Botnet
#1

hi inned a report on botnet
Reply
#2
A botnet or robot network is a group of computers running a computer application controlled and manipulated only by the owner or the software source. The botnet may refer to a legitimate network of several computers that share program processing amongst them.

Usually though, when people talk about botnets, they are talking about a group of computers infected with the malicious kind of robot software, the bots, which present a security threat to the computer owner. Once the robot software (also known as malicious software or malware) has been successfully installed in a computer, this computer becomes a zombie or a drone, unable to resist the commands of the bot commander.

A botnet may be small or large depending on the complexity and sophistication of the bots used. A large botnet may be composed of ten thousand individual zombies. A small botnet, on the other hand may be composed of only a thousand drones. Usually, the owners of the zombie computers do not know that their computers and their computers' resources are being remotely controlled and exploited by an individual or a group of malware runners through Internet Relay Chat (IRC)

There are various types of malicious bots that have already infected and are continuing to infect the internet. Some bots have their own spreaders - the script that lets them infect other computers (this is the reason why some people dub botnets as computer viruses) - while some smaller types of bots do not have such capabilities.


see more
http://tech-faqbotnet.shtml
http://en.wikipediawiki/Botnet
http://isocisoc/conferences/ndss/06/proceedings/papers/modeling_botnet_propagation.pdf
http://certnetsa/publications/IMC07-collins,etc-predicting-future-botnet-addresses-unclean.pdf
http://springerlinkcontent/c8686313w36310k3/
Reply
#3
[attachment=7407]
Presented By:Anup Satpathy
Botnets

Introduction:
A botnet(also known as zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet.
A bot is a client program that runs in the background of a compromised host
Purpose
DoS, ID Theft, Phishing, keylogging, SPAM
Spreading worms and viruses for Fun AND profit


Questions :
Why is there so much spam?

Why are there so many worms and viruses?

What are the sources of denial of service attacks?

Why would anyone want to break into my computer?

Why don’t the people doing these things get arrested?

Host control
Fortify system against other malicious attacks

Disable anti-virus software

Stresses need to patch/protect systems prior to attack

Stronger protection boundaries required across applications in Operating Systems.

How they work :
The larger the botnet, the more approval the herder can claim to have among the underground community. The bot herder will also ‘rent’ the services of the botnet out to third parties, usually for sending out spam messages, or for performing a denial of service attack against a remote target.
Some bot commands
Search for sensitive info on bot’d hosts
Enable keylogger and look for Paypal or eBay account info

Money is the main driver :
Most botnet-related abuse is driven by financial considerations:

Viruses and worms are used to compromise systems to use as bots.

Bots are used to send spam to sell products and services (often fraudulent), engage in extortion (denial of service against online gambling, credit card processors, etc.), send phishing emails to steal bank account access.

Most of the spam messages are passed with “Links” requesting users to follow. Clicking the page link will denote the system as vulnerable by the Spammer which will be further be sold to other sponsors.

Access to bots as proxies is sold to spammers, often with a very commercial-looking front end web interface.

Bots can be used to sniff traffic, log keystrokes, collect usernames and passwords, spreading malware, manipulate online polls, etc.


Zombies(Botnets)
An IRC based, command and control(C&C) network of compromised hosts (bots)
Owners of zombie computers are usually unaware their machine is compromised
Most spam is sent from zombie computers
Used as the bots in many Botnets
Used to mount large scale DDoS attacks

IRC(Internet Relay Chat)
Real time Internet Chat (synchronous conferencing)
Designed for group conferencing
Can do private one-to-one messaging
Communications are facilitated via channels
Channels can be global to all servers or local to a single server in the network.
IRC BOT:
Bots are a special type of IRC client and are often used for performing automated administrative tasks for the net.
treated as a regular user by the servers but could be a trojan horse installed on a user machine, this constitutes a zombie.
E.g. Google IRC Bot which translates into other languages in runtime environment.


DDoS
One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie computers(Botnet) taking instructions from a central point.
DoS is an attempt to make a computer resource unavailable to its intended users.
A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

How to identify whether your Computer is a Botnet :

If your computer runs slower than normal.
If network activity in task manager shows abnormal rate most of the time.
If your antivirus program shuts off by itself.
Run Process Explorer and examine all the process to see if any process is running that does not run on your computer normally.

Control
IRC operators play central role in stopping botnet traffic
Traffic fingerprinting still useful for identification(CAPTCHA)
Improve local security policy authentication practices to prevent password guessing attacks.
Update all systems and verify that all systems have accepted and installed the patches.
Every windows host needs a strong and active virus checker which also must have a scope given towards Spyware and Adware.
Law enforcement may be invoked, especially if the incident is considered serious for legal and financial reasons.
All outbound mails have to go through the official mail servers to prevent botclients from Spamming directly through internet.
Develop your sources of internal intelligence.
Conclusions
Botnets are the primary infrastructure of criminal activity on the Internet, used most heavily for spamming, phishing, DoS attacks, spreading Spywares and creating more bots.
An effective response to botnets in order to reduce spam, phishing, and denial of service requires a combination of policies and procedures, technology, and legal responses from network providers, ISPs, organizations on the Internet, and law enforcement and a sharp awareness among users.
Future botnets may move away from IRC. Move to P2P communication.
All of these components need to respond and change as the threats continue to evolve triggering Cyberterrorism.

References
http://wikipedia.org
http://research.ibmjournals
“Information Technology” journal, August 2005, published by EFY.
IEEE journal on" security and privacy”
EC-Council – CEH Version 6
Mr. Sukalyan Das – Entrepreneur (Bhubaneswar)

Reply
#4

[attachment=7631]


ABSTRACT


A “botnet” consists of a network of compromised computers controlled by an attacker (“botmaster”). Recently, botnets have become the root cause of many Internet attacks. To be well prepared for future attacks, it is not enough to study how to detect and defend against the botnets that have appeared in the past. More importantly, we should study advanced botnet designs that could be developed by botmasters in the near future. In this paper, we present the design of an advanced hybrid peer-to-peer botnet. Compared with current botnets, the proposed botnet is harder to be shut down, monitored, and hijacked. It provides robust network connectivity, individualized encryption and control traffic dispersion, limited botnet exposure by each bot, and easy monitoring and recovery by its botmaster. In the end, we suggest and analyze several possible defenses against this advanced botnet.


INTRODUCTION

In the last several years, Internet malware attacks have evolved into better and more profit-centered endeavors. Email spam, extortion through denial-of-service attacks, and click fraud represent a few examples of this emerging trend. “Botnets” are the root cause of these problems. A botnet consists of a network of compromised computers controlled by an attacker or botmaster. The term botnet is derived from software robots, or bots . These bots can be controlled remotely to perform large scale distributed denial of service (DDoS) attacks, send spam, deliver Trojans, send phishing emails, distribute copyrighted media or conduct other illegal activities .
The unique feature of a botnet is its controlled communication network . Most bots have a centralized architecture. i.e., they are connected to a command and control (C&C) server. In such an architecture, the C&C server acts as a central point of failure for the botnet. That is, the entire botnet can be shutdown if the defender captures the C&C server .
Botmasters are now shifting to different architectures to avoid this weakness. In a peer-to- peer (P2P) architecture a node can act as a client as well as a server and there is no centralized point for command and control . A P2P botnet requires little or no formal coordination and even if a node is taken offline by the defender, the network still remains under the control of the attacker. Thus P2P bots have become the choice of architecture for botmasters .
Botnets are constantly evolving and are advancing towards more complex functionality and destructive capabilities. Until recently, the term botnet generally referred to a collection of IRC trojans, but today it can be any sophisticated network of malicious bots . A considerable amount of work has been done by bot writers in the following 2 areas:

• Design of new bot functionalities
In order to make bots stealthier and faster for propagation, bot writers have kept on adding newer functionalities to their existing bots. The trend shows that older bots were merely used for DDos (Distributed denial of service) attacks whereas newer bots have functionalities to send spams, sniff passwords, gather email addresses and credit card credentials.
Reply
#5
[attachment=9858]
The term “botnet” is used to refer to any group of bots. It is generally a collection of compromised computers (called zombie computers) running programs under a common command and control infrastructure. A botnet’s originator can control the group remotely, usually through means such as IRC, for various purposes.
The establishment of a botnet involves the following:
Exploitation: . Typical ways of exploitation are through social engineering. Actions such as phishing, email, buffer overflow and instant messaging scams are common among infecting a user’s computer.
Infection: After successful exploitation, a bot uses Trivial File Transfer Protocol (TFTP), File Transfer Protocol (FTP), HyperText Transfer Protocol (HTTP) or IRC channel to transfer itself to the compromised host.
Control: After successful infection, the botnet’s author uses various commands to make the compromised computer do what he wants it to do.
Spreading: Bots can automatically scan their environment and propagate themselves using vulnerabilities. Therefore, each bot that is created can infect other computers on the network by scanning IP ranges or port scanning.
Scope
A botnet is nothing more than a tool. There are many different motives for using them. It is used in computer surveillance. A surveillance program installed on a computer can search the contents of the hard drive for suspicious data, can monitor computer use, collect passwords, and even report back to its operator through the Internet connection. They are used widely by law enforcement agencies armed with search warrants. There are also warrantless surveillance by such organizations as the NSA. Packet sniffing is monitoring of data traffic into and out of a computer or network. Other uses may also be criminally motivated (eg. Denial of service attack, key logging, packet sniffing, disabling security applications, etc.) or for monetary purposes (click fraud).
Reply
#6

Presented by;
Kumar Mukherjee
Mike Ladd
Nazia Raoof
Rajesh Radhakrishnan
Bret Walker

BOTNET
[attachment=11125]
Botnet Background
• network of infected hosts, under control of a human operator (botmaster)
• tens of thousands of nodes
• victims claimed by remote exploits
Defining Characteristic
• use of Command & Control (C&C) channels
• used to disseminate botmaster's commands
Uses of Botnets
• Spam
• ID Theft
• Piracy
• DDOS
• Ex. 1000 bots w/ 128KBit/s connection > many corporate systems
• IP distribution makes filtering difficult
 Lifecycle of Botnet Infection
Why IRC?
• IRC designed for both point-to-point and point-to-multipoint communication
• one-to-one, or one-to-group chat
• flexible, open-source protocol
Bot-to-IRC Communication
• authenticate to IRC server via PASS message
• C&C channel authentication
• Botmaster authenticates to bot population to issue commands
Bot-News: Kraken
• 400,000+ nodes
• 50+ Forture 500 companies
• 2x the size of ‘Storm’
• Used for spam (bots sending 500,000+ messages daily)
• Designed as image file
• Regular updates to binary
• C&C communication via customized UDP/TCP
• Able to generate new domain names if C&C is disabled
Further Background
• http://honeynetpapers/bots/
• http://wiredwired/archive/14.11/botnet_pr.html
http://en.wikipediawiki/Storm_botnet
 Methodology: Data Collection Architecture
Methodology: Gateway
 Darknet routing to various parts of the internal network
 Cross-infection prevention among honeypots
 configuring honeypots in separate VLANSs
 Termination of traffic across VLANs and gateways
 Monitor and Analyze the malware traffic for infections
Dynamic rule insertion
 block further inbound attack traffic towards honeypot that is infected
 single malware instance honeypots due to lack of resources
Other funcitons
 Triggering re-imaging with clean Windows images
 pre-filtering and control during downloads
 local DNS to resolve queries
Methodology: Defense Points
 With the methodology we now have the ability to model other types of bots.
 Although methodology utilized Windows OS, we can model it for other platforms
 The methodology analyzes all aspects of bots and botnets.
 A multifaceted approach to understanding the Botnet Phenomenon
Results - I
 Overall traffic
 Traffic directed to vulnerable ports
 Peak traffics
 Probed servers
Botnet Types
Botnets and Network types

 DNS & IRC tracker views
 Key Points based on results
 Effective Botnet Sizes
 Lifetime
 Botnet Software Dissection
 Insight from an “Insider’s View”
Related Work
 Honeynet group was the first to do an informal study
 Freiling et al. on countering certain classes of DDoS attacks
 Cooke et al. on prevalence of botnets by measuring elapsed time before an un-patched system was infected by a botnet
 Barford et al. on an in-depth anaylsis on bot software sourcecode
 Vrable et al. presented Potemkin, a scalable virtual honeynet system
 Cui et al. presented RolePlayer—a protocol independent lightweight responder that tries to overcome some of these limitations by reverting to a real server when the responder fails to produce the proper response
 Dagon et al. provide an initial analytical model for capturing the spreading behavior of botnets.
Conclusion
 Long presence and few formal studies
 One of the most severe threats to the Internet.
 Our knowledge of botnet behavior is incomplete
 To improve our understanding, we present a composite view
 Results show that botnets are a major contributor to the overall unwanted traffic on the Internet
 Botnet scanning behavior is markedly different from that seen by autonomous malware (e.g., worms) because of its manual orchestration
 IRC is still the dominant protocol used for C&C communications
 Use is adapted to satisfy different botmasters’ needs
 Botnet footprints are usually much larger
 Graybox testing technique enabled us to understand the level of
sophistication reached by bot software today
Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page
Popular Searches: darknet, botnet controller, botnets, botnet attack presentation ppt, irc sp 55 2001, botnet seminar reports forfree download, botnet cc,

[-]
Quick Reply
Message
Type your reply to this message here.

Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  seminar report on the topic botnet 1 754 11-03-2016, 02:47 PM
Last Post: seminar report asees
Star Botnet: Seminar report dhiraj27sd 5 2,500 03-10-2012, 01:41 PM
Last Post: seminar details
  botnet rachanakondebettu 1 842 31-10-2011, 09:22 AM
Last Post: seminar addict
  botnet karthi krishnan b 2 2,378 31-10-2011, 09:21 AM
Last Post: seminar addict

Forum Jump: