In: English and Literature

Submitted By helloira
Words 262
Pages 2
Foundations of Information Assurance Paper Outline

Combatting and preventing botnets

I would like to research on combatting and preventing botnets. I want to understand how botnets work, the techniques used to detect them and the measures to defend against them. I would also like to understand any loopholes in the existing methods of defending a system against a botnet. My final goal is to understand the existing measures to combat botnets and if there are any precautionary measures which can be taken to prevent a system from becoming part of a botnet.

1. Introduction:
A botnet is a group of computers used by a hacker in order to launch an attack on a network. Botnets pose a great threat and combatting them is one of the biggest challenges being faced today. 2. An overview of botnets, how they work, types of botnets and detection techniques
1. The working of a botnet
2. Types of botnets
i. Classification of botnets based on architecture ii. Classification of botnets based on the network protocols/technology.
3. Detection techniques for botnets
i. Signature based detection ii. Anomaly based detection iii. DNS based detection

3. Prevention and mitigation of botnets
1. Various techniques used to defend a system against botnets
2. Preventive measures against botnets

4. Conclusion:
In many cases, users’ systems become a part of botnets without their knowledge. By understanding how botnets work, how they can be detected, we may be able to take steps to prevent our computers from becoming a part of a botnets or know the techniques to defend against…...

Similar Documents

Cis 240 Chapter 1

...achieve rates in excess of 10Bpbs and is being called LTE (Long Term Evolution), 4. What advantage does a circuit-switched network have over a packet-switched network? What advantages does TDM have over FDM in a circuit switched network? A circuit-switched network can guarantee a certain amount of end-to-end bandwidth for the duration of a call. Most packet-switched networks today (including the Internet) cannot make any end-to-end guarantees for bandwidth. 5. Describe how a Botnet can be created, and how it can be used for a DDoS attack. Creation of a botnet requires an attacker to find vulnerability in some application or system. After finding the vulnerability, the attacker needs to scan for hosts that are vulnerable. Any system that is part of the botnet can automatically scan its environment and propagate by exploiting the vulnerability. An important property of such botnets is that the originator of the botnet can remotely control and issue commands to all the nodes in the botnet. Hence, it becomes possible for the attacker to issue a command to all the nodes that target a single node. 6. Consider sending a packet from a source host to a destination host over a fixed route. List the delay components in the end-to-end delay. Which of these delays are constant and which are variable? The delay components are processing delays, transmission delays, propagation delays, and queuing delays. All of these delays are fixed, except for the queuing delays,......

Words: 1009 - Pages: 5


...DCIT 65 - Web Development Botnet Edrilyn R. Fortuno BS IT 3 - 1 February 7, 2013 Botnet A botnet is a collection of computers that connected to the internet that interact to accomplish some distributed task. A bot is a type of malware that enables a network attacker to gain control over a computer and utilize it to launch third party attacks on the Internet. Software agents, or robots, that run autonomously and automatically. A group of computers running a computer application controlled and manipulated only by the owner or the software source. In the past, the concept of bots did not include harmful behavior by default.Bots can be very benecial programs when they are designed to assist a human user, either by automating a simple task, or by simplifying a user's control over various programs or systems. Botnets are used for malicious activity like distributed denial of service attacks, identity theft, sending spams and phishing attacks. Typically botnets used for illegal purposes. Botnets are seen to be one of the main sources of malicious activity. Rapidly growing botnets and new methods for spreading malicious codes and launching attacks. Bots sneak into a persons computer in many ways. Bots often spread themselves across the Internet by searching for vulnerable, unprotected computers to infect. When they nd an exposed computer, they quickly infect the machine and then report back to their master. Their goal is then to stay hidden until they are instructed to carry...

Words: 1041 - Pages: 5

Terror Through the Wire

...James Ferencsik Cyber Attack Somewhere in July of 2009, our enemy North Korea decided to launch a lucrative yet damaging cyber attack on the United States and South Korea. These attacks were accomplished by the use of a botnet. A Botnet is basically a large system of computers that are linked together that are violently attacked by some form of virus. Can be room to room, state to state, and even country to country. This attack was done in a total of three waves. The first wave which occurred on July 4th, targeted a mass number of important web sites. Of those attacked were the White House as well as Pentagon servers. The second wave which targeted South Korea only attacked the National Intelligence Agency, the Ministry of defense, and the Blue House(no idea what that is assuming its like the white house). The third attack which was a deadly blow attacked the U.S as well as South Korea’s stock exchange. This basically was an attack on the economy, economy is down defenses are down which can turn a hard target into a soft target. After investigation sources believe that this wasn’t a total attack of malice. Rather just a very bold statement, a “were not ones to fuck with” statement. This is an absolute fact because North Korea as well as Russia are two countries that really should not be played with. This attack happened in 2009, it is 2014 and nothing has changed. North Korea as well as Russia are two very military powerful countries. This attack could have been a hell......

