BOTNETS

A BIGGEST THREAT TO INERNET

Presented By :

Ramesh kumar 08EBKIT049

A QUICK GLANCE         Introduction History How do they work ? Protocols What are they used for ? Types of BOTS Prevention Conclusion .

Runs autonomously and automatically.INTRODUCTION     Botnets are networks of computers taken hostage by malware that controls them and makes them to act in other nefarious ways. A "botnet" is a collection of computers that have been infected with remote-control remotesoftware. User unaware .

stacheldraht. kick a user out of a channel etc.HISTORY  Originally used in IRC as a way to allow automated tasks to be done ‡ Protect a channel. trinoo (1999) stacheldraht.  .  Eventually evolved into a way to automate malicious tasks Started with DoS/DDoS against DoS/ servers ‡ TFN.

Victim Botmaster 3. Bot connects to IRC C&C channel IRC Server . Soon channel to bots the botmaster has an army of bots to control from a single point 2.How do they work? Worm/Trojan program that's usually transmitted through a spam. Repeat. Botmaster sends commands through IRC C&C 4.

PROTOCOLS IRC HTTP P2P .

1000 new bots each day.     IRC hides IP¶S. Different botnets can be connected through IRC Botnets can be rented Botnet controller is always unidentified.SOME IMPORTANT POINTS  Size of Botnets: 50.000 or more BOTS in a single botnet. .

MALICIOUS ACTIVITIES       Distributed Denial-of-Service (DDoS) Denial-of(DDoS) attacks. Spamming Sniffing Keylogging Spreading new malware Mass identity theft (Phishing) .

GOOD APPLICATIONS  Online games/Polling Instant Messenger Search Engines   .

000 PCs in total. which together peaked at 45Gbps DDoS traffic.  The 15.EXAMPLE  DDoS attack on an Asian ecommerce company in Nov. .000 requests per second were performed by a botnet of 250. 2011  According to security company Prolexic it was the largest DDoS attacks in 2011  Prolexic refused to tell name of cpmpany because of a trust agreement with the company.

Easily extended for malicious purposes.000 lines c/c++ code c/c++ IRC based command/control. Traffic sniffers/key logging. ‡ Scanning ‡ DoS Attacks ‡ Sniffers  . 20. SDBot: SDBot: Simpler than Agobot. 2. NonNon-malicious at base.TYPES OF BOTS  Agobot: Most sophisticated.000 lines C code. Capable of many DoS attack types .

.  GT Bot: Functions based on mIRC scripting capabilities. HideWindow program hides bot on local system. Possibly evolved from SDBot . Similar command/control engine. No attempts to hide malicious purposes. Port scanning. DoS attacks.000 lines C code. exploits for RPC .TYPES OF BOTS  SpyBot: <3.

Cont«  .  Being cautious about opening any attachments or downloading files from emails you receive. automatically.PREVENTION Using anti-virus and anti-spyware software antiantiand keeping it up to date. date.  Setting your operating system software to download and install security patches automatically. Internet.  Using a firewall to protect your computer from hacking attacks while it is connected to the Internet.

 Taking action immediately if your computer is infected.  Downloading free software only from sites you know and trust. computer. trust.PREVENTION Disconnecting from the Internet when you're away from your computer. infected.  .

CONCLUSION  Botnet a large army of networked computers.  Hence biggest threat to INTERNET .  Works automatically and autonomously.  Used in many malicious activities.

THANK YOU .

Sign up to vote on this title
UsefulNot useful