Published on

Presentaton based on BotNet.which is the network of bots

Published in: Technology
1 Like
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Overview What is a BotNet? Internet Relay Chat How to become part of a BotNet? What damage can they do? How to combat them?
  2. 2. What is BotNet? Bot or Zombie computer. Programs which respond autonomously to particular external events are bots. Network of Bots is BotNet. Operator giving instructions to only a small number of machines. These machines then propagate the instructions to other compromised machines, usually via IRC.
  3. 3. Types of Bots Some popular Bots :  GT-Bot  Global Threat bot based on IRC clients for window.  Used to control the activity of the remote system.  AgoBot  Most popular bots used by crackers.  It is written in C++  It provides many mechanisms to hide its presence on the host computer
  4. 4. Types of Bots  DSNX  Dataspy Network X bot  Written in C++  New functionality to this bot is very easy and its simple plug–in architecture.  SDBot  Written in C  Unlike Agobot, its code is not very clear and the software itself comes with a limited set of features
  5. 5. Internet Relay Chat IRC stands for Internet Relay Chat. Protocol for real time chat communication. Based on Client-Server Architecture. IRC user communication mode  Public  Private. Flexible & allow user to hide identity.
  6. 6. Structure of BotNet
  7. 7. Elements of An AttaCk An attacker first spreads a trojan horse, which infects various hosts. These hosts become zombies and connect to the IRC server in order to listen to further commands. The IRC server can either be a public machine in one of the IRC networks or a dedicated server installed by the attacker on one of the compromised hosts. Bots run on compromised computers, forming a botnet.
  8. 8. How to become part ofBotNet Trojans  Spread by social engineering (Spam, Software Download)  email attachment  SMTP engine Direct infection  Scan and exploit (Blaster…) Exploit  Spread by social engineering (Phishing)  Bad luck (visit the wrong site…)
  9. 9. What damage can they do?1. DDoS  Victim is flooded with more request than it can handle.  used to damage or take down a competitor’s website. Example:  On-line gambling sites (e.g. Total bet)  Anti DDoS by utilising widely distributed DNS and Hosting servers  Hit by DDoS towards their DNS, affected 4% of their customers
  10. 10.  Fraud Pay per click adware Harvest large number of Bots to spread adware Collect Banking details, selling credit card numbers by the thousand Identity Theft ($25 up to $200 for identity with a good credit record) Use of resources Proxy Spam DDoS
  11. 11. How to Combat them? Firewalls/AV Desktop management Education Secure OS Law enforcement  National high tech crime unit  FBI
  12. 12. How to Combat them? Netstat  Flexible tool available both for Windows and UNIX systems.  Its main function is control of the active ports  Netstat examines listening TCP and UDP ports.  Provides detailed information on network activity.
  13. 13. Questions ? & Summary Botnets  What they are  How they grow  What they do  How to combat