Botnets have increased not only in numbers but also in sophistication of carrying out its design purpose. What are the lesson learned so far from the recent Botnet takedown?
Managing Cloud Security Risks in Your OrganizationCharles Lim
Any Organization in the World need to prepare themselves before they move to the cloud, i.e. cloud security risk assessment. It is all about managing your risks if you accept to move to the cloud and understanding the risks and benefits should be essential part of any organization thinking to move to cloud infrastructure.
Managing Cloud Security Risks in Your OrganizationCharles Lim
Any Organization in the World need to prepare themselves before they move to the cloud, i.e. cloud security risk assessment. It is all about managing your risks if you accept to move to the cloud and understanding the risks and benefits should be essential part of any organization thinking to move to cloud infrastructure.
Nowadays, cyber-attacks from botnets are increasing at a faster rate than any other malware spread. Detecting the botmaster who commands the tasks has become more difficult. Most of the detecting methods are based on the features of any communication protocol or the history of the network traffic. In this paper, a rational approach is brought for the live detection of the botmaster in the internal network. The victim machine monitors its packets and compromises the bots in the network and finds the traces to the botmaster. This approach works independent of the structure of the botnet, and will be a better option for online detection of the botmaster.
The Hacker Secret #2: The Dynamite of Next Generation (Y) Attack focus on client-side exploitation with Software bugs, latest windows vulnerabilities, etc...
Internet threats have increased manifold with the
arrival of botnets. Many organizations worldwide and the
social networks have been affected by botnets. Numerous
researches have been carried to understand the concept of
bots, C&C channels, botnet and botmasters. These botnets
have been able to update itself regularly which makes them
very difficult to be detected. The purpose of this paper is to
understand the of behavior of botnets and its affect on the
virtual world. The paper has also analyzed the types of
botnets, lifecycle and elements of botnets.
“Design and Detection of Mobile Botnet Attacks”iosrjce
A mobile botnet is a type of bot that runs automatically when installed on a mobile phone, which
does not have any anti-malware. The botnet gains complete access over our mobile device. The common
propagation medium for smartphone based botnet attacks are SMS, Bluetooth and Wi-Fi. In our project, we will
demonstrate a SMS-cum-Wi-Fi based mobile botnet using a centralized C&C server. The botmaster initiates
commands to C&C server and the C&C propagates to infected smartphones i.e. bots. We will try to develop a
network which cannot be detected easily and propagates fast. The target of the propagation will be Android
Operating System. For detection, an application is created to detect whether smartphone is working as bot or
not. In this, we guide user about possible botnet attacks.
Botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical targets, malware dissemination, phishing, and click fraud. The defining characteristic of botnets is the use of command and control channels through which they can be updated and directed. Recently, botnet detection has been an interesting research topic related to cyber-threat and cyber-crime prevention. This paper is a survey of botnet and botnet detection. The survey clarifies botnet phenomenon and discusses botnet detection techniques. This survey classifies botnet detection techniques into four classes: signature-based, anomaly-based, DNS-based, and mining-base.
The Conficker worm is notable because of its strong infection ability and sophisticated malware techniques. Learn what Conficker is and more related info here.
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24
Our expert panel share their predictions for the vulnerabilities to watch out for in 2021 and explain how machine learning can be used effectively in these unpredictive times to get you ready for the security challenges ahead.
Nowadays, cyber-attacks from botnets are increasing at a faster rate than any other malware spread. Detecting the botmaster who commands the tasks has become more difficult. Most of the detecting methods are based on the features of any communication protocol or the history of the network traffic. In this paper, a rational approach is brought for the live detection of the botmaster in the internal network. The victim machine monitors its packets and compromises the bots in the network and finds the traces to the botmaster. This approach works independent of the structure of the botnet, and will be a better option for online detection of the botmaster.
The Hacker Secret #2: The Dynamite of Next Generation (Y) Attack focus on client-side exploitation with Software bugs, latest windows vulnerabilities, etc...
Internet threats have increased manifold with the
arrival of botnets. Many organizations worldwide and the
social networks have been affected by botnets. Numerous
researches have been carried to understand the concept of
bots, C&C channels, botnet and botmasters. These botnets
have been able to update itself regularly which makes them
very difficult to be detected. The purpose of this paper is to
understand the of behavior of botnets and its affect on the
virtual world. The paper has also analyzed the types of
botnets, lifecycle and elements of botnets.
“Design and Detection of Mobile Botnet Attacks”iosrjce
A mobile botnet is a type of bot that runs automatically when installed on a mobile phone, which
does not have any anti-malware. The botnet gains complete access over our mobile device. The common
propagation medium for smartphone based botnet attacks are SMS, Bluetooth and Wi-Fi. In our project, we will
demonstrate a SMS-cum-Wi-Fi based mobile botnet using a centralized C&C server. The botmaster initiates
commands to C&C server and the C&C propagates to infected smartphones i.e. bots. We will try to develop a
network which cannot be detected easily and propagates fast. The target of the propagation will be Android
Operating System. For detection, an application is created to detect whether smartphone is working as bot or
not. In this, we guide user about possible botnet attacks.
Botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical targets, malware dissemination, phishing, and click fraud. The defining characteristic of botnets is the use of command and control channels through which they can be updated and directed. Recently, botnet detection has been an interesting research topic related to cyber-threat and cyber-crime prevention. This paper is a survey of botnet and botnet detection. The survey clarifies botnet phenomenon and discusses botnet detection techniques. This survey classifies botnet detection techniques into four classes: signature-based, anomaly-based, DNS-based, and mining-base.
The Conficker worm is notable because of its strong infection ability and sophisticated malware techniques. Learn what Conficker is and more related info here.
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24
Our expert panel share their predictions for the vulnerabilities to watch out for in 2021 and explain how machine learning can be used effectively in these unpredictive times to get you ready for the security challenges ahead.
Similar to Malware threats in our cyber infrastructure (20)
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
1. Malware Threats in our
Cyber Infrastructure
13th April 2013
Hotel Royal Ambarukmo Yogyakarta
Yogyakarta, Indonesia
Charles Lim, Msc., ECSA, ECSP, ECIH, CEH, CEI
2. AGENDA
About me
Malware History
Malware Current Attack
Malware Profiles
Botnet
Botnet Takedown
Summary
Faculty of Engineering and IT 2
3. Malware History
What is Malware?
Stand for Malicious Software
Early Days
Viruses or Trojan
Today
Viruses, worms, backdoors, Trojans, keyloggers,
password stealers, script viruses, rootkits, macro
viruses, spyware or even adware.
Faculty of Engineering and IT 3
4. Malware History
1970’s
Experimental replicating program (Creeper &Reaper)
Faculty of Engineering and IT 4
5. Malware History
Early 1980’s
From thesis to real virus …
Faculty of Engineering and IT 5
6. Malware History
Late 1980’s
From Apple II virus to First Internet Worm …
Faculty of Engineering and IT 6
7. Malware History
Early 1990’s
Polymorphic Viruses to First Macro viruses
Faculty of Engineering and IT 7
8. Malware History
Late 1990’s
DOS 16-bit viruses to Melissa Worm …
Faculty of Engineering and IT 8
9. Malware History
Early 2000’s
I LOVE YOU virus to MyDOOM (fastest spreading
worm)
Faculty of Engineering and IT 9
10. Malware History
Late 2000’s
First ever Mac OS X malware to rogue AV to
conficker worm
Faculty of Engineering and IT 10
11. Malware History
2010 – now
Stuxnet to Banking Trojan to Android Malware
Faculty of Engineering and IT 11
12. Malware History
From 2004 till now …
From Symbian based malware to Android Malware
Faculty of Engineering and IT 12
13. Recent Malware Attack
South Korean TV Broadcaster and Banks
attack
Faculty of Engineering and IT 13
15. Recent Malware Attack
Attack started on 20 March 2013 at 2:20 pm
Three broadcaster KBS, MBC and YTN hit
Three banks (제주은행) Jeju, (농협생명) Nonghyup
(Bank and Insurance) and (신한은행) Shinhan hit
knocked offline after PCs were infected by data-
deleting malware (from server update in the network)
Faculty of Engineering and IT 15
16. Recent Malware Attack
Check for existing remote
management tools
Faculty of Engineering and IT 16
17. Recent Malware Attack
Target:
To corrupt the Master Boot
Record (MBR) as well as
the Volume Boot Record
(VMR)
Kills 2 popular anti virus
software
Reboot system
unusable
Faculty of Engineering and IT 17
18. Recent Malware Attack
Target:
To corrupt the Master Boot
Record (MBR) as well as
the Volume Boot Record
(VMR)
Check time
Kills 2 popular anti virus
software
Reboot system
unusable
Faculty of Engineering and IT 18
20. Recent Malware Attack
According to Mcafee (refer to reference), the
malware samples used the existing malware
found in August and October 2012 in the wild
as a template to develop new malware
It has a new capability:
MBR-killing
2 Popular Anti Virus-killing
NEW sample OLD sample
Faculty of Engineering and IT 20
22. Botnet – What is it?
What is Botnet?
Faculty of Engineering and IT 22
23. Botnet – What is it?
What is Botnet?
Faculty of Engineering and IT 23
24. Botnet – What is it?
What is Botnet?
Faculty of Engineering and IT 24
25. Botnet – Stats
What is Botnet?
