Active In SP
Joined: Nov 2009
24-11-2009, 08:23 PM
hi inned a report on botnet
Active In SP
Joined: Aug 2009
26-11-2009, 06:29 PM
A botnet or robot network is a group of computers running a computer application controlled and manipulated only by the owner or the software source. The botnet may refer to a legitimate network of several computers that share program processing amongst them.
Usually though, when people talk about botnets, they are talking about a group of computers infected with the malicious kind of robot software, the bots, which present a security threat to the computer owner. Once the robot software (also known as malicious software or malware) has been successfully installed in a computer, this computer becomes a zombie or a drone, unable to resist the commands of the bot commander.
A botnet may be small or large depending on the complexity and sophistication of the bots used. A large botnet may be composed of ten thousand individual zombies. A small botnet, on the other hand may be composed of only a thousand drones. Usually, the owners of the zombie computers do not know that their computers and their computers' resources are being remotely controlled and exploited by an individual or a group of malware runners through Internet Relay Chat (IRC)
There are various types of malicious bots that have already infected and are continuing to infect the internet. Some bots have their own spreaders - the script that lets them infect other computers (this is the reason why some people dub botnets as computer viruses) - while some smaller types of bots do not have such capabilities.
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Active In SP
Joined: Jun 2010
18-12-2010, 02:14 PM
Botnets.ppt (Size: 1.23 MB / Downloads: 227)
Presented By:Anup Satpathy
A botnet(also known as zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet.
A bot is a client program that runs in the background of a compromised host
DoS, ID Theft, Phishing, keylogging, SPAM
Spreading worms and viruses for Fun AND profit
Why is there so much spam?
Why are there so many worms and viruses?
What are the sources of denial of service attacks?
Why would anyone want to break into my computer?
Why don’t the people doing these things get arrested?
Fortify system against other malicious attacks
Disable anti-virus software
Stresses need to patch/protect systems prior to attack
Stronger protection boundaries required across applications in Operating Systems.
How they work :
The larger the botnet, the more approval the herder can claim to have among the underground community. The bot herder will also ‘rent’ the services of the botnet out to third parties, usually for sending out spam messages, or for performing a denial of service attack against a remote target.
Some bot commands
Search for sensitive info on bot’d hosts
Enable keylogger and look for Paypal or eBay account info
Money is the main driver :
Most botnet-related abuse is driven by financial considerations:
Viruses and worms are used to compromise systems to use as bots.
Bots are used to send spam to sell products and services (often fraudulent), engage in extortion (denial of service against online gambling, credit card processors, etc.), send phishing emails to steal bank account access.
Most of the spam messages are passed with “Links” requesting users to follow. Clicking the link will denote the system as vulnerable by the Spammer which will be further be sold to other sponsors.
Access to bots as proxies is sold to spammers, often with a very commercial-looking front end web interface.
Bots can be used to sniff traffic, log keystrokes, collect usernames and passwords, spreading malware, manipulate online polls, etc.
An IRC based, command and control(C&C) network of compromised hosts (bots)
Owners of zombie computers are usually unaware their machine is compromised
Most spam is sent from zombie computers
Used as the bots in many Botnets
Used to mount large scale DDoS attacks
IRC(Internet Relay Chat)
Real time Internet Chat (synchronous conferencing)
Designed for group conferencing
Can do private one-to-one messaging
Communications are facilitated via channels
Channels can be global to all servers or local to a single server in the network.
Bots are a special type of IRC client and are often used for performing automated administrative tasks for the net.
treated as a regular user by the servers but could be a trojan horse installed on a user machine, this constitutes a zombie.
E.g. Google IRC Bot which translates into other languages in runtime environment.
One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie computers(Botnet) taking instructions from a central point.
DoS is an attempt to make a computer resource unavailable to its intended users.
A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.
How to identify whether your Computer is a Botnet :
If your computer runs slower than normal.
If network activity in task manager shows abnormal rate most of the time.
If your antivirus program shuts off by itself.
Run Process Explorer and examine all the process to see if any process is running that does not run on your computer normally.
IRC operators play central role in stopping botnet traffic
Traffic fingerprinting still useful for identification(CAPTCHA)
Improve local security policy authentication practices to prevent password guessing attacks.
Update all systems and verify that all systems have accepted and installed the patches.
Every windows host needs a strong and active virus checker which also must have a scope given towards Spyware and Adware.
Law enforcement may be invoked, especially if the incident is considered serious for legal and financial reasons.
All outbound mails have to go through the official mail servers to prevent botclients from Spamming directly through internet.
Develop your sources of internal intelligence.
Botnets are the primary infrastructure of criminal activity on the Internet, used most heavily for spamming, phishing, DoS attacks, spreading Spywares and creating more bots.
An effective response to botnets in order to reduce spam, phishing, and denial of service requires a combination of policies and procedures, technology, and legal responses from network providers, ISPs, organizations on the Internet, and law enforcement and a sharp awareness among users.
Future botnets may move away from IRC. Move to P2P communication.
All of these components need to respond and change as the threats continue to evolve triggering Cyberterrorism.
“Information Technology” journal, August 2005, published by EFY.
IEEE journal on" security and privacy”
EC-Council – CEH Version 6
Mr. Sukalyan Das – Entrepreneur (Bhubaneswar)
Active In SP
Joined: Sep 2010
24-12-2010, 02:27 PM
An Advanced Hybrid P2P Botnet.doc (Size: 597.5 KB / Downloads: 123)
A “botnet” consists of a network of compromised computers controlled by an attacker (“botmaster”). Recently, botnets have become the root cause of many Internet attacks. To be well prepared for future attacks, it is not enough to study how to detect and defend against the botnets that have appeared in the past. More importantly, we should study advanced botnet designs that could be developed by botmasters in the near future. In this paper, we present the design of an advanced hybrid peer-to-peer botnet. Compared with current botnets, the proposed botnet is harder to be shut down, monitored, and hijacked. It provides robust network connectivity, individualized encryption and control traffic dispersion, limited botnet exposure by each bot, and easy monitoring and recovery by its botmaster. In the end, we suggest and analyze several possible defenses against this advanced botnet.
In the last several years, Internet malware attacks have evolved into better and more profit-centered endeavors. Email spam, extortion through denial-of-service attacks, and click fraud represent a few examples of this emerging trend. “Botnets” are the root cause of these problems. A botnet consists of a network of compromised computers controlled by an attacker or botmaster. The term botnet is derived from software robots, or bots . These bots can be controlled remotely to perform large scale distributed denial of service (DDoS) attacks, send spam, deliver Trojans, send phishing emails, distribute copyrighted media or conduct other illegal activities .
The unique feature of a botnet is its controlled communication network . Most bots have a centralized architecture. i.e., they are connected to a command and control (C&C) server. In such an architecture, the C&C server acts as a central point of failure for the botnet. That is, the entire botnet can be shutdown if the defender captures the C&C server .
Botmasters are now shifting to different architectures to avoid this weakness. In a peer-to- peer (P2P) architecture a node can act as a client as well as a server and there is no centralized point for command and control . A P2P botnet requires little or no formal coordination and even if a node is taken offline by the defender, the network still remains under the control of the attacker. Thus P2P bots have become the choice of architecture for botmasters .
Botnets are constantly evolving and are advancing towards more complex functionality and destructive capabilities. Until recently, the term botnet generally referred to a collection of IRC trojans, but today it can be any sophisticated network of malicious bots . A considerable amount of work has been done by bot writers in the following 2 areas:
• Design of new bot functionalities
In order to make bots stealthier and faster for propagation, bot writers have kept on adding newer functionalities to their existing bots. The trend shows that older bots were merely used for DDos (Distributed denial of service) attacks whereas newer bots have functionalities to send spams, sniff passwords, gather email addresses and credit card credentials.
Active In SP
Joined: Feb 2011
09-03-2011, 12:28 PM
botnet.docx (Size: 11.88 KB / Downloads: 95)
The term “botnet” is used to refer to any group of bots. It is generally a collection of compromised computers (called zombie computers) running programs under a common command and control infrastructure. A botnet’s originator can control the group remotely, usually through means such as IRC, for various purposes.
The establishment of a botnet involves the following:
Exploitation: . Typical ways of exploitation are through social engineering. Actions such as phishing, email, buffer overflow and instant messaging scams are common among infecting a user’s computer.
Infection: After successful exploitation, a bot uses Trivial File Transfer Protocol (TFTP), File Transfer Protocol (FTP), HyperText Transfer Protocol (HTTP) or IRC channel to transfer itself to the compromised host.
Control: After successful infection, the botnet’s author uses various commands to make the compromised computer do what he wants it to do.
