Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Fear, Uncertainty and Doubt

1,080 views

Published on

Presentation given in collaboration with Laurent Schmid (electric-haze.org) at the Espace Jules Verne of the Maison D\'ailleurs, Yverdon, Switzerland.

  • Be the first to comment

  • Be the first to like this

Fear, Uncertainty and Doubt

  1. 1. FUD FEAR, UNCERTAINTY AND DOUBT Dark Designs Symposium Yverdon - October 14 2008
  2. 2. BOT • derived from the word "robot" • program that performs repetitive functions • infected computer controlled by another computer
  3. 3. BOTNET • a network of bots • commonly used to control or attack computer systems • controlled through an IRC channel. • also referred to as “zombies” or “drones”
  4. 4. USE OF BOTNETS • distributing spam • mounting DDoS attacks • sniffing network traffic • key logging • click fraud (Google AdWords)
  5. 5. IRC • Internet Relay Chat • created in 1988 • first bots : 1993 • client / server
  6. 6. HISTORY • 1999: SETI@home • screensaver program • prove the viability and practicality of the 'distributed grid computing' concept
  7. 7. SETI@home
  8. 8. February 2000 • first widely publicized botnet incident • floods CNN.com, Amazon.com, eBay... • 75 computers in 52 different networks
  9. 9. SubSeven Discovered: June 6, 1999 also known as: Backdoor.SubSeven (Kaspersky Lab), Backdoor.SubSeven22 (Symantec), BackDoor.SubSeven (Doctor Web), Troj/Sub7-1.7 (Sophos), Backdoor:Win32/SubSeven.A (RAV)...
  10. 10. SubSeven
  11. 11. SubSeven • server / client • control over IRC • monitor keystrokes • remote desktop application
  12. 12. SubSeven
  13. 13. SubSeven
  14. 14. SubSeven • october 2000 • 800 infected computers found • SexxxyMovie.mpeg.exe
  15. 15. GTbot • modified IRC client • coupled with the hackers own scripts • port scanning • DDoS attacks
  16. 16. DDoS • Distributed Denial of Service Attack • attacker causes a network of computers to “flood” a victim computer with large amounts of data or specific commands
  17. 17. GTbot
  18. 18. GTbot
  19. 19. DDoS
  20. 20. Agobot • most widely circulated virus in history • best-written source code • C++ base plugin framework • GPL license
  21. 21. Op.Cyberslam • October 2003 • Agobot used in DDoS attack • Botnet: 5000 to 15000 computers • FBI investigation
  22. 22. Op.Cyberslam
  23. 23. Op.Cyberslam
  24. 24. October 2005 • Discovery of a botnet counting 1.5 million compromised computers
  25. 25. January 2007 • The Storm Botnet is identified. • Estimate: from 600 million computers on the Internet, 150 million belong to a botnet (Vint Cerf).
  26. 26. STORM BOTNET • 1 million to 50 million computer systems • encrypted P2P control • more computing power than the world’s 500 top supercomputers
  27. 27. Russian Business Network
  28. 28. RBN • cybercrime organization • personal identity theft • bulletproof hosting • child pornography, phishing, spam, and malware distribution • physically based in St. Petersburg
  29. 29. Companies RBNet, TcS Network, RBNetwork, Nevcon Ltd. RBusinessNetwork, (Panama), iFrame Cash, Too coin Software Aki Mon Telecom, (UK), 4Stat, 76service, Eexhost, MalwareAlarm... Rusouvenirs Ltd.,
  30. 30. Malware Gozi, Grab, Haxdoor, Metaphisher, Mpack, Ordergun, Pinch, Rustock, Snatch, Torpig, URsnif... • viruses or worms • send data back to RBN servers
  31. 31. October 2007 • Storm Botnet reduces size • fallen to 160,000 systems • partitioning / smaller networks • 40-byte key encryption
  32. 32. November 2007 • RBN vanishes from the web • unusual bulk registries of thousands of Web addresses in China • servers move to Shangai/Taiwan
  33. 33. KRAKEN BOTNET • largest botnet as of april 08 • over 400’000 bots • also known as: Bobax, Oderoor, Cotmonger

×