botnets
play

Botnets A collection of compromised machines Under control of a - PowerPoint PPT Presentation

Mar 11, 2023 •587 likes •753 views

Botnets A collection of compromised machines Under control of a single person Organized using distributed system techniques Used to perform various forms of attacks Usually those requiring lots of power Lecture 12 Page 1 CS

  1. Botnets • A collection of compromised machines • Under control of a single person • Organized using distributed system techniques • Used to perform various forms of attacks – Usually those requiring lots of power Lecture 12 Page 1 CS 236 Online

  2. What Are Botnets Used For? • Spam (90% of all email is spam) • Distributed denial of service attacks • Hosting of pirated content • Hosting of phishing sites • Harvesting of valuable data – From the infected machines • Much of their time spent on spreading Lecture 12 Page 2 CS 236 Online

  3. Botnet Software • Each bot runs some special software – Often built from a toolkit • Used to control that machine • Generally allows downloading of new attack code – And upgrades of control software • Incorporates some communication method – To deliver commands to the bots Lecture 12 Page 3 CS 236 Online

  4. Botnet Communications • Originally very unsophisticated – All bots connected to an IRC channel – Commands issued into the channel • Most sophisticated ones use peer technologies – Similar to some file sharing systems – Peers, superpeers, resiliency mechanisms – Conficker’s botnet uses peer techniques • Stronger botnet security becoming common – Passwords and encryption of traffic Lecture 12 Page 4 CS 236 Online

  5. Botnet Spreading • Originally via worms and direct break-in attempts • Then through phishing and Trojan Horses – Increasing trend to rely on user mistakes • Conficker uses multiple vectors – Buffer overflow, through peer networks, password guessing • Regardless of details, almost always automated Lecture 12 Page 5 CS 236 Online

  6. Characterizing Botnets • Most commonly based on size – Estimates for Conficker over 5 million – Zeus-based botnets got 3.6 million machines in US alone – Trend Micro estimates 100 million machines are members of botnets • Controlling software also important • Other characteristics less examined Lecture 12 Page 6 CS 236 Online

  7. Why Are Botnets Hard to Handle? • Scale • Anonymity • Legal and international issues • Fundamentally, if a node is known to be a bot, what then? – How are we to handle huge numbers of infected nodes? Lecture 12 Page 7 CS 236 Online

  8. Approaches to Handling Botnets • Clean up the nodes – Can’t force people to do it • Interfere with botnet operations – Difficult and possibly illegal – But some recent successes • Shun bot nodes – But much of their activity is legitimate – And no good techniques for doing so Lecture 12 Page 8 CS 236 Online

  9. Spyware • Software installed on a computer that is meant to gather information • On activities of computer’s owner • Reported back to owner of spyware • Probably violating privacy of the machine’s owner • Stealthy behavior critical for spyware • Usually designed to be hard to remove Lecture 12 Page 9 CS 236 Online

  10. What Is Done With Spyware? • Gathering of sensitive data – Passwords, credit card numbers, etc. • Observations of normal user activities – Allowing targeted advertising – And possibly more nefarious activities Lecture 12 Page 10 CS 236 Online

  11. Where Does Spyware Come From? • Usually installed by computer owner – Generally unintentionally – Certainly without knowledge of the full impact – Via vulnerability or deception • Can be part of payload of worms – Or installed on botnet nodes Lecture 12 Page 11 CS 236 Online

  12. Malware Components • Malware is becoming sufficiently sophisticated that it has generic components • Two examples: – Droppers – Rootkits Lecture 12 Page 12 CS 236 Online

  13. Droppers • Very simple piece of code • Runs on new victim’s machine • Fetches more complex piece of malware from somewhere else • Can fetch many different payloads • Small, simple, hard to detect Lecture 12 Page 13 CS 236 Online

  14. Rootkits • Software designed to maintain illicit access to a computer • Installed after attacker has gained very privileged access on the system • Goal is to ensure continued privileged access – By hiding presence of malware – By defending against removal Lecture 12 Page 14 CS 236 Online

  15. Use of Rootkits • Often installed by worms or viruses – E.g., the Pandex botnet – But Sony installed rootkits on people’s machines via music CDs • Generally replaces system components with compromised versions – OS components – Libraries – Drivers Lecture 12 Page 15 CS 236 Online

  16. Ongoing Rootkit Behavior • Generally offer trapdoors to their owners • Usually try hard to conceal themselves – And their other nefarious activities – Conceal files, registry entries, network connections, etc. • Also try to make it hard to remove them • Sometimes removes others’ rootkits – Another trick of the Pandex botnet Lecture 12 Page 16 CS 236 Online

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

BotNets BotNets- Cybe Cyber T r Torrirism orrirism Ba Batt ttling ling th the t e thr

BotNets BotNets- Cybe Cyber T r Torrirism orrirism Ba Batt ttling ling th the t e thr

BotNets BotNets- Cybe Cyber T r Torrirism orrirism Ba Batt ttling ling th the t e thr hrea eats ts of inte of intern rnet et Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets?