Spreading: Bots can automatically scan their environment and propagate themselves using vulnerabilities. Therefore, each bot that is created can infect other computers on the network by scanning IP ranges or port scanning.
A botnet is nothing more than a tool. There are many different motives for using them. It is used in computer surveillance. A surveillance program installed on a computer can search the contents of the hard drive for suspicious data, can monitor computer use, collect passwords, and even report back to its operator through the Internet connection. They are used widely by law enforcement agencies armed with search warrants. There are also warrantless surveillance by such organizations as the NSA. Packet sniffing is monitoring of data traffic into and out of a computer or network. Other uses may also be criminally motivated (eg. Denial of service attack, key logging, packet sniffing, disabling security applications, etc.) or for monetary purposes (click fraud).
Active In SP
Joined: Feb 2011
28-03-2011, 10:14 AM
Roadrunners_Botnet.ppt (Size: 608 KB / Downloads: 127)
• network of infected hosts, under control of a human operator (botmaster)
• tens of thousands of nodes
• victims claimed by remote exploits
• use of Command & Control (C&C) channels
• used to disseminate botmaster's commands
Uses of Botnets
• ID Theft
• Ex. 1000 bots w/ 128KBit/s connection > many corporate systems
• IP distribution makes filtering difficult
Lifecycle of Botnet Infection
• IRC designed for both point-to-point and point-to-multipoint communication
• one-to-one, or one-to-group chat
• flexible, open-source protocol
• authenticate to IRC server via PASS message
• C&C channel authentication
• Botmaster authenticates to bot population to issue commands
• 400,000+ nodes
• 50+ Forture 500 companies
• 2x the size of ‘Storm’
• Used for spam (bots sending 500,000+ messages daily)
• Designed as image file
• Regular updates to binary
• C&C communication via customized UDP/TCP
• Able to generate new domain names if C&C is disabled
Methodology: Data Collection Architecture
Darknet routing to various parts of the internal network
Cross-infection prevention among honeypots
configuring honeypots in separate VLANSs
Termination of traffic across VLANs and gateways
Monitor and Analyze the malware traffic for infections
Dynamic rule insertion
block further inbound attack traffic towards honeypot that is infected
single malware instance honeypots due to lack of resources
Triggering re-imaging with clean Windows images
pre-filtering and control during downloads
local DNS to resolve queries
Methodology: Defense Points
With the methodology we now have the ability to model other types of bots.
Although methodology utilized Windows OS, we can model it for other platforms
The methodology analyzes all aspects of bots and botnets.
A multifaceted approach to understanding the Botnet Phenomenon
Results - I
Traffic directed to vulnerable ports
Botnets and Network types
DNS & IRC tracker views
Key Points based on results
Effective Botnet Sizes
Botnet Software Dissection
Insight from an “Insider’s View”
Honeynet group was the first to do an informal study
Freiling et al. on countering certain classes of DDoS attacks
Cooke et al. on prevalence of botnets by measuring elapsed time before an un-patched system was infected by a botnet
Barford et al. on an in-depth anaylsis on bot software sourcecode
Vrable et al. presented Potemkin, a scalable virtual honeynet system
Cui et al. presented RolePlayer—a protocol independent lightweight responder that tries to overcome some of these limitations by reverting to a real server when the responder fails to produce the proper response
Dagon et al. provide an initial analytical model for capturing the spreading behavior of botnets.
Long presence and few formal studies
One of the most severe threats to the Internet.
Our knowledge of botnet behavior is incomplete
To improve our understanding, we present a composite view
Results show that botnets are a major contributor to the overall unwanted traffic on the Internet
Botnet scanning behavior is markedly different from that seen by autonomous malware (e.g., worms) because of its manual orchestration
IRC is still the dominant protocol used for C&C communications
Use is adapted to satisfy different botmasters’ needs
Botnet footprints are usually much larger
Graybox testing technique enabled us to understand the level of
sophistication reached by bot software today
Thinking To Register
03-10-2012, 10:06 PM
plz send more detail information about botnet
Joined: Oct 2012
04-10-2012, 11:00 AM
to get information about the topic "Botnet" full report ppt and related topic refer the link bellow
|Possibly Related Threads...|
|Botnet: Seminar report||dhiraj27sd||5||2,408||
03-10-2012, 09:59 PM
Last Post: Guest
31-10-2011, 09:22 AM
Last Post: seminar addict
|botnet||karthi krishnan b||2||1,920||
31-10-2011, 09:21 AM
Last Post: seminar addict