Botnets summary

Currently, bots pose a threat to individuals and corporate environments. They are often used for DDoS attacks, to send spam, and as spyware to steal sensitive information from the victim's machine. Since an attacker can install programs of his choice on the compromised machines, his proceedings are arbitrary.

Virtual Honeypots: From Botnet Tracking to Intrusion Detection Download the entire chapter in full as a .pdf file

There are several methods to defend networks and computer systems against this threat. The methods either aim at proactively disrupting the communication flow between bots and the C&C server, or detecting signs of a successful invasion. In this chapter we showed how to use honeypots to collect more information related to a botnet. With the help of nepenthes or other honeypots, we can capture the bot binary. By analyzing this valuable information, we can learn more about the botnet itself. Based on this information, we can then observe it and try to mitigate the threat. The important point here is that we are able to automate most of the collection steps with the help of honeypots. Since botnets are an automated threat, we also need an automated countermeasure.

More research is needed in this area. Current botnets are rather easy to stop due to their central C&C server. But in the future, we expect other communication channels to become more relevant, especially P2P-based C&C communication.We have seen the first bots that use such communication channels with Sinit [30], Nugache [59], and Storm Worm [93], but presumably the future will bring many more of these types of malware.

Some academic papers also deal with botnets, and you can find more information about this threat in the studies by Rajab et al. [71] and Cooke et al. [11]. Moreover, one conference focused solely on botnets: the First Workshop on Hot Topics in Understanding Botnets (HotBots'07) took place in April 2007 and the proceedings are available online.

Virtual Honeypots: From Botnet Tracking to Intrusion Detection
  Home: Virtual honeypots: Tracking botnets
  1: Bot and botnet 101
  2: Tracking botnets
  3: Case studies
  4: Defending against bots
  5: Summary

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Computer Viruses, Worms and Malware What is the future of antivirus or antimalware software? Checklist: Five steps to assessing a customer's antivirus protection Top security book excerpts of 2007 Virtual honeypots: Tracking botnets Tracking botnets Defending against bots Case studies SSCP Domain 7: Malicious code -- Blocking file extensions Trend Micro warns of substantial Trojan attack Symantec integrates antivirus, endpoint protection and data leak prevention Chapter Downloads Testing the firewall - Introduction Check Point NGX R65 operational changes Common injection attacks Top security book excerpts of 2007 Google Hacking: Ten security searches that work Virtual honeypots: Tracking botnets Tracking botnets Case studies Defending against bots Defining access directions through firewalls

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary