Botnets - PowerPoint PPT Presentation

About This Presentation

Title:

Botnets

Description:

Botnets An Introduction Into the World of Botnets Tyler Hudak tyler_at_hudakville.com – PowerPoint PPT presentation

Number of Views:312

Avg rating:3.0/5.0

Slides: 24

Provided by: Tyle45

Category:

more less

Transcript and Presenter's Notes

Title: Botnets

1
Botnets
An Introduction Into the World of
Botnets Tyler Hudak tyler_at_hudakville.com
2
What will we cover?

What are botnets?
History
How do they work?
What are they used for?
Who cares?
Detection and Prevention Methods

3
Botnets

Collection of software robots, or bots, which
run autonomously1
A group of programs, installed on different
computers, all running under one command and
control structure (CC)
Typically controlled by one person or a group of
people (aka. The botmaster)

4
History

Originally used in IRC as a way to allow
automated tasks to be done
Protect a channel, kick a user out of a
channel,etc
Eventually evolved into a way to automate
malicious tasks
Started with DoS/DDoS against servers
TFN, stacheldraht, trinoo (1999)

5
History

Attackers created easier ways to control bots
IRC, HTTP, P2P
Bots started to become payloads for worms
Allowed for faster compromises, bigger botnets
Sobig/SDBot/Rbot/Agobot/Phatbot
Today, botnets are big business!
Over 10,000 bots have been reported in a single
botnet.

6
How do they work?
Victim
Botmaster
IRC Server
7
How are they spread?

Exploiting known vulnerabilities
Social Engineering
Spam/Phishing
Website Downloads
Instant Messaging
P2P networks

8
Command and Control

Number of different ways to control bots
Dynamic DNS services often used
Most common is through IRC (public or private)
Bots log into a specific IRC channel
Bots are written to accept specific commands and
execute them (sometimes from specific users)
Disadvantages with IRC
Usually unencrypted, easy to get into and take
over or shut down

9
Command and Control
Source http//swatit.org/bots/gallery.html
10
Command and Control
Source http//swatit.org/bots/gallery.html
11
Command and Control
Source http//swatit.org/bots/gallery.html
12
Command and Control

CC interfaces starting to become more complex
HTTP CC interface
Advantages
IRC not always allowed through corporate
firewalls, HTTP almost always is
Websites are found everywhere

13
Command and Control
Source Websense Security Labs
14
Command and Control

More CC interfaces emerging
Phatbot/Nugache worm uses encrypted P2P network
(WASTE)
Much more difficult to find botmaster or shut
down botnet

15
What are they used for?

Phishing
Spam
Distributed Denial of Service
Click Fraud
Adware/Spyware Installation
Identity Theft
Making Additional Income!!!

16
DDoS Botnets

DDoS has been available in bots since the
beginning
All too common
Used for extortion
Take down systems until they pay threats work
too!
Take out competition
BlueSecurity anti-spam service

17
Additional Income???

Botnets can be very profitable
Extortion
Fraud
Identity Theft
Adware
Renting out botnets!

18
Botnet Email Ad
Tired of being scammed?Tired of servers
downtime?Tired of high latency?Being Blocked or
Blacklisted too fast? FORGET ABOUT THAT!Get rid
of asian datacenters and choose a better Spam
friendly solution with us.We have the latest
development in Bulletproof Webservers that
willhandle your high complaint loads. Contact us
for pricing!-----------------------------ICQ
MSN MessengerAIMyahoo Botnet Hosting
Servers-------------------------------5 Ips
that changes every 10 minutes (with different
ISP)Excellent ping and uptime.100 percent
uptime guarantee. Easy Control Panel to add or
delete your domains thru webinterface.Redhat /
Debian LINUX OS.SSH Root Access.FTP
Access.APACHE2 PHP CURL ZEND MYSQL FTP SSH. We
have Direct Sending Servers, and we also do Email
Lists Mailings.
Source SpywareGuide Blog
19
Why should you care?

Botnets are becoming more common
Once a bot is on your machine (or your companys
machines) you no longer own that box
Do you really want your machine to be used to
attack others?

20
Detection Methods