SlideShare a Scribd company logo

Botnets

Download as PPTX, PDF
Kavisha Miyan
Kavisha Miyan

Botnets

Technology
1 of 29
BotNets Presented by: Kavisha B.Tech.(I.T.)-V semester Banasthali University, Rajasthan
Outline What are Botnets?  Botnet Terminology  Botnet Life-cycle  Types of attacks  Botnets in Network Security Botnet Detection  Preventing Botnet Infection  Conclusion  References
What are Botnets? A Botnet is a network of compromised computers called Zombie Computers or Bots, under the control of a remote attacker.  Bots began as a useful tool. They were originally developed as a virtual individual that could sit on a IRC channel & monitor network traffic.  They are significant contributors to the malicious & criminal activities on the Internet today and far importantly an underground network whose size & scope is not fully known.
Botnet Terminology  Bot Herder(Bot Master)  Bots  IRC Server  Command & Control Server (C&C)
 Bot Herder  Bot herders(aka Bot Masters)are the hackers who use automated techniques to scan specific network ranges and find vulnerable systems, on which they can install their bot program.  To create an army of Zombies over internet, attacker typically infect machines of home users, network maintained by universities or small enterprises, etc.
Bot Master
 Bots  Bots (also called Zombie Computers)are the computers that contribute to the botnet network.  They run using a hidden channel to communicate to their C&C server.  They can auto scan their environments and propagate themselves taking advantage of vulnerabilities &weak passwords.
Bots(contd.)  Generally the more vulnerabilities a bot can scan, the more valuable it becomes to the botnet controller community. The process of stealing computing resources as a result of a system being joined to a botnet is called Scrumping.  Gammima (gaming password stealer), Conficker (fake antivirus) and Zeus (information stealer), are among what are believed to be the largest botnets, according to security firm Damballa.
 IRC Server  Internet Relay Chat (IRC) is a form of real-time Internet text messaging (chat).  The server listens to connections from IRC clients enabling people to talk to each other via the Internet.  Most IRC servers do not require users to register an account but a user will have to set a nickname before being connected.  Most IRC networks lack any strong authentication, and a number of tools to provide anonymity on IRC networks are available.  IRC provides a simple, low-latency, widely available, and anonymous command and control channel for botnet communication.
 Command & Control Server  C&C infrastructure allows a bot agent to receive new instructions, malicious capabilities, update existing infections or to instruct the infected computer to carry out specific task as dictated by the remote controller.  The criminal actively controlling botnets must ensure that their C&C infrastructure is sufficiently robust to manage tens-of-thousands of globally scattered bots as well as resist attempts to hijack or shutdown the botnet.
IRC Server IRC Channel Bot Master IRC Channel C&C Traffic Attack Victim Bots
Botnet Life-cycle
Botnet Life-cycle (contd.)
Botnet Life-cycle (contd.)
Botnet Life-cycle (contd.)
Types of attacks  Distributed Denial of Service (DDoS) attacks  Sending Spams  Phishing (fake websites)  Adware  Spyware (keylogging, information harvesting)  Click Fraud
Botnets In Network Security  Internet users are getting infected by bots.  Many times corporate and end users are trapped in botnet attacks.  Today 16-25% of the computers connected to the internet are members of a botnet.  According to Damballa’s Technical report, 83.1% of global spam in March,2011 was sent by Botnets.  Computer security experts estimate that most Spam is sent by home computers that are controlled remotely & millions of these computers are part of Botnets.
Contd.  2010 was a big year for internet crimes with botnets & targeted attacks becoming headlines on almost weekly basis. Botnets such as Mariposa, Confiker, Koobface have become household names.  The public disclosure of electronic attacks on international organizations such as Google, Adobe & many others referred to as “Operation Aurora” revealed that sophisticated & advanced malware are now every day inclusions of the criminal toolkits.
Most Wanted Botnets  Zeus- Compromised U.S. 3.6 million computers.  Koobface- Compromised U.S. 2.9 million computers.  TidServ- Compromised U.S. 1.5 million computers.  Trojan.Fakeavalert- Compromised U.S. 1.4 million computers.  TR/Dldr.Agent.JKH- Compromised U.S. 1.2 million computers.
Botnet Detection The two approaches for botnet detection are based on::  Setting up honeynets  Passive traffic monitoring  Signature based  Anomaly based  DNS based
Botnet Detection: Honeynets Honeynets Windows Honeypot A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of Information Systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.
Contd.  Once an intruder breaks into the victim host, the machine or a network administrator can examine the intrusion methods used by the intruder.  Two or more honeypots on a network form a Honeynet.  One practical application of this is the Spamtrap - a honeypot that controls spam by masquerading as a type of system abused by spammers.
Advantages  With the help of honeynets we are able to learn some key information (e.g. IP address of the server or nickname of the bot) that enable us to observe botnets. We can extract the sensitive information about bots in a semi-automated fashion with the help of a classical Honeywall.  We are able to monitor the typical commands issued by attackers and sometimes we can even capture their communication. This helps us in learning more about the motives of attackers and their tactics.
Botnet Detection: Traffic Monitoring  It helps us to understand what’s there on the network.  Signature based: Detection of known botnets.  Anomaly based: One study found that bots on IRC were idle most of the time and would respond faster than a human upon receiving a command.  Detect botnet using following anomalies-  High network latency  High volume of traffic  Unusual system behaviour  Vulnerable systems  DNS based: Analysis of DNS traffic generated by botnets.
Botnet Detection up Honeynets Bot Sensor Malicious Traffic Authorize Inform bot’s IP Bot Master Admin
Preventing Botnet Infections  Use a Firewall  Patch regularly and promptly  Use Antivirus (AV) software  Use Anti-Bots  Deploy an Intrusion Detection System (IDS)  Deploy an Intrusion Prevention System (IPS)
Conclusion Botnets pose a significant and growing threat against cyber security. Even if we use well known techniques, botnets continue to dominate the cyber threat landscape. As network security has become integral part of our life, botnets have become the most serious threat to it. Staying ahead of threat will require advanced knowledge of building out new anti bot campaigns. It is very important to detect botnet attack and find the solution for it.
References  Adam J. Aviv, Andreas Haeberlen. Challenges in Experimenting with Botnet Detection Systems.2011.  March 2011 Intelligence Report. Symantec. Cloud.  Paul Bacher, Thorsten Holz, Markus Kotter, Georg Wicherski. Know your Enemy: Tracking Botnets. Technical Report, The Honeynet Project. Aug 2008.
Botnets

Recommended

Botnet
Botnet Botnet
Botnet PriyanKa Harjai
 
Botnets
BotnetsBotnets
BotnetsVishwadeep Badgujar
 
BOTNET
BOTNETBOTNET
BOTNETArjo Ghosh
 
Botnet Detection Techniques
Botnet Detection TechniquesBotnet Detection Techniques
Botnet Detection TechniquesTeam Firefly
 
Botnets 101
Botnets 101Botnets 101
Botnets 101Aung Thu Rha Hein
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancen|u - The Open Security Community
 

Recommended

Botnet
Botnet Botnet
Botnet PriyanKa Harjai
 
Botnets
BotnetsBotnets
BotnetsVishwadeep Badgujar
 
BOTNET
BOTNETBOTNET
BOTNETArjo Ghosh
 
Botnet Detection Techniques
Botnet Detection TechniquesBotnet Detection Techniques
Botnet Detection TechniquesTeam Firefly
 
Botnets 101
Botnets 101Botnets 101
Botnets 101Aung Thu Rha Hein
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancen|u - The Open Security Community
 
introduction to Botnet
introduction to Botnetintroduction to Botnet
introduction to Botnetyogendra singh chahar
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection toolsvishalgohel12195
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite StarterFadi Abdulwahab
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Botnet Detection in Online-social Network
Botnet Detection in Online-social NetworkBotnet Detection in Online-social Network
Botnet Detection in Online-social NetworkRubal Sagwal
 
Web Hacking
Web HackingWeb Hacking
Web HackingInformation Technology
 
Malware
MalwareMalware
MalwareTuhin_Das
 
Computer Worms
Computer WormsComputer Worms
Computer Wormssadique_ghitm
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksJignesh Patel
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Wail Hassan
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
Botnet
BotnetBotnet
BotnetJoshin Gomez
 
Botnet
BotnetBotnet
Botnetprisonbreak4950
 

More Related Content

What's hot

Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection toolsvishalgohel12195
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Botnet Detection in Online-social Network
Botnet Detection in Online-social NetworkBotnet Detection in Online-social Network
Botnet Detection in Online-social NetworkRubal Sagwal
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Wail Hassan
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 

What's hot (20)

introduction to Botnet
introduction to Botnetintroduction to Botnet
introduction to Botnet
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection tools
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite Starter
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
Port scanning
Port scanningPort scanning
Port scanning
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Botnet Detection in Online-social Network
Botnet Detection in Online-social NetworkBotnet Detection in Online-social Network
Botnet Detection in Online-social Network
 
Web Hacking
Web HackingWeb Hacking
Web Hacking
 
Malware
MalwareMalware
Malware
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 

