Davoli (VirtualSquare)
 
Ebiz skype
Ebiz skypeEbiz skype
Ebiz skype
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
 
Eclipse Paho - MQTT and the Internet of Things
Eclipse Paho - MQTT and the Internet of ThingsEclipse Paho - MQTT and the Internet of Things
Eclipse Paho - MQTT and the Internet of Things
 
Guide presentation aegis-fp7-projects-round_table_2011-11-30_v0.1
Guide presentation aegis-fp7-projects-round_table_2011-11-30_v0.1Guide presentation aegis-fp7-projects-round_table_2011-11-30_v0.1
Guide presentation aegis-fp7-projects-round_table_2011-11-30_v0.1
 
Interoperability in forge - fossa2010
Interoperability in forge - fossa2010Interoperability in forge - fossa2010
Interoperability in forge - fossa2010
 
Interop in forge - fossa2010
Interop in forge - fossa2010Interop in forge - fossa2010
Interop in forge - fossa2010
 
Nolan Wright: Appcelerator's World-Class Ecosystem
Nolan Wright: Appcelerator's World-Class Ecosystem Nolan Wright: Appcelerator's World-Class Ecosystem
Nolan Wright: Appcelerator's World-Class Ecosystem
 
Arch Rock Overview
Arch Rock OverviewArch Rock Overview
Arch Rock Overview
 
Implementation - Communote Enterprise Microblogging (engl.)
Implementation - Communote Enterprise Microblogging (engl.)Implementation - Communote Enterprise Microblogging (engl.)
Implementation - Communote Enterprise Microblogging (engl.)
 
Ericsson Labs 090702
Ericsson Labs 090702Ericsson Labs 090702
Ericsson Labs 090702
 
Sumo
SumoSumo
Sumo
 
JSR82: Past, Present and Future
JSR82: Past, Present and FutureJSR82: Past, Present and Future
JSR82: Past, Present and Future
 
Mwc wip jam jabber sdk final
Mwc wip jam jabber sdk finalMwc wip jam jabber sdk final
Mwc wip jam jabber sdk final
 
Giacomo Mellone CV
Giacomo Mellone CVGiacomo Mellone CV
Giacomo Mellone CV
 
Websocket 101 in Python
Websocket 101 in PythonWebsocket 101 in Python
Websocket 101 in Python
 

More from Marco Balduzzi

Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...Marco Balduzzi
 
CTS @ HWIO2020 Awards Cerimony
CTS @ HWIO2020 Awards CerimonyCTS @ HWIO2020 Awards Cerimony
CTS @ HWIO2020 Awards CerimonyMarco Balduzzi
 
SCSD 2020 - Security Risk Assessment of Radio-Enabled Technologies
SCSD 2020 - Security Risk Assessment of Radio-Enabled TechnologiesSCSD 2020 - Security Risk Assessment of Radio-Enabled Technologies
SCSD 2020 - Security Risk Assessment of Radio-Enabled TechnologiesMarco Balduzzi
 
Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)Marco Balduzzi
 
Using Machine-Learning to Investigate Web Campaigns at Large - HITB 2018
Using Machine-Learning to Investigate Web Campaigns at Large - HITB 2018Using Machine-Learning to Investigate Web Campaigns at Large - HITB 2018
Using Machine-Learning to Investigate Web Campaigns at Large - HITB 2018Marco Balduzzi
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Marco Balduzzi
 
Plead APT @ EECTF 2016
Plead APT @ EECTF 2016Plead APT @ EECTF 2016
Plead APT @ EECTF 2016Marco Balduzzi
 
Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Marco Balduzzi
 
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...Marco Balduzzi
 
The (in)security of File Hosting Services
The (in)security of File Hosting ServicesThe (in)security of File Hosting Services
The (in)security of File Hosting ServicesMarco Balduzzi
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)Marco Balduzzi
 
New Insights into Clickjacking
New Insights into ClickjackingNew Insights into Clickjacking
New Insights into ClickjackingMarco Balduzzi
 
Paper: A Solution for the Automated Detection of Clickjacking Attacks
Paper: A Solution for the Automated Detection of Clickjacking AttacksPaper: A Solution for the Automated Detection of Clickjacking Attacks
Paper: A Solution for the Automated Detection of Clickjacking AttacksMarco Balduzzi
 

More from Marco Balduzzi (13)

Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
 
CTS @ HWIO2020 Awards Cerimony
CTS @ HWIO2020 Awards CerimonyCTS @ HWIO2020 Awards Cerimony
CTS @ HWIO2020 Awards Cerimony
 
SCSD 2020 - Security Risk Assessment of Radio-Enabled Technologies
SCSD 2020 - Security Risk Assessment of Radio-Enabled TechnologiesSCSD 2020 - Security Risk Assessment of Radio-Enabled Technologies
SCSD 2020 - Security Risk Assessment of Radio-Enabled Technologies
 
Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)
 
Using Machine-Learning to Investigate Web Campaigns at Large - HITB 2018
Using Machine-Learning to Investigate Web Campaigns at Large - HITB 2018Using Machine-Learning to Investigate Web Campaigns at Large - HITB 2018
Using Machine-Learning to Investigate Web Campaigns at Large - HITB 2018
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
 
Plead APT @ EECTF 2016
Plead APT @ EECTF 2016Plead APT @ EECTF 2016
Plead APT @ EECTF 2016
 
Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)
 
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...
 
