P. 1
Botnet and Worms

Botnet and Worms

|Views: 72|Likes:
Published by Apurba Dhungana

More info:

Published by: Apurba Dhungana on Nov 05, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PPT, PDF, TXT or read online from Scribd
See more
See less





Malware: Botnets and Worms

By Apurba Dhungana

- Introduction - History - LifeCycle - Security Threat - Prevention Techniques - Detection Techniques - Conclusion

Bots are controlled by the bot herder by using one or more C&C server.Botnets -It is collection of compromised system/computers That is taken by malicious software.trojan horse or other back door. .Bots is generally installed in on system through malware. . .worms. .Controlled by one person or group of people.

.Trinoo. .Originated as useful feature for carrying out repetitive task and time consuming operation.Stacheldraht(2000) started attacks. .First Bot program was eggdrop created by Jeff Fisher in 1993 was useful for Internet relay Chat.History .Nowadays evolved for a malicious intent.TFN. DDOS .

According to USToday 40 percent of the 800 million computer connected to the Internet are bot that used to send a spam.Ago Bot. virus and mine personal data.Attacker create different way to control bot by Using P2P and IRC. . .Spam Thru. . Bagle etc average spam email send by these bot per day ranges from million to more then ten billion message. SD Bot.Botnet has become a buisness. .History .

Botnet Lifecycle 1) Spread Phase 2) Infection Phase 3) Command and Control 4) Attack Phase .

Botnet Lifecycle Figure 1: Life Cycle Of Botnet Source: Intel Corporation 2009 .

g Phatbot.g Agobot.Rbot.Sinit.Botnet Command And Control(C&C) Techniques 1) Centeralized Command and Control Technique e.SDbot.Zobot. 2) P2P Command and Control Technique e. .

Identity Theft .Security Threats From Botnet .Hosting Illegal Material .Spamming .Distributed Denial Of Service(DDos) Attack .Phishing and Identity Theft .Click Fraud .

. .System must be upto date by installation of OS updates and patches. .games or other illegal material available online they may contain malicious code.Prevention Technique .Use of Firewalls and antivirus/anti spyware program.Do not use pirated software.Use Of CAPTCH Test for website and otherservices to prevent against botnet. . .High level of awareness about on line security and privacy.

By monitoring the network.Detection Technique . . such .duration and timing.Use of Honeypot. .Use IDS technique to watch DOS/Attacks traffic coming from a your network. -Examine the flow characteristic bandwidth.

Virus require some sort of user action to start propagation. .What is . .Computer worm is a independent program that reproduce across a network by exploiting a security flaws.

once executed it will spread through 50 address in outlook address book.it exploit the buffer overflow vulnerabilities.The term worm was applied to self replicating computer program by John Bruner sci fi novel shock wave rider´.I LOVE YOU (2000) est damage $ 8.History . damage $1.First worm was Morris Worm that was developed in 1988 by a Yale computer science student.75 billion . .1 billion Using holes in microsoft outlook. ³The .Melissa (1999) est. .

NIMDA(2001) est damage $645 million Advance feature and different means of propogation.6 billion Exploit the vulnerabilities in IIS.History Instead of sending a copy of worm to first 50 address in the host like melissa it used a every single address of the host to send. . Also launch DOS attacks.provide a command line control to who know the web server is compromised.First worm that has Email program.it do not depend upon Host email program to propagate.it overwrote a important files and download Trojan Horse that will steal information. Code Red (2001) est damage 2.

Target acquisition .Initialization Phase .Network Reconnaissance .Attack .Worms Life Cycle .Payload Activation Phase .Network Propagation Phase .Dormant Phase .

In the initialization phase worms install in victim machine copy the necessary files into memory and hard drive.Initialization Phase .Worms also try to disable the antivirus or firewall. . .Phase complete machine is infected. .

Common payload is DDOS attack. . .Payload Activation Phase .It unleashes the attack towards the another target or host itself.

Have hitlist or PRNG. .It is phase where a worms concentrate on spreading to other machine.victim harddrive for email address. .I LOVE YOU use victim address book.NetSky search for the webfiles on the . .Target Acquisition .Three sub phases .In worms create a list of systems to infect. .Crucial phase for success of worm .Network Propagation Phase .

.Attack Sub-Phase .It is a period of time where worm become inactive may be temporary phase or end of worms life cycle.In this phase it find out vulnerable host Using list of IP address generated by Target acquisition phase.Dormant Phase . . .Successful attack will lead to intializatiton phase in target machine.Network Reconnaissance Sub Phase ..Worms try to take control of the identified host. .

attacks by Sean Lau .Figure 2 Life Cycle Of worms Source:Internet Worms threats.

Data Damage . .Distributed Denial Of Service Attack.Compromising a computer system .Install Rootkits or Backdoor programs .Other malicious activities .Security Threats from Worms .

Defense Mechanism User User Education(Social Engineering) Application Transport Apply patches to prevent buffer overflow Identify Monitor and Protect Changing the configuration of software Block ports that vulnerable Securing the point of communication Focus on packets transmitted in network Authorization Enforcement Facility Network DataLink Physical Cut the wire .

Questions? .

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->