Similar to Botnets

All you know about Botnet
All you know about BotnetAll you know about Botnet
All you know about BotnetNaveen Titare
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Aniq Eastrarulkhair
 
A review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsA review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsAlexander Decker
 
Botnets And Alife
Botnets And AlifeBotnets And Alife
Botnets And AlifeZotronix
 
Tracing Back The Botmaster
Tracing Back The BotmasterTracing Back The Botmaster
Tracing Back The BotmasterIJERA Editor
 
A Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior AnalysisA Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior Analysisidescitation
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Securitysumit saurav
 
20210717-AntiBotnets-FundamentalInfoSec.pptx
20210717-AntiBotnets-FundamentalInfoSec.pptx20210717-AntiBotnets-FundamentalInfoSec.pptx
20210717-AntiBotnets-FundamentalInfoSec.pptxSuman Garai
 
A short visit to the bot zoo
A short visit to the bot zooA short visit to the bot zoo
A short visit to the bot zooUltraUploader
 
Guarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkGuarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkEditor IJCATR
 

Similar to Botnets (20)

Botnet
BotnetBotnet
Botnet
 
Botnet
BotnetBotnet
Botnet
 
All you know about Botnet
All you know about BotnetAll you know about Botnet
All you know about Botnet
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1
 
A review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsA review botnet detection and suppression in clouds
A review botnet detection and suppression in clouds
 
Botnet Architecture
Botnet ArchitectureBotnet Architecture
Botnet Architecture
 
Botnets And Alife
Botnets And AlifeBotnets And Alife
Botnets And Alife
 
BotNet Attacks
BotNet AttacksBotNet Attacks
BotNet Attacks
 
Tracing Back The Botmaster
Tracing Back The BotmasterTracing Back The Botmaster
Tracing Back The Botmaster
 
Botnets
BotnetsBotnets
Botnets
 
BOTNETS
BOTNETSBOTNETS
BOTNETS
 
Bots and Botnet
Bots and BotnetBots and Botnet
Bots and Botnet
 
Botnet
BotnetBotnet
Botnet
 
A Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior AnalysisA Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior Analysis
 
Cybersecurity -Terms.
Cybersecurity -Terms.Cybersecurity -Terms.
Cybersecurity -Terms.
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Security
 
20210717-AntiBotnets-FundamentalInfoSec.pptx
20210717-AntiBotnets-FundamentalInfoSec.pptx20210717-AntiBotnets-FundamentalInfoSec.pptx
20210717-AntiBotnets-FundamentalInfoSec.pptx
 
A short visit to the bot zoo
A short visit to the bot zooA short visit to the bot zoo
A short visit to the bot zoo
 
Guarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkGuarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social Network
 
How To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot AttacksHow To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot Attacks
 

Recently uploaded

Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 

Recently uploaded (20)

Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 

Botnets

  • 1. BotNets Presented by: Kavisha B.Tech.(I.T.)-V semester Banasthali University, Rajasthan
  • 2. Outline What are Botnets?  Botnet Terminology  Botnet Life-cycle  Types of attacks  Botnets in Network Security Botnet Detection  Preventing Botnet Infection  Conclusion  References
  • 3. What are Botnets? A Botnet is a network of compromised computers called Zombie Computers or Bots, under the control of a remote attacker.  Bots began as a useful tool. They were originally developed as a virtual individual that could sit on a IRC channel & monitor network traffic.  They are significant contributors to the malicious & criminal activities on the Internet today and far importantly an underground network whose size & scope is not fully known.
  • 4. Botnet Terminology  Bot Herder(Bot Master)  Bots  IRC Server  Command & Control Server (C&C)
  • 5.  Bot Herder  Bot herders(aka Bot Masters)are the hackers who use automated techniques to scan specific network ranges and find vulnerable systems, on which they can install their bot program.  To create an army of Zombies over internet, attacker typically infect machines of home users, network maintained by universities or small enterprises, etc.
  • 7.  Bots  Bots (also called Zombie Computers)are the computers that contribute to the botnet network.  They run using a hidden channel to communicate to their C&C server.  They can auto scan their environments and propagate themselves taking advantage of vulnerabilities &weak passwords.
  • 8. Bots(contd.)  Generally the more vulnerabilities a bot can scan, the more valuable it becomes to the botnet controller community. The process of stealing computing resources as a result of a system being joined to a botnet is called Scrumping.  Gammima (gaming password stealer), Conficker (fake antivirus) and Zeus (information stealer), are among what are believed to be the largest botnets, according to security firm Damballa.
  • 9.  IRC Server  Internet Relay Chat (IRC) is a form of real-time Internet text messaging (chat).  The server listens to connections from IRC clients enabling people to talk to each other via the Internet.  Most IRC servers do not require users to register an account but a user will have to set a nickname before being connected.  Most IRC networks lack any strong authentication, and a number of tools to provide anonymity on IRC networks are available.  IRC provides a simple, low-latency, widely available, and anonymous command and control channel for botnet communication.
  • 10.  Command & Control Server  C&C infrastructure allows a bot agent to receive new instructions, malicious capabilities, update existing infections or to instruct the infected computer to carry out specific task as dictated by the remote controller.  The criminal actively controlling botnets must ensure that their C&C infrastructure is sufficiently robust to manage tens-of-thousands of globally scattered bots as well as resist attempts to hijack or shutdown the botnet.
  • 11. IRC Server IRC Channel Bot Master IRC Channel C&C Traffic Attack Victim Bots
  • 16. Types of attacks  Distributed Denial of Service (DDoS) attacks  Sending Spams  Phishing (fake websites)  Adware  Spyware (keylogging, information harvesting)  Click Fraud
  • 17. Botnets In Network Security  Internet users are getting infected by bots.  Many times corporate and end users are trapped in botnet attacks.  Today 16-25% of the computers connected to the internet are members of a botnet.  According to Damballa’s Technical report, 83.1% of global spam in March,2011 was sent by Botnets.  Computer security experts estimate that most Spam is sent by home computers that are controlled remotely & millions of these computers are part of Botnets.
  • 18. Contd.  2010 was a big year for internet crimes with botnets & targeted attacks becoming headlines on almost weekly basis. Botnets such as Mariposa, Confiker, Koobface have become household names.  The public disclosure of electronic attacks on international organizations such as Google, Adobe & many others referred to as “Operation Aurora” revealed that sophisticated & advanced malware are now every day inclusions of the criminal toolkits.
  • 19. Most Wanted Botnets  Zeus- Compromised U.S. 3.6 million computers.  Koobface- Compromised U.S. 2.9 million computers.  TidServ- Compromised U.S. 1.5 million computers.  Trojan.Fakeavalert- Compromised U.S. 1.4 million computers.  TR/Dldr.Agent.JKH- Compromised U.S. 1.2 million computers.
  • 20. Botnet Detection The two approaches for botnet detection are based on::  Setting up honeynets  Passive traffic monitoring  Signature based  Anomaly based  DNS based
  • 21. Botnet Detection: Honeynets Honeynets Windows Honeypot A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of Information Systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.
  • 22. Contd.  Once an intruder breaks into the victim host, the machine or a network administrator can examine the intrusion methods used by the intruder.  Two or more honeypots on a network form a Honeynet.  One practical application of this is the Spamtrap - a honeypot that controls spam by masquerading as a type of system abused by spammers.
  • 23. Advantages  With the help of honeynets we are able to learn some key information (e.g. IP address of the server or nickname of the bot) that enable us to observe botnets. We can extract the sensitive information about bots in a semi-automated fashion with the help of a classical Honeywall.  We are able to monitor the typical commands issued by attackers and sometimes we can even capture their communication. This helps us in learning more about the motives of attackers and their tactics.
  • 24. Botnet Detection: Traffic Monitoring  It helps us to understand what’s there on the network.  Signature based: Detection of known botnets.  Anomaly based: One study found that bots on IRC were idle most of the time and would respond faster than a human upon receiving a command.  Detect botnet using following anomalies-  High network latency  High volume of traffic  Unusual system behaviour  Vulnerable systems  DNS based: Analysis of DNS traffic generated by botnets.
  • 25. Botnet Detection up Honeynets Bot Sensor Malicious Traffic Authorize Inform bot’s IP Bot Master Admin
  • 26. Preventing Botnet Infections  Use a Firewall  Patch regularly and promptly  Use Antivirus (AV) software  Use Anti-Bots  Deploy an Intrusion Detection System (IDS)  Deploy an Intrusion Prevention System (IPS)
  • 27. Conclusion Botnets pose a significant and growing threat against cyber security. Even if we use well known techniques, botnets continue to dominate the cyber threat landscape. As network security has become integral part of our life, botnets have become the most serious threat to it. Staying ahead of threat will require advanced knowledge of building out new anti bot campaigns. It is very important to detect botnet attack and find the solution for it.
  • 28. References  Adam J. Aviv, Andreas Haeberlen. Challenges in Experimenting with Botnet Detection Systems.2011.  March 2011 Intelligence Report. Symantec. Cloud.  Paul Bacher, Thorsten Holz, Markus Kotter, Georg Wicherski. Know your Enemy: Tracking Botnets. Technical Report, The Honeynet Project. Aug 2008.