The (in)security of File Hosting Services
The (in)security of File Hosting ServicesThe (in)security of File Hosting Services
The (in)security of File Hosting Services
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
 
New Insights into Clickjacking
New Insights into ClickjackingNew Insights into Clickjacking
New Insights into Clickjacking
 
Paper: A Solution for the Automated Detection of Clickjacking Attacks
Paper: A Solution for the Automated Detection of Clickjacking AttacksPaper: A Solution for the Automated Detection of Clickjacking Attacks
Paper: A Solution for the Automated Detection of Clickjacking Attacks
 

Recently uploaded

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Skype Botnet Model Proposed

  • 1. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Take a deep breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype Antonio Nappa - Universit` degli studi di Milano a Aristide Fattori - Universit` degli studi di Milano a Marco Balduzzi - Eurecom, Sophia-Antipolis, France Matteo Dell’Amico - Eurecom, Sophia-Antipolis, France Lorenzo Cavallaro - Vrije Universiteit Amsterdam, The Nederlands A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 2. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Introduction Botnets are something that spreads along with “social software” (IRC, MSN, Skype, P2P clients, Facebook, Twitter). We observed the evolution of the botnet phenomenon and we individuate Skype as a possibile target to easily create a new botnet command and control channel. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 3. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Why Skype? We choose Skype because it is a widespread application, it has about 400 million of registered users and a daily presence of 50 million of users. Furthermore we choose it because it has a lot of appealing functionalities (bypass NAT and firewalls, encrypted communications). We wanted to proof that is cost-effective and fast to build a botnet with this application API in order to validate our model. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 4. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Advantages Our solution is cost-effective because it is easy to deploy and has a lot of good functionalities (NAT and firewall passthrough, P2P structure) Botnet traffic indistiguishable from ordinary traffic No bottlenecks nor single point of failure Resiliency as the loss of one or many bots influences the infrastructure only slightly. Dynamic and transparent routing based on the Skype’s Usernames. We take advantage of Skype’s protection measures and P2P routing algorithms. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 5. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Supernodes A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 6. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Botnet We propose a novel botnet model that exploits an overlay network such as Skype to build a parasitic overlay. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 7. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Our Model The parasitic overlay model is a botnet built on top of an instant messaging infrastructure using its features for non-standard operations. Our model is generic and can be shaped on different applications that support instant messaging. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 8. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Features it is hard to set bots and regular Skype traffic apart the lack of hierarchical structure allows to use any controlled node as an entry point for the master the policy adopted for registering new nodes makes it cost-unattractive to obtain a comprhensive list of all the bots. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 9. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Communication protocol To bootstrap each infected node sends a startup messages to its Gate Nodes embedded in the binary. The Gate Nodes are in contact with other nodes and the Master. The startup messages flows through the Gate Nodes and reach the Master. The Master answers to the infected node with a new set of neighbors. When the infected node has its new set of neighbors is able to communicate. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 10. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Communication protocol (2) In our botnet messages exchanged between bots and the master flow through the network as legitimate messages Usage of encryption to obtain unicast, multicast and broadcast communication Gnutella-like message passing procedure Ability to react in case of a total takeover of the Gate Nodes A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 11. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Experiments We evaluated our model through accurate simulations recreating different botnet magnitudes and connectivity states (alive neighbors per node). The average distance between a node and the botmaster grows slowly with respect to the number of nodes in the botnet. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 12. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Experiments (2) - Proof of Concept We created a small real-world scenario to verify our simulations results: PoC bot written in Python through Skype4Py libraries ∼ 40 hosts geographically distributed between France and Italy bootstrapping phase test, validation and measurements communication model test, validation and measurements We observed that the real-world scenario is compliant with the simulated one. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 13. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Limitations One important limitation of our Skype botnet is the possibility of an external attacker to perpetrate a replay attack. This attack is done by repeatedly delivering announce messages to progressively obtain neighbor nodes lists during the bootstrap phase to obtain a map of the botnet. One possible mitigation is to limit the number of neighbor nodes sent to new bots within a defined temporal window. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 14. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Discussion The availability of the API that can interact with Skype with full privilege raises security issues. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 15. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Countermeasures We developed a host-based countermeasure that intercepts the communications between the Skype API and a plugin, acting as a proxy. With this technique we are able to recognize every command issued by a plugin and we aim to find malicious command sequences. At the moment the rate of false positive is quite high. We are working on new heuristics to reduce this rate. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 16. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Questions A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype