SlideShare a Scribd company logo

BOTNET

Arjo Ghosh
Arjo Ghosh

A botnet or robot network is a group of computers running a computer application that only the owner or software source controls and manipulates.

Technology
1 of 37
Download to read offline
© AR AG AS
© AR AG AS
© AR AG AS
BOTNET BATTLE A single compromised computer can be a pain to deal with, but a collection of compromised computers can wreak havoc around the world. Leaving our computer vulnerable to attack makes us a danger, not just to ourselves but to everyone on the internet. How do botnets work? What’s the risk? How can we protect ourselves? © AR AG AS
WHAT IS A BOTNET? The term bot is short for robot. Criminals distribute malware turning our computer into a bot. Computers perform automated tasks over the internet without us knowing it. Criminals use bots to infect large number of computers. These computers form a network which is popularly called as botnet. © AR AG AS
RISKS OF BOTNET Criminals use botnets to Send out spam email messages. Spread viruses. Attack computers + servers. Commit other kinds of crime + fraud. If our computer becomes part of a botnet, then our computer might slow down and we might be helping cyber criminals indirectly. © AR AG AS
DEBUTS IN 2000 In the year 2000, a Canadian teenager launched a series of distributed denial-of-service attacks against several high-profile web sites. The teen targeted Yahoo, Dell, eBay, amazon and many others by flooding the sites with massive amounts of junk traffic until their servers crashed. © AR AG AS
BOTNETS CLASSIFICATION Botnets can be classified into two prime categories: Legal botnets Illegal botnets © AR AG AS
LEGAL BOTNETS The term botnet is widely used when several IRC bots have been linked and set channel modes on other bots and users while keeping IRC channels free from unwanted users. This is where the term is originally from, since the first illegal botnets were similar to legal botnets. A common bot used to set up botnets on IRC is eggdrop. © AR AG AS
ILLEGAL BOTNETS Botnets sometimes infect computers whose security defences have been violated and control granted to a third party. Each such infected device, known as a "bot", is created when a computer is penetrated by software from a malware distribution. The botmaster directs the activities of these infected computers through communication channels formed by IRC and HTTP. © AR AG AS
WHAT IS A BOT? A "bot" is a type of malware that allows an attacker to take control over an affected computer. Bots are usually part of a network of infected machines. Since a bot infected computer does the bidding of its master, many people refer to these victim machines as zombies. The cybercriminals that control these bots are called botmasters. © AR AG AS
BOT + EXPLOIT SELECTION Botnets typically begin when Botmaster downloads a bot program and exploit code. Bot programs such as AgoBot, IRCBot, etc are freely available on the internet. Exploits for Windows OS are generally selected. These exploits are attractive both due to large number of exploits available and the widespread adoption of Windows amongst business + residential users. © AR AG AS
CONTROL CHANNEL After selecting the bot + exploit combination, the Botmaster must now setup one or more control channels. The most common technique is to use public IRC servers to control the botnet. The Botmaster needs a control channel in order to issue commands to and receive feedback from the botnet. Control channels are frequently moved to avoid detection. © AR AG AS
INITIAL INFECTION The Botmaster must now begin to build the zombie army that will include the botnet. Using the chosen exploit, the Botmaster cracks and takes control over a handful of systems. © AR AG AS
C + C MECHANISM COMMAND AND CONTROL MECHANISM A collection of computers is useless without some control mechanism. The command and control constitutes the interface between the botnet and the botmaster. The botmaster commands the c&c. The c&c commands the bots. © AR AG AS
BOTNET WITH ZOMBIES © AR AG AS
BOTNET STATISTICS © AR AG AS
DOSNET A type of botnet & mostly used as a term for malicious botnets. DoSnets are used for DDoS attacks which can be very devastating. Well-known DoSnet software includes → TFN2k → Stacheldraht → Trinoo. © AR AG AS
DOSBOT The denial of service bot is the client which is used to connect to the network. It’s also the software which performs any attacks. The vast majority of the bots are written in the → C → C++ → Java © AR AG AS