Words: 330 - Pages: 2

Coreflood Takedown

...Coreflood Takedown by the FBI Abstract Coreflood was a computer worm (botnet) that thrived for more than a decade and had over 2,000,000 clients. Most of these were in the United States. This paper discusses the Coreflood bot-net, its’ takedown by the Federal Bureau of Investigations and the Department of Justice, privacy and security issues surrounding the takedown and were their actions warranted? Coreflood Takedown by the FBI Coreflood was a small piece of malware that had been active for more than 10 years. The computers that were infected with Coreflood could perform actions that the user would not have been aware of such as: send out spam and malware, record user keystrokes to get account information and passwords and coordinated website attacks (Piklorski, 2011). Coreflood was a systematic capture and drain scheme used to wire transfer money from your account to their account. Attorneys, contractors, small business owners and individuals, were all victims of these thieves (shogan, 2011). As of February 2010, there were approximately 2,336,542 computers that were currently or had been infected by the Coreflood botnet with and turned into network sleeper agents to gather information (Piklorski, 2011). Although about 80% of these were in the United States, there were also some located in other countries. Due to this criminal success and American citizen devastation effects of Coreflood, the Federal Bureau of Investigation (FBI) started an effort to take down......

Words: 2340 - Pages: 10


...BOTNET What is Botnet? Botnets are malicious software that criminals distribute to computers and turn them into a zombie. When a computer is infected with a botnet your computer can perform tasks over the internet while you have no clue its happening. Normally criminals infect a large number of computers forming a network or a botnet. Botnets send out spam emails to spread viruses attack other computers and to commit other kind of crime and fraud. Some botnets can be large some can be small but size does not matter either way damage will be done regardless. Some of the most popular botnets are Conficker which never has activated to cause significant damage, but that don’t exactly means the threat is gone for it still remains very active. Another one is called Zeus. Zeus is a large botnet and has much detection mainly because individuals can configure it to use a different command. Zeus is mainly is configured to steal information such as banking credentials and send it to its attacker. Waledac works thru a peer-peer network and it can load malicious software, and proxy HTTP content to host malicious websites. Bredolab main focus is on downloading Scareware, fake anti-virus programs, and Ransonware. Their plan is to infect many computers with these programs and hope the victims purchase these programs and make some profit. Pushdo/Cutwail is two different botnets that use each other. Pushdo is a loader which means it downloads components to install on a system. It is......

Words: 700 - Pages: 3

Cis502 Week 8 Assignment Numerous threats were listed in the Security Threat Report 2014 such as botnets, android malware, attacks on Linux platforms and Mac OS X, web-based malware, targeted threats to your financial accounts, unpatched windows systems and re-invented spam. These items are detrimental to companies and users. The more complex these threats get, the harder it is to protect against them. I will analyze botnets and android malware in this section. A botnet is a network of private computers infected with malicious software and controlled as a group without the owner’s knowledge. Criminals distribute malicious software that can turn your computer into a “bot”. When this occurs, your computer can perform automated tasked over the Internet without your knowledge. This type of malware is typically used to infect large numbers of computers. They are used to send out spam email messages, spread viruses, attack computers and servers, and commit others kinds of crime and fraud. Botnets are now more resilient and integrating multiple backup forms of command and control. The operators are now faster and more effective at responding to countermeasures. The bad news is, users are becoming more resistant to fake alerts and antivirus scams, botnots are turning into ransomware instead. You are asked to pay money in order to restore access to your data. Right now, one of the most dangerous botnets out there is called Cryptolocker. This adds itself to the list of Windows......

Words: 1366 - Pages: 6

Classification of Botnet Detection Based on Botnet Architechture

...Classification of Botnet Detection Based on Botnet Architechture N.S.Raghava, Dept. of Information Technology Delhi Technological University Delhi, India Divya Sahgal Dept of Information Technology Delhi Technological University Delhi, India Seema Chandna Dept of Information Technology Delhi Technological University Delhi, India Abstract—Nowadays, Botnets pose a major threat to the security of online ecosystems and computing assets. A Botnet is a network of computers which are compromised under the influence of Bot (malware) code. This paper clarifies Botnet phenomenon and discusses Botnet mechanism, Botnet architecture and Botnet detection techniques. Botnet detection techniques can be categorized into six classes: honey pot based, signature-based, mining-based, anomaly-based, DNS-based and network-based. It provides a brief comparison of the above mentioned Botnet detection techniques. Finally, we discuss the importance of honeypot research to detect the infection vector and dealing with new Botnet approaches in the near future. Keywords- Botnet; Bot; Malware; Malicious code; P2P; Honeypot functions programmed by the Bot-master in automated way. Bots can receive commands from the Bot-master and work according to those commands to perform many cyber crimes for example phishing [26], malware dissemination, Distributed Denial of Service attack (DDoS) attack, identity theft etc. The process of......