Source: 2013 GLOBAL THREAT INTELLIGENCE REPORT (GTIR)
Faculty of Engineering and IT 25
26. Botnet – Underground
Botnet Underground
Source: http://goo.gl/Vq30r
Faculty of Engineering and IT 26
27. Botnet – Underground
Botnet Underground
Source: FireEye on Botnet Grum
Faculty of Engineering and IT 27
28. Botnet Evolution
• Centralized C & C Server
1st • IRC-based communication
• P2P C & C Server
2nd • IRC C & C server
• HTTP-based C & C
3rd • P2P C & C Server
• Encrypted communication
4th • P2P C & C
Faculty of Engineering and IT 28
29. Botnet C&C Evolution
Two most common method of C&C:
Central control C&C
P2P Network
Central C&C Server
Faculty of Engineering and IT
30. Botnet C&C Evolution (cont.)
P2P network
E.g. Kelihos Botnet
Faculty of Engineering and IT
38. Botnet – Some stats
Faculty of Engineering and IT 38
39. Third Larget Botnet Takedown
Code name: Grum Botnet
Impact Size: 18% SPAM volumes (18
billion SPAM a day)
C & C: Panama & Netherland
Takedown: Tuesday, 12 July 2012
Alive again: Thursday, 14 July 2012
(C&C: Russia)
Difficulty of takedown: 2 (1 to 5)
Faculty of Engineering and IT
40. Grum Botnet Characteristics
C&C Servers:
Primary C&C for configuration files and initial
registration
Secondary C&C for spam related activities
Hard-coded IP Addresses (instead of domain
names)
Infected machines segmented into different
C&C
No fall back mechanism if Primary and
Secondary C&C down
Faculty of Engineering and IT
44. Grum Botnet (cont.)
IP address Type Geo Location Status (as of
July 6 2012)
190.123.46.91 Master PANAMA Active
190.123.46.92 Master PANAMA Suspended or
abandoned
91.239.24.251 Master RUSSIAN Active
FEDERATION
94.102.51.226 Secondary NETHERLANDS Active
94.102.51.227 Secondary NETHERLANDS Active
94.102.51.228 Secondary NETHERLANDS Suspended or
abandoned
94.102.51.229 Secondary NETHERLANDS Suspended or
abandoned
94.102.51.230 Secondary NETHERLANDS Suspended or
abandoned
Faculty of Engineering and IT
45. Grum Botnet - Lesson Learned
Strong Points:
C&C Servers are located at the countries where government
are reluctant to care for abuse notification historically
Servers are scattered across multiple data centers
Botnet divided into segments (Bad part: unless all C&C dead,
botnet is still alive)
Weak Points:
No Fallback mechanism C&C dead, no connection
possible
Handful of hard-coded IP addresses
Data centers easily identified (easy to deal with)
Small segments, easily dead for some segments
Faculty of Engineering and IT
46. Grum Botnet - Lesson Learned
Summarized Strategy to takedown
botnet
Research which C&C Architecture they are using
Intelligence on real-time traffic
Takedown Methodology
24/7 Surveillance
Actual Takedown
Surprise will com – be prepared
Post takedown activities
Faculty of Engineering and IT
47. Bamital – Botnet Takedown
Method: Click Fraud
Faculty of Engineering and IT
48. Bamital – Botnet Takedown
User search Pornographic web site
Then users are directed to these web
site:
Downloaded Bamital Trojan
Faculty of Engineering and IT
49. Bamital – Botnet Takedown
These “random” web sites (pseudo-
random generated) that serve the exploit
packs:
Faculty of Engineering and IT
50. Summary
We have seen how malware evolved with
more and more advanced and sophisticated
methods
The Tasks are very challenging …
Research in Malware is in huge demand …
We need to work together …
Faculty of Engineering and IT
51. Other Security Events
13-15 May 2013 ACAD-CSIRT in Bali
19-20 June 2013 Honeynet Indonesia
Chapter Workshop 2013, Jakarta
18 Sept 2013 Cloud Security Alliance
Summit, Jakarta
Faculty of Engineering and IT
52. References
http://blogs.mcafee.com/mcafee-labs/an-
overview-of-messaging-botnets
http://www.fireeye.com/blog/technical/botnet-
activities-research/2012/07/grum-botnet-no-
longer-safe-havens.html
http://voices.washingtonpost.com/securityfix/pu
shdo.htm
http://voices.washingtonpost.com/securityfix/200
9/06/ftc_sues_shuts_down_n_calif_we.html
http://blog.gdatasoftware.com/blog/article/botnet
-command-server-hidden-in-tor.html
http://www.securelist.com/en/blog/208193438/FA
Q_Disabling_the_new_Hlux_Kelihos_Botnet
https://www.brighttalk.com/webcast/7451/53071
Faculty of Engineering and IT
53. References
http://www.tripwire.com/state-of-security/it-
security-data-protection/cyber-security/south-
korean-attack-malware-analysis/
http://download.bitdefender.com/resources/fil
es/Main/file/Malware_History.pdf
http://blogs.mcafee.com/mcafee-labs/south-
korean-banks-media-companies-targeted-by-
destructive-malware
Faculty of Engineering and IT
54. References
http://www.sophos.com/en-us/threat-
center/threat-monitoring/malware-
dashboard.aspx
http://www.mcafee.com/us/mcafee-
labs/threat-intelligence.aspx
http://www.virusradar.com/
Faculty of Engineering and IT