This document discusses botnets, which are collections of infected computers controlled by hackers. Botnets allow hackers to send spam emails, conduct DDoS attacks, and steal personal information. They are organized in a client-server or peer-to-peer structure. Key uses of botnets include spamming, DDoS attacks, and keylogging. The document also provides statistics on top spam-producing countries and recommends security best practices like keeping antivirus software updated and scanning attachments before opening.

1. BOTLAB
By: Anthony W. Stamm

2. What is a BOTNET?
• A botnet is a collection of infected computers that have been infected with a virus
to bring them under the control of one single hacker or organization.
• This ability to control a large botnet gives hackers and cybercriminals the ability
to send billions of spam emails, or orchestrate massive DDOS attacks at will.
• A single Bot program is normally very weak unless spread across more
computers.
• Botnets are designed to harvest data such as passwords, Social Security numbers,
credit card numbers, addresses, telephone numbers and other personal
information.
• A Botnet can have anywhere from a few hundred to thousands of devices at their
disposal.

3. What Are Botnets used For?
• Keylogging
A DDoS attack is an attack on the computers system or network that is usually focused on consuming the
networks bandwidth and overloading the computational resources of the victims system
Spamming is when an attacker is able to send massive amounts of bulk email (spam). Some bots also implement a
special function to harvest email-addresses. Often that spam you are receiving was sent from, or proxied through, a
family member’s old Windows computer sitting at home.
• Spamming
• Distributed Denial-of-Service Attacks (DDoS)
With the help of a keylogger it is very easy for an attacker to retrieve sensitive information. An implemented filtering
mechanism (e.g. "I am only interested in key sequences near the keyword 'usaa.com'") would further helps in
stealing secret data.

4. BOTNET ARCHITECTURE
Client–server
• A network based on the client-server
model, where individual clients
request services and resources from
centralized servers
• Star topology, in which the bots are
organized around a central server.
• Multi-server, in which there are
multiple C&C servers for redundancy.
• Hierarchical, in which multiple C&C
servers that are organized into tiered
groups.

5. BOTNET ARCHITECTURE
Peer-To-Peer (P2P)
• botnets have a random organization
and operate without a C&C server.
Bot software maintains a list of
trusted computers
• The lack of a command-and-control
server makes it less likely that
detection of a single bot can lead to
investigators taking down the entire
network.
• The work is distributed between
many nodes, allowing them to shift to
another node if one is taken down.
• Any node in the network can act as
both a client and a server.

6. Social Media
Hackers can use such aspects like Facebook in
order to spread the Botnets across the world
much like in 2013 where a Botnet called
Lecpetex which infected over 50,000
personal computers.
Hackers
Target
Host
Computer

7. Who's spamming us now?
• Websites like http://botlab.org/ are used in finding and tracking the current Bot
activity throughout the world.
The top three countries that experience the most spam volume are:
• India with 10.49% spam volume.
• USA with 7.69% spam volume
• Vietnam with 6.01% and increasing
The top three countries that experience the most Bot IPs volume are:
• India
• Brazil
• Russia

8. Protective Mindset
02
01
03
04
ANTI-VIRUS
Remember to keep it updated
FIREWALL
and other security software helps protect
ones system
Attachments
Scan and verify every attachment before
opening them
Mobile Devices
Are also at risk and can be used as Bots

9. YOU
THANK
FOR WATCHING