SlideShare a Scribd company logo

Botnet

Download as PPTX, PDF
lokenra
lokenra

What are the Botnets? Description of what are botnets and how they works. what are the known botnet attacks.and architecture of botnets. slides also describes some prevention steps from botnet attack.

Engineering
1 of 15
BTIT603: Cyber and Network Security Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore1 Botnet
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore2  Botnets have become one of the biggest threats to security systems today. Their growing popularity among cybercriminals comes from their ability to infiltrate almost any internet-connected device, from DVR players to corporate mainframes.  Botnets are also becoming a larger part of cultural discussions around cyber security. Facebook’s fake ad controversy and the Twitter bot fiasco during the 2016 presidential election worry many politicians and citizens about the disruptive potential of botnets. Recently published studies from MIT have concluded that social media bots and automated accounts play a major role in spreading fake news.  Aside from being tools for influencing elections and mining cryptocurrencies, botnets are also dangerous to corporations and consumers because they’re used to deploy malware, initiate attacks on websites, steal personal information, and defraud advertisers.  It’s clear botnets are bad, but what are they exactly? And how can you protect your personal information and devices?
What is Botnet? Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore3  To better understand what botnets are and how botnets function, consider that the name itself is a blending of the words “robot” and “network”. In a broad sense, that’s exactly what botnets are: a network of robots used to commit cyber crime.  The term botnet is derived from the words robot and network. A bot in this case is a device infected by malware, which then becomes part of a network, or net, of infected devices controlled by a single attacker or attack group. The cyber criminals controlling them are called botmasters or bot herders.  Botnets are the workhorses of the Internet. They’re connected computers performing a number of repetitive tasks to keep websites going.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore4  What you need to be careful of are the illegal and malicious botnets. What happens is that botnets gain access to your machine through some piece of malicious coding. In some cases, your machine is directly hacked, while other times what is known as a “spider” (a program that crawls the Internet looking for holes in security to exploit) does the hacking automatically.  More often than not, what botnets are looking to do is to add your computer to their web. That usually happens through a drive-by download or fooling you into installing a Trojan horse on your computer. Once the software is downloaded, the botnet will now contact its master computer and let it know that everything is ready to go. Now your computer, phone or tablet is entirely under the control of the person who created the botnet.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore5 Once the botnet’s owner is in control of your computer, they usually use your machine to carry out other nefarious tasks. Common tasks executed by botnets include: 1. Using your machine’s power to assist in distributed denial-of- service (DDoS) attacks to shut down websites. 2. Emailing spam out to millions of Internet users. 3. Generating fake Internet traffic on a third-party website for financial gain. 4. Replacing banner ads in your web browser specifically targeted at you. 5. Pop-ups ads designed to get you to pay for the removal of the botnet through a anti-spyware package. 6. The short answer is that a botnet is hijacking your computer to do what botnets do -- carry out mundane(boring, tedious) tasks -- faster and better.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore6 Source of image: https://searchsecurity.techtarget.com/definition/botnet
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore7  Once the desired number of devices is infected, attackers can control the bots using two different approaches. The traditional client/server approach involves setting up a command-and- control (C&C) server and sending automated commands to infected botnet clients through a communications protocol, such as internet relay chat (IRC). The bots are often programmed to remain dormant and await commands from the C&C server before initiating any malicious activities.  The other approach to controlling infected bots involves a peer-to-peer network. Instead of using C&C servers, a peer-to-peer botnet relies on a decentralized approach. Infected devices may be programmed to scan for malicious websites, or even for other devices in the same botnet. The bots can then share updated commands or the latest versions of the botnet malware.  The peer-to-peer approach is more common today, as cybercriminals and hacker groups try to avoid detection by cybersecurity vendors and law enforcement agencies, which have often used C&C communications as a way to monitor for, locate and disrupt botnet operations.
How to Protect Yourself From Botnets? Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore8 Most people who are infected with botnets aren’t even aware that their computer’s security has become compromised. However, taking simple, common-sense precautions when using the Internet can not only remove botnets that have been installed, it can also prevent them from being installed on your computer, tablet and phone in the first place. 1. Always update your computer’s operating system as early as possible. Hackers often utilize known flaws in operating system security to install botnets. You can even set your computer to install updates automatically. 2. The same is true of applications on your computer, phone and tablet. Once weakness are found and announced by software companies, hackers rush to create programs to exploit those weaknesses.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore9 3. Don’t download attachments or click on links from email addresses you don’t recognize. This is one of the most common vectors for all forms of malware. 4. Use a firewall when browsing the Internet. This is easy to do with Mac computers, as they come with Firewall software pre-installed. If you’re using a Windows-based machine, you might need to install third-party software. 5. Don’t visit websites that are known distributors of malware. One of the things that a full-service Internet security suite can do is warn you when you’re visiting such sites. When in doubt, check with Norton Safe Web. In general, hackers tend to look for low-hanging fruit. If you can mount even basic defenses, botnets and other forms of malware are going to look for easier targets How to Protect Yourself From Botnets?
Notable botnet attacks Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore10 1. Zeus The Zeus malware, first detected in 2007, is one of the best-known and widely used malware types in the history of information security.  Zeus uses a Trojan horse program to infect vulnerable devices and systems, and variants of this malware have been used for various purposes over the years, including to spread CryptoLocker ransomware.  Initially, Zeus, or Zbot, was used to harvest banking credentials and financial information from users of infected devices. Once the data was collected, attackers used the bots to send out spam and phishing emails that spread the Zeus Trojan to more prospective victims.  In 2009, cybersecurity vendor Damballa estimated Zeus had infected 3.6 million hosts. The following year, the FBI identified a group of Eastern European cybercriminals who were suspected to be behind the Zeus malware campaign; the FBI later made more than 100 arrests in the U.S. and Europe.  The Zeus botnet was repeatedly disrupted in 2010, when two internet service providers that were hosting the C&C servers for Zeus were shut down. However, new versions of the Zeus malware were later discovered.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore11 2. Srizbi The Srizbi botnet, which was first discovered in 2007, was, for a time, the largest botnet in the world. Srizbi, also known as the Ron Paul spam botnet, was responsible for a massive amount of email spam -- as much as 60 billion messages a day, accounting for roughly half of all email spam on the internet at the time. In 2007, the Srizbi botnet was used to send out political spam emails promoting then-U.S. Presidential candidate Ron Paul.  The botnet used a Trojan to infect users' computers, which were then used to send out spam. Experts estimated that the Srizbi botnet included approximately 450,000 infected systems.  The cybercriminals behind Srizbi used San Jose, Calif.-based hosting provider McColo for the botnet's C&C infrastructure. The botnet's activity ceased when McColo, which was discovered to be hosting other botnet and spam operations, as well, was shut down in 2008.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore12 3. Gameover Zeus Approximately a year after the original Zeus botnet was disrupted, a new version of the Zeus malware emerged, known as Gameover Zeus.  Instead of relying on a traditional, centralized C&C operation to control bots, Gameover Zeus used a peer-to-peer network approach, which initially made the botnet harder for law enforcement and security vendors to pinpoint and disrupt. Infected bots used the domain generation algorithm (DGA) to communicate.  The Gameover Zeus botnet would generate domain names to serve as communication points for infected bots. An infected device would randomly select domains until it reached an active domain that was able to issue new commands. Security firm Bitdefender reported two versions of Gameover Zeus, one of which generated 1,000 new domains, and the other which generated 10,000 new domains each day.  In 2014, international law enforcement agencies took part in Operation Tovar to temporarily disrupt Gameover Zeus by identifying the domains used by the cybercriminals, and then redirecting bot traffic to government-controlled servers.  The FBI also offered a $3 million reward for Russian hacker Evgeniy Bogachev, who is accused of being the mastermind behind the Gameover Zeus botnet. Bogachev is still at large, and new variants of Gameover Zeus have since emerged.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore13 4. Methbot An extensive cybercrime operation and ad fraud botnet known as Methbot was revealed in 2016 by cybersecurity services company White Ops. According to security researchers, Methbot was generating between $3 million and $5 million in fraudulent ad revenue daily last year by producing fraudulent clicks for online ads, as well as fake views of video advertisements.  Instead of infecting random devices, the Methbot campaign is run on approximately 800-1,200 dedicated servers in data centers located in both the U.S. and the Netherlands. The campaign's operational infrastructure includes 6,000 spoofed domains, and more than 850,000 dedicated IP addresses, many of which are falsely registered as belonging to legitimate U.S.-based internet service providers.  The infected servers can produce fake clicks and mouse movements, as well as forge social media account logins to appear as legitimate users to fool conventional ad fraud detection techniques. In an effort to disrupt the monetization scheme for Methbot, White Ops published a list of the spoofed domains and fraudulent IP addresses to alert advertisers and enable them to block the addresses.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore14 5. Mirai Several powerful, record-setting distributed denial-of-service (DDoS) attacks were observed in late 2016, and they later traced to a new brand of malware known as Mirai. The DDoS traffic was produced by a variety of connected devices, such as wireless routers and CCTV cameras.  Mirai malware is designed to scan the internet for insecure connected devices, while also avoiding IP addresses belonging to major corporations, like Hewlett- Packard and government agencies, such as the U.S. Department of Defense.  Once it identifies an insecure device, the malware tries to log in with a series of common default passwords used by manufacturers. If those passwords don't work, then Mirai uses brute force attacks to guess the password. Once a device is compromised, it connects to C&C infrastructure and can divert varying amounts of traffic toward a DDoS target.  Devices that have been infected are often still able to continue functioning normally, making it difficult to detect Mirai botnet activity from a specific device. For some internet of things (IoT) devices, such as digital video recorders, the factory password is hard coded in the device's firmware, and many devices cannot update their firmware over the internet.  The Mirai source code was later released to the public, allowing anyone to use the malware to compose botnets leveraging poorly protected IoT devices.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore15  References: 1. https://searchsecurity.techtarget.com/definition/botn et. 2. https://www.pandasecurity.com/mediacenter/security /what-is-a-botnet/ 3. https://us.norton.com/internetsecurity-malware- what-is-a-botnet.html 4. https://en.wikipedia.org/wiki/Botnet

Recommended

BOTNET
BOTNETBOTNET
BOTNET
Arjo Ghosh
 
introduction to Botnet
introduction to Botnetintroduction to Botnet
introduction to Botnet
yogendra singh chahar
 
Botnet
Botnet Botnet
Botnet
PriyanKa Harjai
 
Botnets 101
Botnets 101Botnets 101
Botnets 101
Aung Thu Rha Hein
 
What is botnet?
What is botnet?What is botnet?
What is botnet?
Milan Petrásek
 
Malware
MalwareMalware
Malware
Tuhin_Das
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Botnets
BotnetsBotnets
Botnets
richashri3
 

Recommended

BOTNET
BOTNETBOTNET
BOTNET
Arjo Ghosh
 
introduction to Botnet
introduction to Botnetintroduction to Botnet
introduction to Botnet
yogendra singh chahar
 
Botnet
Botnet Botnet
Botnet
PriyanKa Harjai
 
Botnets 101
Botnets 101Botnets 101
Botnets 101
Aung Thu Rha Hein
 
What is botnet?
What is botnet?What is botnet?
What is botnet?
Milan Petrásek
 
Malware
MalwareMalware
Malware
Tuhin_Das
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Botnets
BotnetsBotnets
Botnets
richashri3
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine Learning
Siemplify
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Akash Dhiman
 
Cyber security
Cyber securityCyber security
Cyber security
Dr. Kishor Nikam
 
Cyber security
Cyber securityCyber security
Cyber security
Rishav Sadhu
 
Botnets
BotnetsBotnets
Botnets
Kavisha Miyan
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
Keyloggers
KeyloggersKeyloggers
Keyloggers
kdore
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
Avani Patel
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Vivek Agarwal
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security
ritik shukla
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Prabhat kumar Suman
 
Ransomware
RansomwareRansomware
Ransomware
Chaitali Sharma
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Bhandari Hìmáñßhü
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me"
Simon Salter
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
Nick Miller
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
Security Bootcamp
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
Prashant Chopra
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websites
m srikanth
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness program
Avanzo net
 
Botnet
BotnetBotnet
Botnet
Joshin Gomez
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1
Aniq Eastrarulkhair
 

More Related Content

What's hot

Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine Learning
Siemplify
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Akash Dhiman
 
Cyber security
Cyber securityCyber security
Cyber security
Dr. Kishor Nikam
 
Cyber security
Cyber securityCyber security
Cyber security
Rishav Sadhu
 
Botnets
BotnetsBotnets
Botnets
Kavisha Miyan
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
Keyloggers
KeyloggersKeyloggers
Keyloggers
kdore
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
Avani Patel
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Vivek Agarwal
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security
ritik shukla
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Prabhat kumar Suman
 
Ransomware
RansomwareRansomware
Ransomware
Chaitali Sharma
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Bhandari Hìmáñßhü
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me"
Simon Salter
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
Nick Miller
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
Security Bootcamp
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
Prashant Chopra
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websites
m srikanth
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness program
Avanzo net
 

What's hot (20)

Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine Learning
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Botnets
BotnetsBotnets
Botnets
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Keyloggers
KeyloggersKeyloggers
Keyloggers
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ransomware
RansomwareRansomware
Ransomware
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me"
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websites
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness program
 

Similar to Botnet

Botnet
BotnetBotnet
Botnet
Joshin Gomez
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1
Aniq Eastrarulkhair
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
Mohammed Jaseem Tp
 
Malicious malware breaches - eScan
Malicious malware breaches - eScanMalicious malware breaches - eScan
Malicious malware breaches - eScan
MicroWorld Software Services Pvt Ltd
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Connecting Up
 
Types of Malware.docx
Types of Malware.docxTypes of Malware.docx
Types of Malware.docx
SarahReese14
 
Botnet Attacks How They Work and How to Defend Against Them.pdf
Botnet Attacks How They Work and How to Defend Against Them.pdfBotnet Attacks How They Work and How to Defend Against Them.pdf
Botnet Attacks How They Work and How to Defend Against Them.pdf
uzair
 
trojon horse Seminar report
trojon horse Seminar report trojon horse Seminar report
trojon horse Seminar report
NamanKikani
 
Untitled document.pdf
Untitled document.pdfUntitled document.pdf
Untitled document.pdf
google
 
I.T Security Threats
I.T Security ThreatsI.T Security Threats
I.T Security Threats
Umakant Mishra
 
Types of malware threats
Types of malware threatsTypes of malware threats
Types of malware threats
EC-Council
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
Muniba Bukhari
 
System Based Attacks - CYBER SECURITY
System Based Attacks - CYBER SECURITYSystem Based Attacks - CYBER SECURITY
System Based Attacks - CYBER SECURITY
Souma Maiti
 
Malware
MalwareMalware
Malware
Anoushka Srivastava
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
EC-Council
 
20210717-AntiBotnets-FundamentalInfoSec.pptx
20210717-AntiBotnets-FundamentalInfoSec.pptx20210717-AntiBotnets-FundamentalInfoSec.pptx
20210717-AntiBotnets-FundamentalInfoSec.pptx
Suman Garai
 
viruses.pptx
viruses.pptxviruses.pptx
viruses.pptx
AsadbekAbdumannopov
 
BOTNETS
BOTNETSBOTNETS
BOTNETS
Arjo Ghosh
 
How spam change the world
How spam change the world How spam change the world
How spam change the world
Farhaan Bukhsh
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”
iosrjce
 

Similar to Botnet (20)

Botnet
BotnetBotnet
Botnet
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
 
Malicious malware breaches - eScan
Malicious malware breaches - eScanMalicious malware breaches - eScan
Malicious malware breaches - eScan
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
 
Types of Malware.docx
Types of Malware.docxTypes of Malware.docx
Types of Malware.docx
 
Botnet Attacks How They Work and How to Defend Against Them.pdf
Botnet Attacks How They Work and How to Defend Against Them.pdfBotnet Attacks How They Work and How to Defend Against Them.pdf
Botnet Attacks How They Work and How to Defend Against Them.pdf
 
trojon horse Seminar report
trojon horse Seminar report trojon horse Seminar report
trojon horse Seminar report
 
Untitled document.pdf
Untitled document.pdfUntitled document.pdf
Untitled document.pdf
 
I.T Security Threats
I.T Security ThreatsI.T Security Threats
I.T Security Threats
 
Types of malware threats
Types of malware threatsTypes of malware threats
Types of malware threats
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 
System Based Attacks - CYBER SECURITY
System Based Attacks - CYBER SECURITYSystem Based Attacks - CYBER SECURITY
System Based Attacks - CYBER SECURITY
 
Malware
MalwareMalware
Malware
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
 
20210717-AntiBotnets-FundamentalInfoSec.pptx
20210717-AntiBotnets-FundamentalInfoSec.pptx20210717-AntiBotnets-FundamentalInfoSec.pptx
20210717-AntiBotnets-FundamentalInfoSec.pptx
 
viruses.pptx
viruses.pptxviruses.pptx
viruses.pptx
 
BOTNETS
BOTNETSBOTNETS
BOTNETS
 
How spam change the world
How spam change the world How spam change the world
How spam change the world
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”
 

Recently uploaded

Literature Review Basics and Understanding Reference Management.pptx
Literature Review Basics and Understanding Reference Management.pptxLiterature Review Basics and Understanding Reference Management.pptx
Literature Review Basics and Understanding Reference Management.pptx
Dr Ramhari Poudyal
 
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsKuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
Victor Morales
 
CSM Cloud Service Management Presentarion
CSM Cloud Service Management PresentarionCSM Cloud Service Management Presentarion
CSM Cloud Service Management Presentarion
rpskprasana
 
Technical Drawings introduction to drawing of prisms
Technical Drawings introduction to drawing of prismsTechnical Drawings introduction to drawing of prisms
Technical Drawings introduction to drawing of prisms
heavyhaig
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
Aditya Rajan Patra
 
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
thanhdowork
 
New techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdfNew techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdf
wisnuprabawa3
 
Wearable antenna for antenna applications
Wearable antenna for antenna applicationsWearable antenna for antenna applications
Wearable antenna for antenna applications
Madhumitha Jayaram
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
IJECEIAES
 
International Conference on NLP, Artificial Intelligence, Machine Learning an...
International Conference on NLP, Artificial Intelligence, Machine Learning an...International Conference on NLP, Artificial Intelligence, Machine Learning an...
International Conference on NLP, Artificial Intelligence, Machine Learning an...
gerogepatton
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
IJECEIAES
 
DfMAy 2024 - key insights and contributions
DfMAy 2024 - key insights and contributionsDfMAy 2024 - key insights and contributions
DfMAy 2024 - key insights and contributions
gestioneergodomus
 
2. Operations Strategy in a Global Environment.ppt
2. Operations Strategy in a Global Environment.ppt2. Operations Strategy in a Global Environment.ppt
2. Operations Strategy in a Global Environment.ppt
PuktoonEngr
 
Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
Hitesh Mohapatra
 
22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
KrishnaveniKrishnara1
 
Low power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniquesLow power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniques
nooriasukmaningtyas
 
bank management system in java and mysql report1.pdf
bank management system in java and mysql report1.pdfbank management system in java and mysql report1.pdf
bank management system in java and mysql report1.pdf
Divyam548318
 
Modelagem de um CSTR com reação endotermica.pdf
Modelagem de um CSTR com reação endotermica.pdfModelagem de um CSTR com reação endotermica.pdf
Modelagem de um CSTR com reação endotermica.pdf
camseq
 
A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...
nooriasukmaningtyas
 
digital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdfdigital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdf
drwaing
 

Recently uploaded (20)

Literature Review Basics and Understanding Reference Management.pptx
Literature Review Basics and Understanding Reference Management.pptxLiterature Review Basics and Understanding Reference Management.pptx
Literature Review Basics and Understanding Reference Management.pptx
 
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsKuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
 
CSM Cloud Service Management Presentarion
CSM Cloud Service Management PresentarionCSM Cloud Service Management Presentarion
CSM Cloud Service Management Presentarion
 
Technical Drawings introduction to drawing of prisms
Technical Drawings introduction to drawing of prismsTechnical Drawings introduction to drawing of prisms
Technical Drawings introduction to drawing of prisms
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
 
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
 
New techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdfNew techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdf
 
Wearable antenna for antenna applications
Wearable antenna for antenna applicationsWearable antenna for antenna applications
Wearable antenna for antenna applications
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
 
International Conference on NLP, Artificial Intelligence, Machine Learning an...
International Conference on NLP, Artificial Intelligence, Machine Learning an...International Conference on NLP, Artificial Intelligence, Machine Learning an...
International Conference on NLP, Artificial Intelligence, Machine Learning an...
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
 
DfMAy 2024 - key insights and contributions
DfMAy 2024 - key insights and contributionsDfMAy 2024 - key insights and contributions
DfMAy 2024 - key insights and contributions
 
2. Operations Strategy in a Global Environment.ppt
2. Operations Strategy in a Global Environment.ppt2. Operations Strategy in a Global Environment.ppt
2. Operations Strategy in a Global Environment.ppt
 
Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
 
22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
 
Low power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniquesLow power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniques
 
bank management system in java and mysql report1.pdf
bank management system in java and mysql report1.pdfbank management system in java and mysql report1.pdf
bank management system in java and mysql report1.pdf
 
Modelagem de um CSTR com reação endotermica.pdf
Modelagem de um CSTR com reação endotermica.pdfModelagem de um CSTR com reação endotermica.pdf
Modelagem de um CSTR com reação endotermica.pdf
 
A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...
 
digital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdfdigital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdf
 

Botnet

  • 1. BTIT603: Cyber and Network Security Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore1 Botnet
  • 2. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore2  Botnets have become one of the biggest threats to security systems today. Their growing popularity among cybercriminals comes from their ability to infiltrate almost any internet-connected device, from DVR players to corporate mainframes.  Botnets are also becoming a larger part of cultural discussions around cyber security. Facebook’s fake ad controversy and the Twitter bot fiasco during the 2016 presidential election worry many politicians and citizens about the disruptive potential of botnets. Recently published studies from MIT have concluded that social media bots and automated accounts play a major role in spreading fake news.  Aside from being tools for influencing elections and mining cryptocurrencies, botnets are also dangerous to corporations and consumers because they’re used to deploy malware, initiate attacks on websites, steal personal information, and defraud advertisers.  It’s clear botnets are bad, but what are they exactly? And how can you protect your personal information and devices?
  • 3. What is Botnet? Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore3  To better understand what botnets are and how botnets function, consider that the name itself is a blending of the words “robot” and “network”. In a broad sense, that’s exactly what botnets are: a network of robots used to commit cyber crime.  The term botnet is derived from the words robot and network. A bot in this case is a device infected by malware, which then becomes part of a network, or net, of infected devices controlled by a single attacker or attack group. The cyber criminals controlling them are called botmasters or bot herders.  Botnets are the workhorses of the Internet. They’re connected computers performing a number of repetitive tasks to keep websites going.
  • 4. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore4  What you need to be careful of are the illegal and malicious botnets. What happens is that botnets gain access to your machine through some piece of malicious coding. In some cases, your machine is directly hacked, while other times what is known as a “spider” (a program that crawls the Internet looking for holes in security to exploit) does the hacking automatically.  More often than not, what botnets are looking to do is to add your computer to their web. That usually happens through a drive-by download or fooling you into installing a Trojan horse on your computer. Once the software is downloaded, the botnet will now contact its master computer and let it know that everything is ready to go. Now your computer, phone or tablet is entirely under the control of the person who created the botnet.
  • 5. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore5 Once the botnet’s owner is in control of your computer, they usually use your machine to carry out other nefarious tasks. Common tasks executed by botnets include: 1. Using your machine’s power to assist in distributed denial-of- service (DDoS) attacks to shut down websites. 2. Emailing spam out to millions of Internet users. 3. Generating fake Internet traffic on a third-party website for financial gain. 4. Replacing banner ads in your web browser specifically targeted at you. 5. Pop-ups ads designed to get you to pay for the removal of the botnet through a anti-spyware package. 6. The short answer is that a botnet is hijacking your computer to do what botnets do -- carry out mundane(boring, tedious) tasks -- faster and better.
  • 6. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore6 Source of image: https://searchsecurity.techtarget.com/definition/botnet
  • 7. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore7  Once the desired number of devices is infected, attackers can control the bots using two different approaches. The traditional client/server approach involves setting up a command-and- control (C&C) server and sending automated commands to infected botnet clients through a communications protocol, such as internet relay chat (IRC). The bots are often programmed to remain dormant and await commands from the C&C server before initiating any malicious activities.  The other approach to controlling infected bots involves a peer-to-peer network. Instead of using C&C servers, a peer-to-peer botnet relies on a decentralized approach. Infected devices may be programmed to scan for malicious websites, or even for other devices in the same botnet. The bots can then share updated commands or the latest versions of the botnet malware.  The peer-to-peer approach is more common today, as cybercriminals and hacker groups try to avoid detection by cybersecurity vendors and law enforcement agencies, which have often used C&C communications as a way to monitor for, locate and disrupt botnet operations.
  • 8. How to Protect Yourself From Botnets? Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore8 Most people who are infected with botnets aren’t even aware that their computer’s security has become compromised. However, taking simple, common-sense precautions when using the Internet can not only remove botnets that have been installed, it can also prevent them from being installed on your computer, tablet and phone in the first place. 1. Always update your computer’s operating system as early as possible. Hackers often utilize known flaws in operating system security to install botnets. You can even set your computer to install updates automatically. 2. The same is true of applications on your computer, phone and tablet. Once weakness are found and announced by software companies, hackers rush to create programs to exploit those weaknesses.
  • 9. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore9 3. Don’t download attachments or click on links from email addresses you don’t recognize. This is one of the most common vectors for all forms of malware. 4. Use a firewall when browsing the Internet. This is easy to do with Mac computers, as they come with Firewall software pre-installed. If you’re using a Windows-based machine, you might need to install third-party software. 5. Don’t visit websites that are known distributors of malware. One of the things that a full-service Internet security suite can do is warn you when you’re visiting such sites. When in doubt, check with Norton Safe Web. In general, hackers tend to look for low-hanging fruit. If you can mount even basic defenses, botnets and other forms of malware are going to look for easier targets How to Protect Yourself From Botnets?
  • 10. Notable botnet attacks Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore10 1. Zeus The Zeus malware, first detected in 2007, is one of the best-known and widely used malware types in the history of information security.  Zeus uses a Trojan horse program to infect vulnerable devices and systems, and variants of this malware have been used for various purposes over the years, including to spread CryptoLocker ransomware.  Initially, Zeus, or Zbot, was used to harvest banking credentials and financial information from users of infected devices. Once the data was collected, attackers used the bots to send out spam and phishing emails that spread the Zeus Trojan to more prospective victims.  In 2009, cybersecurity vendor Damballa estimated Zeus had infected 3.6 million hosts. The following year, the FBI identified a group of Eastern European cybercriminals who were suspected to be behind the Zeus malware campaign; the FBI later made more than 100 arrests in the U.S. and Europe.  The Zeus botnet was repeatedly disrupted in 2010, when two internet service providers that were hosting the C&C servers for Zeus were shut down. However, new versions of the Zeus malware were later discovered.
  • 11. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore11 2. Srizbi The Srizbi botnet, which was first discovered in 2007, was, for a time, the largest botnet in the world. Srizbi, also known as the Ron Paul spam botnet, was responsible for a massive amount of email spam -- as much as 60 billion messages a day, accounting for roughly half of all email spam on the internet at the time. In 2007, the Srizbi botnet was used to send out political spam emails promoting then-U.S. Presidential candidate Ron Paul.  The botnet used a Trojan to infect users' computers, which were then used to send out spam. Experts estimated that the Srizbi botnet included approximately 450,000 infected systems.  The cybercriminals behind Srizbi used San Jose, Calif.-based hosting provider McColo for the botnet's C&C infrastructure. The botnet's activity ceased when McColo, which was discovered to be hosting other botnet and spam operations, as well, was shut down in 2008.
  • 12. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore12 3. Gameover Zeus Approximately a year after the original Zeus botnet was disrupted, a new version of the Zeus malware emerged, known as Gameover Zeus.  Instead of relying on a traditional, centralized C&C operation to control bots, Gameover Zeus used a peer-to-peer network approach, which initially made the botnet harder for law enforcement and security vendors to pinpoint and disrupt. Infected bots used the domain generation algorithm (DGA) to communicate.  The Gameover Zeus botnet would generate domain names to serve as communication points for infected bots. An infected device would randomly select domains until it reached an active domain that was able to issue new commands. Security firm Bitdefender reported two versions of Gameover Zeus, one of which generated 1,000 new domains, and the other which generated 10,000 new domains each day.  In 2014, international law enforcement agencies took part in Operation Tovar to temporarily disrupt Gameover Zeus by identifying the domains used by the cybercriminals, and then redirecting bot traffic to government-controlled servers.  The FBI also offered a $3 million reward for Russian hacker Evgeniy Bogachev, who is accused of being the mastermind behind the Gameover Zeus botnet. Bogachev is still at large, and new variants of Gameover Zeus have since emerged.
  • 13. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore13 4. Methbot An extensive cybercrime operation and ad fraud botnet known as Methbot was revealed in 2016 by cybersecurity services company White Ops. According to security researchers, Methbot was generating between $3 million and $5 million in fraudulent ad revenue daily last year by producing fraudulent clicks for online ads, as well as fake views of video advertisements.  Instead of infecting random devices, the Methbot campaign is run on approximately 800-1,200 dedicated servers in data centers located in both the U.S. and the Netherlands. The campaign's operational infrastructure includes 6,000 spoofed domains, and more than 850,000 dedicated IP addresses, many of which are falsely registered as belonging to legitimate U.S.-based internet service providers.  The infected servers can produce fake clicks and mouse movements, as well as forge social media account logins to appear as legitimate users to fool conventional ad fraud detection techniques. In an effort to disrupt the monetization scheme for Methbot, White Ops published a list of the spoofed domains and fraudulent IP addresses to alert advertisers and enable them to block the addresses.
  • 14. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore14 5. Mirai Several powerful, record-setting distributed denial-of-service (DDoS) attacks were observed in late 2016, and they later traced to a new brand of malware known as Mirai. The DDoS traffic was produced by a variety of connected devices, such as wireless routers and CCTV cameras.  Mirai malware is designed to scan the internet for insecure connected devices, while also avoiding IP addresses belonging to major corporations, like Hewlett- Packard and government agencies, such as the U.S. Department of Defense.  Once it identifies an insecure device, the malware tries to log in with a series of common default passwords used by manufacturers. If those passwords don't work, then Mirai uses brute force attacks to guess the password. Once a device is compromised, it connects to C&C infrastructure and can divert varying amounts of traffic toward a DDoS target.  Devices that have been infected are often still able to continue functioning normally, making it difficult to detect Mirai botnet activity from a specific device. For some internet of things (IoT) devices, such as digital video recorders, the factory password is hard coded in the device's firmware, and many devices cannot update their firmware over the internet.  The Mirai source code was later released to the public, allowing anyone to use the malware to compose botnets leveraging poorly protected IoT devices.
  • 15. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore15  References: 1. https://searchsecurity.techtarget.com/definition/botn et. 2. https://www.pandasecurity.com/mediacenter/security /what-is-a-botnet/ 3. https://us.norton.com/internetsecurity-malware- what-is-a-botnet.html 4. https://en.wikipedia.org/wiki/Botnet