WAREZ Botnets can be used to steal, store, or propagate warez. Warez constitutes any illegally obtained or pirated software. Bots can search hard drives for software and licenses installed on a victims machine. Botmasters can easily transfer it off for duplication and distribution. © AR AG AS
CONTROLLING BOTNET Command Function .capture. Generates and saves an image or video file. .download. Downloads a file from a specified URL to the victim’s computer. .find file. Finds files on the victim’s computer by name and returns the paths of any files found. .getcdkeys. Returns product keys for software installed on the victim’s computer. .key log. Logs the victim’s keystrokes and saves them to a file. .open. Opens a program, an image, or a URL in a web browser. .procs. Lists the processes running on the victim’s computer. Some of the Botnet Commands from Win32 bot family: © AR AG AS
HOW BOTS WORK? Bots creep into a person’s computer in many ways. Bots often spread themselves across the internet by looking for vulnerable, unprotected computers to infect.  When they find an exposed computer, they quickly infect the machine and then report back to their master. Their goal is then to stay hidden until they are instructed to carry out a task. © AR AG AS
AUTOMATED TASKS BY BOTS Sending Stealing Denial of Service Click fraud They send → Spam → Viruses → Spyware They steal personal and private information and communicate it back to the malicious user: → Bank credentials → Credit card numbers → Sensitive informations Launching denial of service (DoS) attacks against a specified target. Fraudsters use bots to boost web advertising billings by automatically clicking on internet ads. © AR AG AS
PROTECT AGAINST BOTS Limit your user rights when online. Install top-rated security software. Increase the security settings on your browser. Update automatically to latest system patches. Configure your software's settings to update automatically. Never click on attachments unless you can verify the source. © AR AG AS
DETECTION + REMOVAL 1 RUBOTTED 2.0 BETA Monitors our computer for potential infection and suspicious activities associated with bots. Protect our system by continuously monitoring our computer for potential infection and suspicious activities with Rubotted. →downloadcenter.trendmicro.com © AR AG AS
DETECTION + REMOVAL 2 MALICIOUS SOFTWARE REMOVAL TOOL Checks our computer for infection by specific, prevalent malicious software and removes the infection if it is found. Microsoft releases an updated version of this tool on the second Tuesday of each month. →microsoft.com © AR AG AS
DETECTION + REMOVAL 3 NORTON™ POWER ERASER Eliminates deeply embedded and difficult to remove crimeware that traditional virus scanning doesn't always detect. Norton Power Eraser is specially designed to aggressively target scamware. →security.symantec.com © AR AG AS
MOBILE BOTNETS Targets smartphones, attempting to gain complete access to the device and its contents as well as providing control to the botmaster. Mobile botnets give admin rights of the compromised mobile devices, enabling hackers to →Send e-mail or text messages → Make phone calls → Access contacts and photos, and more. © AR AG AS
EXAMPLES OF MOBILE BOTNETS The Dreamdroid malware that compromised the Android devices. The iPhone SMS attack that affected iPhone + iPad devices. The Commwarrior affected Symbian series mobile devices. The Zitmo that targeted Blackberry users. © AR AG AS
CONTROLLING MOBILE BOTNET Command Function Add Phone Number(s) Adds numbers to the forwarding list. Commands are forwarded to all bots on the list. Set sleep interval Sets how long the client waits before searching the P2P network for a command. Execute shell sequence Run a command in the shell. Download URL Downloads a command file from the botmasters. Some of the Botnet Commands from iBot family: © AR AG AS
PROTECT AGAINST MOBILE BOTS Install the latest official OS for your smartphone. Avoid pirated apps or apps from untrusted sources. Download apps only from trusted and reputable app stores. © AR AG AS
DETECTION + REMOVAL BULLGUARD MOBILE SECURITY 10 Detects and removes malware. Monitor information that is being sent and received. Remotely manage and monitor the smartphone. →bullguard.com © AR AG AS
© AR AG AS
REFERENCES © AR AG AS
ANY QUESTIONS?  © AR AG AS
CREDITS Alok Roy Arjo Ghosh Abhishek Sahu © AR AG AS
© AR AG AS

