number of devices are infected attackers take control of the bots with two

Number of devices are infected attackers take control

This preview shows page 2 - 6 out of 11 pages.

number of devices are infected, attackers take control of the bots withtwo approaches: client/server and peer-to-peer botnet. Client/Server: attackers set up a command-and-control (C&C) server and send automated commands to infected botnet clients via a communications protocol. Below is a diagram of a C&C architecture.Figure 1. Botnet client/server approach
Background image
Peer-to-peer botnet: The infected devices are programmed to scan formalicious websites or other devices in the same botnet, then the bots can share updated commands for the most recent versions of the botnet malware.Since law enforcement agencies use C&C communications to keep an eye on botnet operations, attackers nowadays use the peer-to-peer approach to avoid any detection by the law.Figure 2. Peer-to-Peer Botnet Approach
Background image
2.4Botnet History and AttacksIn 2000, the Global Threat bot or GTbot was based on the mIRC client, this allowed to run custom scripts in response to IRC events and had access to raw TCP and UDP sockets for DDoS attacks. SDBot and Agobot debuted in 2002, SDBot was written in C++ and its source code was made widely available. Agobot introduced stagedattacks as payloads were delivered in sequences. First it installs a back door, then it attempts to disable antivirus software, and finally itblocks access to the websites of security vendors. The Spybot in 2003 was an advanced version of the SDBot and introduced new functions such as keylogging, data mining, and SPIM(Instant Messaging Spam). The Zeus malware was founded in 2007, one of the best known and highly used malware types. It uses a Trojan horse program to infect
Background image
weak devices and systems, and variations have been made to use CryptoLocker ransomware.Miari came in late 2016, and produced DDoS traffic through wirelessrouters and CCTV cameras. It’s designed to scan the Internet for unstable connected devices, and avoid IP addresses that belong to major corporations such as the U.S. Department of Defense. Mirai’s source code was later released publicly for use.2.5Preventing Botnet AttacksSince botnets have become more complex, organizations have movedaway from the C&C infrastructure to monitor attackers. The latest strategies are identifying and removing botnet malware infections at the main devices, identifying and replicating the peer-to-peer communication methods, and disrupting the monetization schemes.
Background image
Image of page 6

You've reached the end of your free preview.

Want to read all 11 pages?

  • Spring '16
  • Xia

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture