Add to collection(s) Add to saved
  1. Science
  2. Health Science
  3. Immunology

Malware Botnet and DDoS Md. Safiqul Islam Internetworking

advertisement 
Malware
Botnet and DDoS
Md. Safiqul Islam
Internetworking
2007-2008
Malware
• A set of instructions or a software to enter
into a user computer without the users
permission.
• Spyware, botnet, DDos, Crimeware,
Badware, Trojans, Worms etc.
• It is not a bug or defect of a software
program.
• Often comes with adware, freeware or
music files , spam.
What it does ?
•
•
•
•
•
Change the system settings.
Installs unauthorized dialer.
Installs Keystroke logger.
Captures personal information.
Use the computer resources.
Botnet
•
•
•
•
•
A Botnet is a network of trojanized computers,reporting to
and commanded via a MasterServer.
Group of computers compromised without owners
permission.
Controlled and upgraded via IRC or P2P.
Operated under a single hacker
- Botmaster
Used as the platform for various Attacks :
‰ DdoS (Distributed Denial of Service) attacks,
‰ Social engineering and related e-mail spamming,
‰ Remote exploits, or via keyloggers and network traffic
sniffers.
Botmaster
•
Control botnet in three ways:
- Centralize:
Advantage :
-Most popular method.
- Support larger number
of bots
Disadvantage :
- Single point of failure
Select
-Peer to Peer
-Dont rely on single
server.
-Smaller group of bots.
-Random
-Not implemented in real
world.
Command &
Control server
Initialization
Botmaster
Zombie machines
Figure :Centralize Method
Creation of Botnet and send
spam Mail
Modern Bots
• Modern bots: Agobot (PhatBot, SDBot), GTBot.
• Agobots :
-20,000 lines of C/C++ code
-IRC-based command and control
-Capable of many DoS flooding types
How to Prevent
• Two Fold Protection
- From the “inside” to be immune to:
– Data exfiltration
- From the “outside” to be immune to:
– Intrusion
– DoS attacks
Protecting from bots inside
the corporate network
• Firewall rules should be appropriate.
– Break communication to the master server
– Default rule for both inbound and outbound
connections: Deny
– Allow important services for outbound connections
(e.g.:HTTP, SMTP, SSH)
– Enforce the use a HTTP proxy, so that port 80 is
closed for users.
– e.g. W32/Dumador.DH is a “full HTTP” bot
Protecting from bots inside the corporate
network (Cont’d)
– Sniffing outbound traffic on
the gateway for keywords
used in Bot/Master
communications:
•
•
•
•
.login
.scan
.status
.sysinfo
– Set up a DNS redirection
to an in-house honeypot for
blacklisted bot master
servers => unveil the
infected hosts
Distributed Denial of Service (DDoS)
• Build a botnet of zombies
– Multi-layer architecture: use some of the zombies as
“masters” to control.
• Command zombies to stage a coordinated attack on the
victim.
• Overwhelm victim with traffic arriving from thousands of
different sources
DDoS Architecture
Attacker
Master machines
Zombie machines
Victim
Some Advices
– Do not click on pop-up advertisements.
– Do not open e-mails from unfamiliar or
questionable sources.
– Do not propagate personal information,
such as Social Security number,
passwords, usernames
– Download software programs that come
from reputable sources.
– Install a good anti-virus product, with
lates updates.
Discussion and Question !!
Related documents
An Investigation and Implementation of Botnet Detection Schemes Speaker:Chiang Hong-Ren
An Investigation and Implementation of Botnet Detection Schemes Speaker:Chiang Hong-Ren
Jason and Abhishek`s presentation on botnets
Jason and Abhishek`s presentation on botnets
Defending: Taxonomy of Botnet Threats
Defending: Taxonomy of Botnet Threats
Presentation - Prof. Ravi Sandhu
Presentation - Prof. Ravi Sandhu
Active Botnet Probing to Identify Obscure Command and
Active Botnet Probing to Identify Obscure Command and
Botnet Research Survey Speaker: Hom-Jay Hom Date:2009/10/20 Zhaosheng Zhu.et al
Botnet Research Survey Speaker: Hom-Jay Hom Date:2009/10/20 Zhaosheng Zhu.et al
Botnet detection
Botnet detection
III. History of botnets
III. History of botnets
Measuring Botnet Populations
Measuring Botnet Populations
Motivation behind botnets
Motivation behind botnets
A Framework for P2P Botnets Speaker: Chi-Sheng Chen Date:2010/11/16
A Framework for P2P Botnets Speaker: Chi-Sheng Chen Date:2010/11/16
Botnet Abolish Using Honey pot Komal singh
Botnet Abolish Using Honey pot Komal singh
CAP6135: Malware and Software Vulnerability Analysis Botnets Cliff Zou
CAP6135: Malware and Software Vulnerability Analysis Botnets Cliff Zou
CAP6135: Malware and Software Vulnerability Analysis The Next Generation Peer-to-Peer Botnet Attacks
CAP6135: Malware and Software Vulnerability Analysis The Next Generation Peer-to-Peer Botnet Attacks
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242
AGENTS
AGENTS
Controlling Unreal Tournament 2004 Bots with the Logic-based Action Language G OLOG
Controlling Unreal Tournament 2004 Bots with the Logic-based Action Language G OLOG
A Taxonomy of Botnet Behavior, Detection, and Defense Speaker:Bo-Rong Sue
A Taxonomy of Botnet Behavior, Detection, and Defense Speaker:Bo-Rong Sue
International Journal of Application or Innovation in Engineering & Management... Web Site: www.ijaiem.org Email: , Volume 2, Issue 6, June 2013
International Journal of Application or Innovation in Engineering & Management... Web Site: www.ijaiem.org Email: , Volume 2, Issue 6, June 2013
Botnet Detection by Monitoring Group Activities in DNS Traffic Speaker:Chiang Hong-Ren
Botnet Detection by Monitoring Group Activities in DNS Traffic Speaker:Chiang Hong-Ren
Document13135839 13135839
Document13135839 13135839
ITU Botnet Mitigation Project: Background & Approach
ITU Botnet Mitigation Project: Background & Approach
Download
advertisement