29-05-2013, 03:44 PM
Botnet
Botnet[.ppt (Size: 417.5 KB / Downloads: 26)
How Botnets Work
Elements of a botnet
Botmaster
A collection of compromised computers
Controlled remotely by crackers.
Command and control infrastructure.
IRC remains the most popular botnet control method.
Botmaster exploits the vulnerability on the victim.
The victim downloads the actual bot binary.
Bot contact the IRC server address in the executable, including resolving the DNS name.
The bot joins an IRC channel.
The botmaster sends out commands via IRC channel.
The Threats from Botnets
Types of attack
DDoS attacks.
Spam.
Clickfraud.
Spreading new malware.
Cracking.
Manipulating online polls
Botnet Detection
IRC botnet
IRC port, may be on non-standard port
Monitor IRC payload for known command
Behavioral characteristics
Response
Constant response time, fast join
Long standing connection
Bots are not talkative
Machine learning techniques
Using labeled data to build classifier.
Track the botnet by honeypot
Use honeypot to get infected