2. Overview
What is a BotNet?
Internet Relay Chat
How to become part of a BotNet?
What damage can they do?
How to combat them?
3. What is BotNet?
Bot or Zombie computer.
Programs which respond autonomously to
particular external events are bots.
Network of Bots is BotNet.
Operator giving instructions to only a small number of
machines. These machines then propagate the
instructions to other compromised machines, usually
via IRC.
4. Types of Bots
Some popular Bots :
GT-Bot
Global Threat bot based on IRC clients for window.
Used to control the activity of the remote system.
AgoBot
Most popular bots used by crackers.
It is written in C++
It provides many mechanisms to hide its presence on the host
computer
5. Types of Bots
DSNX
Dataspy Network X bot
Written in C++
New functionality to this bot is very easy and its simple plug–in
architecture.
SDBot
Written in C
Unlike Agobot, its code is not very clear and the software itself
comes with a limited set of features
6. Internet Relay Chat
IRC stands for Internet Relay Chat.
Protocol for real time chat communication.
Based on Client-Server Architecture.
IRC user communication mode
Public
Private.
Flexible & allow user to hide identity.
8. Elements of An AttaCk
An attacker first spreads a trojan horse, which infects
various hosts. These hosts become zombies and
connect to the IRC server in order to listen to further
commands.
The IRC server can either be a public machine in one
of the IRC networks or a dedicated server installed by
the attacker on one of the compromised hosts.
Bots run on compromised computers, forming a
botnet.
9. How to become part of
BotNet
Trojans
Spread by social engineering (Spam, Software Download)
email attachment
SMTP engine
Direct infection
Scan and exploit (Blaster…)
Exploit
Spread by social engineering (Phishing)
Bad luck (visit the wrong site…)
10. What damage can they do?
1. DDoS
Victim is flooded with more request than it can
handle.
used to damage or take down a competitor’s website.
Example:
On-line gambling sites (e.g. Total bet)
Anti DDoS by utilising widely distributed DNS and Hosting servers
Hit by DDoS towards their DNS, affected 4% of their customers
11. Fraud
Pay per click adware
Harvest large number of Bots to spread adware
Collect Banking details, selling credit card numbers by the
thousand
Identity Theft ($25 up to $200 for identity with a
good credit record)
Use of resources
Proxy
Spam
DDoS
12. How to Combat them?
Firewalls/AV
Desktop management
Education
Secure OS
Law enforcement
National high tech crime unit
FBI
13. How to Combat them?
Netstat
Flexible tool available both for Windows and UNIX systems.
Its main function is control of the active ports
Netstat examines listening TCP and UDP ports.
Provides detailed information on network activity.
14. Questions ? & Summary
Botnets
What they are
How they grow
What they do
How to combat