722 views • 35 slides
Botnets CS 598: Advanced Internet Presented by: Imranul Hoque How to Study Botnets? Passive

Botnets CS 598: Advanced Internet Presented by: Imranul Hoque How to Study Botnets? Passive

Botnets CS 598: Advanced Internet Presented by: Imranul Hoque How to Study Botnets? Passive analysis Study spam e-mail, DNS queries by bot-infected machines, DNS blacklists, analyze network traffic, etc. Infiltration Todays

686 views • 15 slides
NECST laboratory BOTNETS FUNDING ETC. . @syssecproject SysSec Project:

NECST laboratory BOTNETS FUNDING ETC. . @syssecproject SysSec Project:

PHOENIX & CERBERUS We haz botnets! #Honeynet2014 Stefano Schiavoni, Edoardo Colombo Federico Maggi Lorenzo Cavallaro Stefano Zanero Politecnico Di Milano & Royal Hollway, University of London NECST laboratory BOTNETS FUNDING ETC.

1.28k views • 107 slides
BOTNETS GRAD SEC NOV 21 2017 TODAYS PAPERS BOTNETS Collection of compromised machines

BOTNETS GRAD SEC NOV 21 2017 TODAYS PAPERS BOTNETS Collection of compromised machines

BOTNETS GRAD SEC NOV 21 2017 TODAYS PAPERS BOTNETS Collection of compromised machines (bots) under unified control of an attacker (botmaster) Method of compromise decoupled from method of control Launch a worm/virus, etc.:

790 views • 16 slides
Detecting Botnets with Temporal Persistence Jaideep Chandrashekar Frederic

Detecting Botnets with Temporal Persistence Jaideep Chandrashekar Frederic

Detecting Botnets with Temporal Persistence Jaideep Chandrashekar Frederic Giroire Nina Taft Eve Schooler Mascotte project I3S (CNRS, Univ. of Nice) Intel Labs INRIA Sophia Antipolis Botnets: Why care? Botnet

888 views • 46 slides
Botnets: a Growing Threat Increasing awareness, but there is a dearth of hard facts especially

Botnets: a Growing Threat Increasing awareness, but there is a dearth of hard facts especially

Studying Spamming Botnets Using BotLab Arvind Krishnamurthy Joint work with: John John, Alex Moshchuk, Steve Gribble University of Washington Botnets: a Growing Threat Increasing awareness, but there is a dearth of hard facts especially

291 views • 15 slides
Bot BotNets Nets- Cy Cyber ber To Torr rriris irism Battling Battling the the threats

Bot BotNets Nets- Cy Cyber ber To Torr rriris irism Battling Battling the the threats

Bot BotNets Nets- Cy Cyber ber To Torr rriris irism Battling Battling the the threats threats of of interne internet Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets? Because Bot

379 views • 27 slides
Botnets Secret Puppetry With Computers Balaji Prasad T.K ( bpt@email.arizona.edu ) Nupur

Botnets Secret Puppetry With Computers Balaji Prasad T.K ( bpt@email.arizona.edu ) Nupur

Botnets Secret Puppetry With Computers Balaji Prasad T.K ( bpt@email.arizona.edu ) Nupur Maheshwari ( nupurm@email.arizona.edu ) Department of Computer Science University of Arizona April 22, 2012 What are Botnets? 1 Technical Overview 2

895 views • 37 slides
Spamming Botnets: Signatures and Characteris5cs Xie et al.

Spamming Botnets: Signatures and Characteris5cs Xie et al.

Spamming Botnets: Signatures and Characteris5cs Xie et al. Presented by Kyle Mar5n <kyle.mar5n@knights.ucf.edu> The Problems Botnets The Problems

823 views • 36 slides
Botnets Some slides taken from David Choffnes, Northeastern

Botnets Some slides taken from David Choffnes, Northeastern

Botnets Some slides taken from David Choffnes, Northeastern https://www.justice.gov/usao-cdca/pr/justice-department- announces-court-authorized-efforts-map-and-disrupt-botnet- used-north

707 views • 32 slides
Effective features for detecting Effective features for detecting IRC botnets IRC botnets

Effective features for detecting Effective features for detecting IRC botnets IRC botnets

Effective features for detecting Effective features for detecting IRC botnets IRC botnets Claudio Mazzariello, Carlo Sansone Carlo Sansone Claudio Mazzariello, Dipartimento di Informatica e Sistemistica Dipartimento di Informatica e

614 views • 19 slides
Malware: Viruses, Worms, Rootkits, Botnets Spring 2015

Malware: Viruses, Worms, Rootkits, Botnets Spring 2015

CSE 484 / CSE M 584: Computer Security and Privacy Malware: Viruses, Worms, Rootkits, Botnets Spring 2015 Franziska (Franzi) Roesner

403 views • 37 slides
AN INSIDE LOOK AT Rationale BOTNETS Codebase Analysis (Agobot, SDBot, SpyBot, GT Bot)

AN INSIDE LOOK AT Rationale BOTNETS Codebase Analysis (Agobot, SDBot, SpyBot, GT Bot)

Table of Contents AN INSIDE LOOK AT Rationale BOTNETS Codebase Analysis (Agobot, SDBot, SpyBot, GT Bot) Architecture Paul Barford and Vinod Yagneswaran Remote Control Mechanisms Host Control Propagation Exploits and

158 views • 4 slides
Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson &

Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson &

Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ April 16,

445 views • 19 slides
Presentation: Scalable Detection of Botnets Based on DGA Presentation June 2019 DOI:

Presentation: Scalable Detection of Botnets Based on DGA Presentation June 2019 DOI:

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/333652427 Presentation: Scalable Detection of Botnets Based on DGA Presentation June 2019 DOI: 10.13140/RG.2.2.24134.32322 CITATIONS

561 views • 20 slides
A Practical Approach for Taking Down Avalanche Botnets Under Real-World Constraints Victor Le

A Practical Approach for Taking Down Avalanche Botnets Under Real-World Constraints Victor Le

A Practical Approach for Taking Down Avalanche Botnets Under Real-World Constraints Victor Le Pochat , Tim Van hamme, Sourena Maroofi, Tom Van Goethem, Davy Preuveneers, Andrzej Duda, Wouter Joosen, Maciej Korczyski NDSS 2020, 25 February 2020

244 views • 23 slides
CS136 Fall 2012 - Tutorial 1 CS136 Tutors cs136@student.cs.uwaterloo.ca September 14, 2012

CS136 Fall 2012 - Tutorial 1 CS136 Tutors cs136@student.cs.uwaterloo.ca September 14, 2012

CS136 Fall 2012 - Tutorial 1 CS136 Tutors cs136@student.cs.uwaterloo.ca September 14, 2012 CS136 Tutorscs136@student.cs.uwaterloo.ca CS136 Fall 2012 - Tutorial 1 RunC Environment We will use gedit under Ubuntu for both C and Racket coding.

502 views • 14 slides
BotMagnifier : Locating Spambots on the Internet Gianluca Stringhini Thorsten Holz Brett

BotMagnifier : Locating Spambots on the Internet Gianluca Stringhini Thorsten Holz Brett

BotMagnifier : Locating Spambots on the Internet Gianluca Stringhini Thorsten Holz Brett Stone-Gross Christopher Kruegel Giovanni Vigna USENIX Security Symposium August 12, 2011 Spam is a big problem Spam is sneaky Spam is sneaky Tracking

550 views • 32 slides
Information Hiding in Email Services Based on Confused Document Encrypting Schemes Wei-Shyun Pan

Information Hiding in Email Services Based on Confused Document Encrypting Schemes Wei-Shyun Pan

Information Hiding in Email Services Based on Confused Document Encrypting Schemes Wei-Shyun Pan Quincy Wu Graduate Institute of Communication Graduate Institute of Communication Engineering Engineering National Chi Nan University, Nantou

297 views • 4 slides
Advanced MPI Programming Latest slides and code examples are available

Advanced MPI Programming Latest slides and code examples are available

Advanced MPI Programming Latest slides and code examples are available at www.mcs.anl.gov/~thakur/sc13-mpi-tutorial Pavan Balaji James Dinan Argonne Na*onal Laboratory

2.33k views • 185 slides
Network Security: Botnet Seungwon Shin GSIS, KAIST many slides from Dr. Yan Chen Definition Bot

Network Security: Botnet Seungwon Shin GSIS, KAIST many slides from Dr. Yan Chen Definition Bot

Network Security: Botnet Seungwon Shin GSIS, KAIST many slides from Dr. Yan Chen Definition Bot a software application that runs automated tasks over the Internet Botnet a collection of Internet-connected programs communicating with other

659 views • 39 slides
CS 3700 Networks and Distributed Systems Logistics (a.k.a. The boring slides) Revised

CS 3700 Networks and Distributed Systems Logistics (a.k.a. The boring slides) Revised

CS 3700 Networks and Distributed Systems Logistics (a.k.a. The boring slides) Revised 1/5/2020 Hello! 2 Welcome to CS 3700 Are you in the right classroom? Okay, good. Who am I? Professor Alden Jackson

861 views • 29 slides
An Intelligent Discussion-Bot for Guiding Student Interactions in Threaded Discussions Jihie Kim

An Intelligent Discussion-Bot for Guiding Student Interactions in Threaded Discussions Jihie Kim

An Intelligent Discussion-Bot for Guiding Student Interactions in Threaded Discussions Jihie Kim Erin Shaw ? Grace Chern Donghui Feng University of Southern California Information Sciences Institute PedDiscourse Kim et al. Outline

319 views • 19 slides
Pr Probability obability an and d Ti Time: e: Hi Hidden dden Mark arkov ov Mod odels

Pr Probability obability an and d Ti Time: e: Hi Hidden dden Mark arkov ov Mod odels

Pr Probability obability an and d Ti Time: e: Hi Hidden dden Mark arkov ov Mod odels els (H (HMMs) MMs) Co Computer ter Sc Science ce cpsc3 c322, 22, Lectur ture e 32 (Te Text xtbo book ok Chpt 6.5.2) .2) April, l, 7,

355 views • 22 slides

More recommend