4. 4
4th Generation Botnet
• Spreading Threats and Fear
• Exploiting Dedicated Targets
• Motive is not Money
• Weaponizing the Bots
• Cyber Weapon
• Exploiting Industry Control Systems
– Infecting Programming Logic Controllers
– Exploiting SCADA Vulnerabilities
Examples: Stuxnet
5. 5
Real and Deadly Botnet
• What makes Botnet Deadly ?
• Capabilities
– Distributed Denial of Service
– Spear Phishing, Spyware & Adware
– Fast Flux
– Spamdexing
– Bot Wars – Killing the Paradigm
– Stealing $$ from Targets
6. 6
Restricted Botnets
• Driven with Specific Capabilities
• Infection Channel is Unique
• Inherent Bot Toolkits
• Primarily, Monetary Benefits
• Ineffective Usage
– Spamming
– Denial of Service
• Example
– SpyEye, Zeus
8. 8
SpyEye - Framework
• Bot Generation Toolkit
• Banking Malware
• Similar Structure as Zeus
• Termed as Trojan
– Stealing Nature
• Restricted Botnet in Practice
• Monetary Benefits
• Does not Harness the Power of Bots
for Third Party Attacks
9. 9
SpyEye - Framework
• Components
– Builder
– Admin Panel
– Form Grabber Admin Panel
– Backend Database Server
• Written in C++, PHP, MySql
• Zeus Killing Mutex Code
• Exploits Browser Functions
10. 10
SpyEye - Framework
• Tactics and Techniques
– Malicious Plugins Support
– Self Designed SDK
– Web Injects
– Web Fakes
– Bank Credential Grabbers
– Bypassing NAT with SOCKS
– Userland Rootkit – Ring 3
14. 14
Conclusion
• Botnet Taxonomy is Important
• 3rd Generation Botnets – Too
Good
• Botnet Future is Never Ending
• Require Sophisticated Protections
15. 15
Contact & Websites
• Email
adi_ks [at] secniche.org
• SecNiche Security
http://www.secniche.org
• Malware at Stake Blog
http://secniche.blogspot.com