Botnets 101 - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Botnets 101

Description:

A program that allows a remote attacker to control a ... Symantec Internet Security Threat Report - Volume X: September 2006. http://www.symantec.com ... – PowerPoint PPT presentation

Number of Views:162
Avg rating:3.0/5.0
Slides: 10
Provided by: craigb5
Category:
Tags: botnets | symantec

less

Transcript and Presenter's Notes

Title: Botnets 101


1
Botnets 101
  • or Why didnt my friggin Anti-Virus work!
  • Oct 4, 2006

2
What Is a Bot?
  • A program that allows a remote attacker to
    control a compromised system.
  • They vary widely in sophistication and
    capabilities.
  • Most are built from bits and pieces traded
    amongst the botnet community
  • They most often connect back to an Internet Relay
    Chat (IRC) server to listen for instructions

3
What can a typical Bot do?
  • Install software and patches
  • Kill anti-virus and host-based firewall
  • Port scanner
  • FTP server
  • Canned exploits to create more bots
  • Keylogger
  • Traffic sniffer
  • Custom IRC client
  • Rootkit
  • DDoS Client

4
What is a Botnet?
  • A group of infected systems connected to a
    Command and Control (CC) channel listening for
    instructions
  • They vary in size and capabilities. Currently
    average size is several thousand machines
  • Largest reported botnet was 1.5 million
    machines1

5
Why build a Botnet?
  • Fun and games, curious hackers out to explore?
  • Script kiddie pranksters knocking their
    friends/enemies off IRC?
  • Not any more
  • MONEY
  • Criminal activities designed to generate money.

6
What can a Botnet do?
  • Install Malware
  • Install new bots
  • Instant coordinated virus launch
  • Install / Defraud Adware
  • Install browser add-ons
  • Auto-click on banners and pay-per-click links

7
What can a Botnet do?
  • DDoS extortion
  • 1000 home PCs with an average upstream of
    128KBit/s can offer more than 100MBit/s2
  • Spamming
  • Either as a proxy or directly
  • Disposable
  • Manipulate online surveys, polls, and games
  • Unique IP addresses

8
How can I protect my network?
  • Principle of least privilege
  • Dont allow users to install software
  • Anti-Virus
  • Not perfect, but helps limit the damage
  • Host-Based Firewall
  • Again not perfect, but raises the bar
  • Network Firewall
  • Filter both ingress and egress

9
References Resources
  • 1 Dutch Botnet Suspects Ran 1.5 Million Machine
    - Gregg Keizer
  • http//www.techweb.com/wire/security/172303160
  • 2 Know your Enemy Tracking Botnets - The
    Honeynet Project
  • http//www.honeynet.org/papers/bots/
  • Bot Networks - Bruce Schneier
  • http//www.schneier.com/blog/archives/2006/07/bot_
    networks.html
  • Windows Malicious Software Removal Tool Progress
    Made, Trends Observed
  • http//www.microsoft.com/downloads/details.aspx?Fa
    milyId47DDCFA9-645D-4495-9EDA-92CDE33E99A9displa
    ylangen
  • Symantec Internet Security Threat Report - Volume
    X September 2006
  • http//www.symantec.com/specprog/threatreport/ent-
    whitepaper_symantec_internet_security_threat_repor
    t_x_09_2006.en-us.pdf
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Botnets 101" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!