Words: 2973 - Pages: 12

Gameover Zeus & Cryptolocker

...Items covered are what type of software each of these malicious codes is categorized as. What a botnet and ransomware are and how they can affect a system. The type of threats that Gameover ZeuS and Cryptolocker are categorized as, such as a confidentiality breach, integrity breach or an availability breach. Lastly the types of intervention and prevention that can be done to mitigate an attack, or prevent it in the first place. Tackling software such as these before being spread can mean the difference between hundreds and even thousands of dollars in damage. Gameover ZeuS and Cryptolocker Gameover ZeuS was what most would consider a really nasty Trojan horse. Thought to be created by Evgeniy M. Bogachev, a 30 year old man from Russia, the supposed ring leader of the whole operation. It is thought that the Trojan infected between 500,000 and one million computers, and syphoning over 100 million dollars into the attackers accounts. Gameover ZeuS was a Trojan that created a botnet and also carried another payload with it, Cryptolocker. Cryptolocker was a type of ransomware that prompted users to enter personal information and money to “remove” the virus (Herman, n.d.). How did these two pieces of software work together to cause so much chaos? We have established that Gameover ZeuS is a botnet and Cryptolocker is a ransomware, but what exactly is a botnet and ransomware? A botnet is best described by Margaret Rouse (2012), “...a number of internet computer that, although......

Words: 1335 - Pages: 6


...vulnerabilities in the browser security to modify web pages and manipulate monetary transactions by changing or adding details that are malicious. Form grabbing is a technique of capturing web form data in various browsers. Very recently Happy Hacker was arrested; he was alleged to be the mastermind behind the Zeus banking Trojan. Change slide * Zeus comes as a toolkit to build and administer a botnet. It has a control panel that is used to monitor and update patches to the botnet. * It also has a so-called builder tool that allows the creation of executables that are used to infect the user computers. * Zeus comes as a commercial product for users who can buy it from underground markets and easily setup their own botnet. It is estimated to cost around $700 plus for the advanced versions. Change Slide * Captures credentials over HTTP, HTTPS, FTP, POP3 * Has an integrated SOCKS proxy * Steals/deletes HTTP and flash cookies * Captures screenshots and scrapes HTML from target sites * Modifies the local hosts file * Groups the infected user systems into different botnets to distribute command and control * Has search capabilities which may be used through a web form * The configuration file is encrypted * Has a major function to kill the operating system * Has a unique bot identification string Change Slide Zeus is estimated to account for some 44% of the banking malware infections and has impacted an estimated 3.6......

Words: 697 - Pages: 3

Botnet Zombies

...Botnets are computer programs that are designed to take control of your computer without your knowledge. They are designed to infect computers and allow hackers to remotely control your computer via an Internet connection. Most users are unaware their computer has been hijacked because little evidence can be found that the computer is not working as expected. Once a computer has been compromised it is sometimes referred to as a bot or zombie. Having antivirus or other security software on your computer can help reduce the risk of being compromised by botnets but hackers are constantly developing new ways to circumvent these measures. Updating antivirus software regularly is one way to minimize the likelihood that computers can be used for malicious purposes (“What are Bots, Botnets and Zombies?” n.d.). The impact of botnets on business functions can be profound. Not only can computers be made to perform tasks without the users awareness but software like GameOver Zeus, or GOZ, can be used to steal financial or any other type of data from consumers or businesses. Business owners should be very concerned about programs like GOZ because they have sophisticated techniques to compromise other computers on a network, therefore an entire corporate network could be compromised if just one computer were to become infected with GOZ. Also, businesses should be concerned about botnets because they can be used to perform distributed-denial-of-service (DDoS) attacks using hundreds of......

Words: 630 - Pages: 3

The School of Cheating

...their overall effects on the performance and running of the website. It will include the individual effects of each piece of hardware and what it does to help with the performance of the webpage. The effects of malicious entities like viruses and botnets and how they affect the server and its running. User side factors that influence web performance Viruses: If the user’s computer is infected with a virus it is able to reduce the speeds of the internet connection and can overload the processor so it works harder. This then has to calculate the information for the website and other task it has been forced upon by the virus causing loading times to increase. Each virus falls under a different category, each category does a different type of malicious activity. Trojan horse in computing terms is a non-self-replicating malware program that contains malicious coding. This program, when it is executed by the user will carry out various tasks that have been determined the Trojan’s nature. Trojan’s are typically used in a way such that the victim suffers from data loss, data theft, and even possibly damage to the system. Trojan’s can infect the victim’s computer for a various number of reasons. The virus is able to force the machine into a botnet system which is part of DDOS attack. Some attacks that can be unintended or used out of pure intent of being malicious is to crash the victims PC, corrupt data and even format storage disks. Key loggers are often used in Trojan......

Words: 1774 - Pages: 8

Csec 620 Individual Assignment 2

...allowed networks of bots, called botnets, to direct millions of packets to the servers of the Estonian targets, overloading and rendering them inaccessible to visitors. Digital traffic from servers ranging all the way to Peru, Vietnam and the United States overwhelmed Estonian websites, overloading their buffers with superfluous data. At the apex of this DDoS flooding, government websites that had been receiving 1,000 visits each day were suddenly inundated with 2,000 per second (Crouch, Pg 1). No overt financial motivations were discovered as the driver of these attacks, with the principal motivation being political and retaliatory against the government of Estonia. The likely threat actors belonged to the Russian diaspora, who were incited by the Estonian government’s decision to relocate a Russian war memorial, although forensics never definitively proved it. Hackers were actively recruited and provided with step by step instructions online on how to carry out the attacks, that would ultimately lead to the transformation of collective Eastern European cybersecurity collaboration. Estonia Banks Targeted Estonia under attack The Baltic state of Estonia was attacked by hackers in April of 2007. Scores of government and private sector website were shut down. Estonian’s daily activities, such as pumping gas or making withdrawals from ATM machines were severely impacted. The architecture of the Internet allowed networks of bots, called botnets, to direct millions......

Words: 2634 - Pages: 11

Botnet Analysis and Detection

...I would like to thank Richboy and Ete Akumagba for their guidance and for proof reading this report. I would like to thank my family for their support and love. ii Abstract This era of explosive usage of networks have seen the rise of several opportunities and possibilities in the IT sector. Unfortunately, cybercrime is also on the rise with several forms of attack including, but not limited to botnet attacks. A Botnet can simply be seen as a network of compromised set of systems that can be controlled by an attacker. These systems are able to take malicious actions as needed by the attacker without the consent of the device owner and can cause havoc. This paper is the first part of a two-part report and discusses on several reportedly known botnets and describes how they work and their mode of infection. Several historic attacks and the reported damage have been given to give a good picture and raise the bar on the capabilities of botnets. Several existing tools have been considered and examined which are useful for detecting and terminating botnets. You would find that each tool has its own detection strategy, which may have an advantage on some end than others. iii Table of Contents Declaration ........................................................................................................................................... i Acknowledgements ..............................................................................................

Words: 13171 - Pages: 53

Cyber Terrorism: the American Response

...particularly insidious computer malware known as Blackshades have also been arrested. This software was sold and distributed to thousands of people in more than 100 countries and has been used to infect more than half-a-million computers worldwide. The U.S. government also help disrupt the GameOver Zeus botnet, one of the most sophisticated botnet that the U.S. government and its allies had ever attempted to disrupt. GameOver Zeus is believed to be responsible for the theft of millions of dollars from businesses and consumers in the U.S. and around the world. This effort to disrupt it involved notable cooperation with the private sector and international law enforcement. The Blackshades and GameOver Zeus arrests are part of an initiative launched by the Cyber Division to disrupt and dismantle the most significant botnets threatening the economy and national security of the United States. This includes law enforcement action against those responsible for the creation and use of the illegal botnets, mitigation of the botnet itself, assistance to victims, public service announcements, and long-term efforts to improve awareness of the botnet threat through community outreach. Botnets are said to cause more than $100 billion in losses globally, with approximately more than a hundred million computers infected each year (Federal Bureau of Investigation, 2014). The U.S government also works with the Canadian government to combat cyber terrorism. Both the American and Canadian......

Words: 1741 - Pages: 7


...Botnet’s The term bot is short for robot. Criminals distribute dangerous software known as malware that can turn your computer into a bot, also known as a zombie. When this happens your computer can perform automated tasks over the internet without you knowing it Criminals use bots to infect large numbers of computers. These infected computers form a network or a botnet. Which is a large number of infected computers Criminals use botnets to send out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. Botnet is a good reason to have a very good viruses protection on your computer. If your computer become part of a botnet , it might slow down and you might be helping criminals Large company’s here in the US have security breach by bots. January 2014 Target announced 70 million individual’s contact information had been taken during a breach in December 2013 where 40 million customer’s credit card and debit card information was stolen. Neiman Marcus announced that between July and October of 2013, credit card information of 350.000 individual’s was stolen and 9,000 of the stolen credit card information was used. There is a long list of company’s big and small. These heartless criminals attacked the Goodwill Industries between February 2013 and August 2014 malware infected the chain store through infected third party vendors. As cyber attacks on retail, technology and industrial company’s......

Words: 398 - Pages: 2