You are on page 1of 4

ThaiCERT: Thai Computer Emergency Response Team

:
: .
: 10 2548
1.
(BOTNET) roBOT NETwork

(Malware)



(Spam Mail) Phishing (
http://www.thaicert.nectec.or.th/paper/basic/phishing.php)



.. 2548
Kaspersky Lab
50,000

ADSL





2. ?
(Bot)


IRC (Internet Relay Chat)



Zombie Master Machine

IRC
IRC


IRC



(Zombie Machines)


3.





IRC
DNS


1 4

IRC


IRC
IRC

IP IRC
DNS

DNS
4.
IRC
DNS

(Zombie Machine)

1.
IRC

6.
3.

(Zombie Master Machine)


2. IRC

5.

IRC



peer-to-peer

DNS

IRC

(zombie master machine) IRC


DDoS (Distributed Denial of Service)




IP IP Spoofing




(Backdoor)


2 4



IRC




(Kernel) (Application) Root Kits
Rbot


4.


.. 2547
Google Yahoo! DDoS (Distributed Denial of Service)




IRC

IRC

DDoS



(Internet Service Provider
ISP)

DNS







CD keys





DDoS


3 4

DDoS






(
)
5.

-


(Chat) IRC, ICQ
Pirch

(patch) Internet
Explorer

http://www.thaicert.nectec.or.th/paper/microsoft/winxpupdate.php

security zone Internet Explorer high


http://www.thaicert.nectec.or.th/paper/virus/zone.php



IRC


DNS IRC

http://www.thaicert.nectec.or.th/paper/spyware/AdawareHowToEliminateSpywareFinal.pdf

6.
http://swatit.org/bots/
http://www.kaspersky.com/
http://zine.dal.net/previousissues/issue22/botnet.php
http://news.netcraft.com/archives/2004/09/08/botnet_with_10000_machines_shut_down.ht
ml
http://en.wikipedia.org/wiki/Botnet
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1082571,00.html?tr
ack=NL-102&ad=512198
http://www.eweek.com/article2/0,1759,1816972,00.asp


4 4