Published on

Published in: Technology


  1. 1. BOTNET Study in Internet Crime and Their Threats Presented by: Farheen K. Siddiqui, Richa Srivastava and Shobhini Job M.Tech, CSE Lakshmi Narain College Of Technology ( LNCT ), Bhopal.
  2. 2. <ul><li>What are Botnets? </li></ul><ul><li>How do they work? </li></ul><ul><li>Threats caused by Botnets </li></ul><ul><li>Detection and Prevention Methods </li></ul><ul><li>Analysis of Botnets </li></ul><ul><li>Conclusion </li></ul>
  3. 3. <ul><li>BOT + NET = BOTNET </li></ul><ul><li>“ A botnet is a collection of computers, connected to the internet, that interact to accomplish some distributed task.” </li></ul><ul><li>- Typically refers to botnets used for illegal purposes. </li></ul><ul><li>Controlled by one person or a group of people (aka. the botmaster) </li></ul><ul><li>- Under a command and control structure (C&C) </li></ul>
  4. 5. <ul><li>Botmaster infects victim with bot (worm, social engineering, etc) </li></ul><ul><li>Bot connects to C&C server. This could be done using HTTP, IRC or any other protocol. </li></ul><ul><li>Botmaster sends commands through C&C server to bot. </li></ul><ul><li>Repeat. Soon the botmaster has an army of bots to control from a single point </li></ul>
  5. 8. <ul><li>Distributed Denial of Service (DDoS) </li></ul><ul><li>Spam/Phishing </li></ul><ul><li>Ad-ware </li></ul><ul><li>Click Fraud </li></ul><ul><li>Others… </li></ul>
  6. 9. <ul><li>DDoS has been available in bots since the beginning </li></ul><ul><li>Used for extortion </li></ul><ul><li>- Take down systems until they pay – threats work too! </li></ul>
  7. 10. <ul><li>Many bots are able to send out spam or phishing attempts </li></ul><ul><li>Spam are bulk emails in mass quantity </li></ul><ul><li>Gives the spammer/phisher a way to send out </li></ul><ul><li>thousands of emails and easily beat spam defenses </li></ul><ul><li>Phishing is luring user to reveal personal detail </li></ul>
  8. 11. <ul><li>Ad-ware pays by the number of “installs” a person has </li></ul><ul><li>Many bots download and install ad-ware when they are loaded </li></ul><ul><li>- Often multiple versions of ad-ware </li></ul><ul><li>Generates income from ad-ware revenues </li></ul>
  9. 12. <ul><li>Online advertisers pay by the number of unique “clicks” on their ads </li></ul><ul><li>Thousands of bots can generate thousands of </li></ul><ul><li>unique clicks </li></ul><ul><li>Botmaster “rents” out the clicks and gets a piece of the revenue </li></ul><ul><li>Clickbot.A botnet found with more than 34,000 </li></ul><ul><li>machines in it </li></ul>
  10. 13. <ul><li>Malware installation </li></ul><ul><li>- Rootkits </li></ul><ul><li>- Other malware to increase the odds of keeping that machine </li></ul><ul><li>Spyware - Identity Theft </li></ul><ul><li>- Sniff passwords, keystroke logging </li></ul><ul><li>- Grab credit card, bank account information </li></ul><ul><li>Rent out the botnet! </li></ul><ul><li>- Pay as little as $100 an hour to DoS your favorite </li></ul><ul><li>site! </li></ul>
  11. 14. <ul><li>Anti-Malware Technology </li></ul><ul><li>IDSes (Intrusion Detection Systems) </li></ul><ul><li>IPSes (Intrusion Prevention Systems) </li></ul><ul><li>Honeypots </li></ul>
  12. 15. <ul><li>botnet control mechanisms </li></ul><ul><li>host control mechanisms </li></ul><ul><li>propagation mechanisms </li></ul><ul><li>exploits and attack mechanisms </li></ul><ul><li>malware delivery mechanisms </li></ul><ul><li>obfuscation methods and </li></ul><ul><li>deception strategies </li></ul>
  13. 16. <ul><li>Finding: </li></ul><ul><li>The predominant remote control mechanism for botnets remains Internet Relay Chat (IRC) and in general includes a rich set of commands enabling a wide range of use. </li></ul><ul><li>Implication: </li></ul><ul><li>Monitors of botnet activity on IRC channels and disruption of specific channels on IRC servers should continue to be an effective defensive strategy for the time being. </li></ul>
  14. 17. <ul><li>Finding: </li></ul><ul><li>The host control mechanisms used for harvesting sensitive information from host systems are ingenious and enable data from passwords to mailing lists to credit card numbers to be gathered. </li></ul><ul><li>Implication: </li></ul><ul><li>This is one of the most serious results of our study and suggests design objectives for future operating systems and applications that deal with sensitive data. </li></ul>
  15. 18. <ul><li>Finding: </li></ul><ul><li>There are at present only a limited set of propagation mechanisms available in botnets with Agobot showing the widest variety. Simple horizontal and vertical scanning are the most common mechanism. </li></ul><ul><li>Implication: </li></ul><ul><li>The specific propagation methods used in these botnets can form the basis for modeling and simulating botnet propagation in research studies </li></ul>
  16. 19. <ul><li>Finding: </li></ul><ul><li>Exploits refer to the specific methods for attacking known vulnerabilities on target systems. </li></ul><ul><li>Implication: </li></ul><ul><li>The set of exploits packaged with botnets suggest basic requirements for host-based anti-virus systems and network intrusion detection and prevention signature sets. </li></ul>
  17. 20. <ul><li>Finding: </li></ul><ul><li>Shell encoding and packing mechanisms that can enable attacks to circumvent defensive systems are common. </li></ul><ul><li>Implication: </li></ul><ul><li>A significant focus on methods for detecting polymorphic attacks may not be warranted at this time but encodings will continue to present a challenge for defensive systems. </li></ul>
  18. 21. <ul><li>Finding: </li></ul><ul><li>All botnets include a variety of sophisticated mechanisms for avoiding detection (e.g., by anti-virus software) once installed on a host system. </li></ul><ul><li>Implication: </li></ul><ul><li>Development of methods for detecting and disinfecting compromised systems will need to keep pace. </li></ul>
  19. 22. <ul><li>Finding: </li></ul><ul><li>Deception refers to the mechanisms used to evade detection once a bot is installed on a target host. These mechanisms are also referred to as rootkits. </li></ul><ul><li>Implication: </li></ul><ul><li>As these mechanisms improve, it is likely to become increasingly difficult to know that a system has been compromised, thereby complicating the task for host-based anti-virus and rootkit detection systems. </li></ul>
  20. 23. <ul><li>objective is to expand the knowledge base for security research </li></ul><ul><li>Some of the most important of findings: </li></ul><ul><li>- the diverse mechanisms for sensitive information gathering on compromised hosts, </li></ul><ul><li>- the effective mechanisms for remaining invisible once installed on a local host, and </li></ul><ul><li>- the relatively simple command and control systems that are currently used moving towards peer-to-peer infrastructure in the near future. </li></ul>