Recommended

Botnets 101
Botnets 101Botnets 101
Botnets 101Aung Thu Rha Hein
 
Botnet
Botnet Botnet
Botnet PriyanKa Harjai
 
What is botnet?
What is botnet?What is botnet?
What is botnet?Milan Petrásek
 
Botnets
BotnetsBotnets
BotnetsVishwadeep Badgujar
 
Botnets
BotnetsBotnets
BotnetsKavisha Miyan
 
Botnet Detection Techniques
Botnet Detection TechniquesBotnet Detection Techniques
Botnet Detection TechniquesTeam Firefly
 
introduction to Botnet
introduction to Botnetintroduction to Botnet
introduction to Botnetyogendra singh chahar
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dossadhana21297
 

Recommended

Botnets 101
Botnets 101Botnets 101
Botnets 101Aung Thu Rha Hein
 
Botnet
Botnet Botnet
Botnet PriyanKa Harjai
 
What is botnet?
What is botnet?What is botnet?
What is botnet?Milan Petrásek
 
Botnets
BotnetsBotnets
BotnetsVishwadeep Badgujar
 
Botnets
BotnetsBotnets
BotnetsKavisha Miyan
 
Botnet Detection Techniques
Botnet Detection TechniquesBotnet Detection Techniques
Botnet Detection TechniquesTeam Firefly
 
introduction to Botnet
introduction to Botnetintroduction to Botnet
introduction to Botnetyogendra singh chahar
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dossadhana21297
 
Botnet
BotnetBotnet
Botnetlokenra
 
Botnet Detection in Online-social Network
Botnet Detection in Online-social NetworkBotnet Detection in Online-social Network
Botnet Detection in Online-social NetworkRubal Sagwal
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokeshLokesh Bysani
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Institute of Information Security (IIS)
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksJignesh Patel
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Securitysumit saurav
 
Ransomware
RansomwareRansomware
RansomwareAkshita Pillai
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and PrivacyBrian Pichman
 
hacking
hackinghacking
hackingmayank1293
 
Ransomware
RansomwareRansomware
RansomwareChaitali Sharma
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeAPNIC
 
OSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureOSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureChristian Martorella
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Botnet
BotnetBotnet
BotnetJoshin Gomez
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Aniq Eastrarulkhair
 

More Related Content

What's hot

Botnet Detection in Online-social Network
Botnet Detection in Online-social NetworkBotnet Detection in Online-social Network
Botnet Detection in Online-social NetworkRubal Sagwal
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokeshLokesh Bysani
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Securitysumit saurav
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and PrivacyBrian Pichman
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeAPNIC
 
OSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureOSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureChristian Martorella
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 

What's hot (20)

Botnet
BotnetBotnet
Botnet
 
Botnet Detection in Online-social Network
Botnet Detection in Online-social NetworkBotnet Detection in Online-social Network
Botnet Detection in Online-social Network
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Security
 
Ransomware
RansomwareRansomware
Ransomware
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and Privacy
 
hacking
hackinghacking
hacking
 
Ransomware
RansomwareRansomware
Ransomware
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
 
OSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureOSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and future
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 

Similar to BOTNET

Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Aniq Eastrarulkhair
 
20210717-AntiBotnets-FundamentalInfoSec.pptx
20210717-AntiBotnets-FundamentalInfoSec.pptx20210717-AntiBotnets-FundamentalInfoSec.pptx
20210717-AntiBotnets-FundamentalInfoSec.pptxSuman Garai
 
How spam change the world
How spam change the world How spam change the world
How spam change the world Farhaan Bukhsh
 
trojon horse Seminar report
trojon horse Seminar report trojon horse Seminar report
trojon horse Seminar reportNamanKikani
 
Types of malware threats
Types of malware threatsTypes of malware threats
Types of malware threatsEC-Council
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”iosrjce
 
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...OWASP Delhi
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Mohammed Jaseem Tp
 
Bot software spreads, causes new worries
Bot software spreads, causes new worriesBot software spreads, causes new worries
Bot software spreads, causes new worriesUltraUploader
 
All you know about Botnet
All you know about BotnetAll you know about Botnet
All you know about BotnetNaveen Titare
 
Botnet Attacks How They Work and How to Defend Against Them.pdf
Botnet Attacks How They Work and How to Defend Against Them.pdfBotnet Attacks How They Work and How to Defend Against Them.pdf
Botnet Attacks How They Work and How to Defend Against Them.pdfuzair
 

Similar to BOTNET (20)

Botnet
BotnetBotnet
Botnet
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1
 
Botnet
BotnetBotnet
Botnet
 
Bots and Botnet
Bots and BotnetBots and Botnet
Bots and Botnet
 
20210717-AntiBotnets-FundamentalInfoSec.pptx
20210717-AntiBotnets-FundamentalInfoSec.pptx20210717-AntiBotnets-FundamentalInfoSec.pptx
20210717-AntiBotnets-FundamentalInfoSec.pptx
 
How spam change the world
How spam change the world How spam change the world
How spam change the world
 
trojon horse Seminar report
trojon horse Seminar report trojon horse Seminar report
trojon horse Seminar report
 
How To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot AttacksHow To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot Attacks
 
Types of malware threats
Types of malware threatsTypes of malware threats
Types of malware threats
 
Cyber crime report
Cyber crime reportCyber crime report
Cyber crime report
 
Malware
MalwareMalware
Malware
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”
 
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
 
P01761113118
P01761113118P01761113118
P01761113118
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
 
Cybersecurity -Terms.
Cybersecurity -Terms.Cybersecurity -Terms.
Cybersecurity -Terms.
 
Bot software spreads, causes new worries
Bot software spreads, causes new worriesBot software spreads, causes new worries
Bot software spreads, causes new worries
 
All you know about Botnet
All you know about BotnetAll you know about Botnet
All you know about Botnet
 
Botnet Attacks How They Work and How to Defend Against Them.pdf
Botnet Attacks How They Work and How to Defend Against Them.pdfBotnet Attacks How They Work and How to Defend Against Them.pdf
Botnet Attacks How They Work and How to Defend Against Them.pdf
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 

BOTNET

  • 4. BOTNET BATTLE A single compromised computer can be a pain to deal with, but a collection of compromised computers can wreak havoc around the world. Leaving our computer vulnerable to attack makes us a danger, not just to ourselves but to everyone on the internet. How do botnets work? What’s the risk? How can we protect ourselves? © AR AG AS
  • 5. WHAT IS A BOTNET? The term bot is short for robot. Criminals distribute malware turning our computer into a bot. Computers perform automated tasks over the internet without us knowing it. Criminals use bots to infect large number of computers. These computers form a network which is popularly called as botnet. © AR AG AS
  • 6. RISKS OF BOTNET Criminals use botnets to Send out spam email messages. Spread viruses. Attack computers + servers. Commit other kinds of crime + fraud. If our computer becomes part of a botnet, then our computer might slow down and we might be helping cyber criminals indirectly. © AR AG AS
  • 7. DEBUTS IN 2000 In the year 2000, a Canadian teenager launched a series of distributed denial-of-service attacks against several high-profile web sites. The teen targeted Yahoo, Dell, eBay, amazon and many others by flooding the sites with massive amounts of junk traffic until their servers crashed. © AR AG AS
  • 8. BOTNETS CLASSIFICATION Botnets can be classified into two prime categories: Legal botnets Illegal botnets © AR AG AS
  • 9. LEGAL BOTNETS The term botnet is widely used when several IRC bots have been linked and set channel modes on other bots and users while keeping IRC channels free from unwanted users. This is where the term is originally from, since the first illegal botnets were similar to legal botnets. A common bot used to set up botnets on IRC is eggdrop. © AR AG AS
  • 10. ILLEGAL BOTNETS Botnets sometimes infect computers whose security defences have been violated and control granted to a third party. Each such infected device, known as a "bot", is created when a computer is penetrated by software from a malware distribution. The botmaster directs the activities of these infected computers through communication channels formed by IRC and HTTP. © AR AG AS
  • 11. WHAT IS A BOT? A "bot" is a type of malware that allows an attacker to take control over an affected computer. Bots are usually part of a network of infected machines. Since a bot infected computer does the bidding of its master, many people refer to these victim machines as zombies. The cybercriminals that control these bots are called botmasters. © AR AG AS
  • 12. BOT + EXPLOIT SELECTION Botnets typically begin when Botmaster downloads a bot program and exploit code. Bot programs such as AgoBot, IRCBot, etc are freely available on the internet. Exploits for Windows OS are generally selected. These exploits are attractive both due to large number of exploits available and the widespread adoption of Windows amongst business + residential users. © AR AG AS
  • 13. CONTROL CHANNEL After selecting the bot + exploit combination, the Botmaster must now setup one or more control channels. The most common technique is to use public IRC servers to control the botnet. The Botmaster needs a control channel in order to issue commands to and receive feedback from the botnet. Control channels are frequently moved to avoid detection. © AR AG AS
  • 14. INITIAL INFECTION The Botmaster must now begin to build the zombie army that will include the botnet. Using the chosen exploit, the Botmaster cracks and takes control over a handful of systems. © AR AG AS
  • 15. C + C MECHANISM COMMAND AND CONTROL MECHANISM A collection of computers is useless without some control mechanism. The command and control constitutes the interface between the botnet and the botmaster. The botmaster commands the c&c. The c&c commands the bots. © AR AG AS
  • 18. DOSNET A type of botnet & mostly used as a term for malicious botnets. DoSnets are used for DDoS attacks which can be very devastating. Well-known DoSnet software includes → TFN2k → Stacheldraht → Trinoo. © AR AG AS
  • 19. DOSBOT The denial of service bot is the client which is used to connect to the network. It’s also the software which performs any attacks. The vast majority of the bots are written in the → C → C++ → Java © AR AG AS
  • 20. WAREZ Botnets can be used to steal, store, or propagate warez. Warez constitutes any illegally obtained or pirated software. Bots can search hard drives for software and licenses installed on a victims machine. Botmasters can easily transfer it off for duplication and distribution. © AR AG AS
  • 21. CONTROLLING BOTNET Command Function .capture. Generates and saves an image or video file. .download. Downloads a file from a specified URL to the victim’s computer. .find file. Finds files on the victim’s computer by name and returns the paths of any files found. .getcdkeys. Returns product keys for software installed on the victim’s computer. .key log. Logs the victim’s keystrokes and saves them to a file. .open. Opens a program, an image, or a URL in a web browser. .procs. Lists the processes running on the victim’s computer. Some of the Botnet Commands from Win32 bot family: © AR AG AS
  • 22. HOW BOTS WORK? Bots creep into a person’s computer in many ways. Bots often spread themselves across the internet by looking for vulnerable, unprotected computers to infect.  When they find an exposed computer, they quickly infect the machine and then report back to their master. Their goal is then to stay hidden until they are instructed to carry out a task. © AR AG AS
  • 23. AUTOMATED TASKS BY BOTS Sending Stealing Denial of Service Click fraud They send → Spam → Viruses → Spyware They steal personal and private information and communicate it back to the malicious user: → Bank credentials → Credit card numbers → Sensitive informations Launching denial of service (DoS) attacks against a specified target. Fraudsters use bots to boost web advertising billings by automatically clicking on internet ads. © AR AG AS
  • 24. PROTECT AGAINST BOTS Limit your user rights when online. Install top-rated security software. Increase the security settings on your browser. Update automatically to latest system patches. Configure your software's settings to update automatically. Never click on attachments unless you can verify the source. © AR AG AS
  • 25. DETECTION + REMOVAL 1 RUBOTTED 2.0 BETA Monitors our computer for potential infection and suspicious activities associated with bots. Protect our system by continuously monitoring our computer for potential infection and suspicious activities with Rubotted. →downloadcenter.trendmicro.com © AR AG AS
  • 26. DETECTION + REMOVAL 2 MALICIOUS SOFTWARE REMOVAL TOOL Checks our computer for infection by specific, prevalent malicious software and removes the infection if it is found. Microsoft releases an updated version of this tool on the second Tuesday of each month. →microsoft.com © AR AG AS
  • 27. DETECTION + REMOVAL 3 NORTON™ POWER ERASER Eliminates deeply embedded and difficult to remove crimeware that traditional virus scanning doesn't always detect. Norton Power Eraser is specially designed to aggressively target scamware. →security.symantec.com © AR AG AS
  • 28. MOBILE BOTNETS Targets smartphones, attempting to gain complete access to the device and its contents as well as providing control to the botmaster. Mobile botnets give admin rights of the compromised mobile devices, enabling hackers to →Send e-mail or text messages → Make phone calls → Access contacts and photos, and more. © AR AG AS
  • 29. EXAMPLES OF MOBILE BOTNETS The Dreamdroid malware that compromised the Android devices. The iPhone SMS attack that affected iPhone + iPad devices. The Commwarrior affected Symbian series mobile devices. The Zitmo that targeted Blackberry users. © AR AG AS
  • 30. CONTROLLING MOBILE BOTNET Command Function Add Phone Number(s) Adds numbers to the forwarding list. Commands are forwarded to all bots on the list. Set sleep interval Sets how long the client waits before searching the P2P network for a command. Execute shell sequence Run a command in the shell. Download URL Downloads a command file from the botmasters. Some of the Botnet Commands from iBot family: © AR AG AS
  • 31. PROTECT AGAINST MOBILE BOTS Install the latest official OS for your smartphone. Avoid pirated apps or apps from untrusted sources. Download apps only from trusted and reputable app stores. © AR AG AS
  • 32. DETECTION + REMOVAL BULLGUARD MOBILE SECURITY 10 Detects and removes malware. Monitor information that is being sent and received. Remotely manage and monitor the smartphone. →bullguard.com © AR AG AS