A botnet is a network of compromised computers called bots that are controlled by an attacker through an IRC server. The attacker infects computers with malware that allows control, turning them into bots. These bots then recruit other computers to join the botnet. Botnets can be used to conduct DDoS attacks, spread spam and malware, and steal personal information. Defending against botnets requires education, secure systems, firewalls, antivirus software, and law enforcement efforts.

2. Overview
 What is a BotNet?
 Internet Relay Chat
 How to become part of a BotNet?
 What damage can they do?
 How to combat them?

3. What is BotNet?
 Bot or Zombie computer.
Programs which respond autonomously to
particular external events are bots.
 Network of Bots is BotNet.
 Operator giving instructions to only a small number of
machines. These machines then propagate the
instructions to other compromised machines, usually
via IRC.

4. Types of Bots
 Some popular Bots :
 GT-Bot
 Global Threat bot based on IRC clients for window.
 Used to control the activity of the remote system.
 AgoBot
 Most popular bots used by crackers.
 It is written in C++
 It provides many mechanisms to hide its presence on the host
computer

5. Types of Bots
 DSNX
 Dataspy Network X bot
 Written in C++
 New functionality to this bot is very easy and its simple plug–in
architecture.
 SDBot
 Written in C
 Unlike Agobot, its code is not very clear and the software itself
comes with a limited set of features

6. Internet Relay Chat
 IRC stands for Internet Relay Chat.
 Protocol for real time chat communication.
 Based on Client-Server Architecture.
 IRC user communication mode
 Public
 Private.
 Flexible & allow user to hide identity.

7. Structure of BotNet

8. Elements of An AttaCk
 An attacker first spreads a trojan horse, which infects
various hosts. These hosts become zombies and
connect to the IRC server in order to listen to further
commands.
 The IRC server can either be a public machine in one
of the IRC networks or a dedicated server installed by
the attacker on one of the compromised hosts.
 Bots run on compromised computers, forming a
botnet.

9. How to become part of
BotNet
 Trojans
 Spread by social engineering (Spam, Software Download)
 email attachment
 SMTP engine
 Direct infection
 Scan and exploit (Blaster…)
 Exploit
 Spread by social engineering (Phishing)
 Bad luck (visit the wrong site…)

10. What damage can they do?
1. DDoS
 Victim is flooded with more request than it can
handle.
 used to damage or take down a competitor’s website.
Example:
 On-line gambling sites (e.g. Total bet)
 Anti DDoS by utilising widely distributed DNS and Hosting servers
 Hit by DDoS towards their DNS, affected 4% of their customers

11.  Fraud
Pay per click adware
Harvest large number of Bots to spread adware
Collect Banking details, selling credit card numbers by the
thousand
Identity Theft ($25 up to $200 for identity with a
good credit record)
 Use of resources
Proxy
Spam
DDoS

12. How to Combat them?
 Firewalls/AV
 Desktop management
 Education
 Secure OS
 Law enforcement
 National high tech crime unit
 FBI

13. How to Combat them?
 Netstat
 Flexible tool available both for Windows and UNIX systems.
 Its main function is control of the active ports
 Netstat examines listening TCP and UDP ports.
 Provides detailed information on network activity.

14. Questions ? & Summary
 Botnets
 What they are
 How they grow
 What they do
 How to combat