This was mainly done first, to avoid signature detection by network intrusion detection systems such as snort (Roesch, 1999) and second, to reduce the initial infection size of the bot binary to make it less traceable while using drive-by-download attacks. Unlike the initial advanced botnets such as Agobot which carried a list of exploits to perform on a vulnerable host and its entire command set at the time of initial infection, every advanced bot today uses multiple stages in order to form a botnet (Schiller et al., 2007 Gu et al., 2007).
We provide the necessary background needed to understand botnets such as the offensive techniques utilized by botnets the defensive techniques developed by researchers and also focus on a mobile agent based technique to detect infected hosts. This chapter will cover a concise survey of botnet detection systems as well as provide a novel mobile-agent based method that has been adapted from mobile-agent based intrusion detection systems, for handling botnets. As can be seen, the far reaching effects of malicious intentions of botnets and their masters are a real threat. Eventually the funds are transferred to accounts that leave no trails (Nazario & Holz, 2008).īotnets such as Storm have been known to infect over 2 million hosts while Conficker has infected over 9 million hosts according to some estimates. For example, the sites could host content which looks like a banking site requesting for login details credentials which when entered by the user, can be used by the botmaster to access legitimate banking sites. In a phishing scam, botnets are responsible for acting as web proxies or web servers to deliver hoax site content to benign users to gather their e-banking or credit card credentials. These spam messages could advertise pharmaceutical products and may also deliver further infection execu As noted in numerous papers (Provos et s via email links or attachments to recruit more bots, as done by botnets such as Storm and Waledac. For example: a node which is part of a spam botnet could be sent a list of email addresses to spam for the day with a payload of the spam that is to be mailed. In a spam campaign, the nodes that form the bot network are responsible for sending spam by behaving as spam relay points, delivering spam mails to a list of intended victim email addresses selected by the botmaster. In a botnet DDoS attack, the botmaster can command all its bots to attack a particular server (example: ) at a particular date, time and for a duration via a malicious or anonymous proxy used as a stepping-stone to hide the actual commanding node. Some of the prominent malicious tasks that can be credited to botnets include DDoS (Distributed denial-of-service), spam, phishing, ransomwares and identity theft. The appearance of botnets in the internet scene over the last decade, and their ever changing behavior has caused real challenges that cannot be easily remedied.Īccording to literature, a botnet is defined to be a set of infected hosts (also called bots or zombies) that run autonomously and automatically, controlled by a botmaster (bot herder) who can co-ordinate his/her malicious intentions using the infected bots. So has the need to protect our vast personal information accessible via web interfaces such as online passwords, corporate secrets, online banking accounts, and social networking accounts like Facebook. Today, our dependence on the internet has grown manifold.
0 kommentar(er)
