SlideShare a Scribd company logo

Bots and Botnet

Download as PPTX, PDF
Hicube Infosec
Hicube Infosec

1. Bots are malware infected computers controlled by attackers to form botnets. 2. Botnets are used to conduct DDoS attacks, spamming, identity theft and distribute other malware. 3. Botnets are controlled through command and control channels like IRC or HTTP and can consist of thousands of compromised computers forming a large network.

Related slideshows

Botnet Detection in Online-social Network
Botnet Detection in Online-social NetworkBotnet Detection in Online-social Network
Botnet Detection in Online-social Network
 
Botnets
BotnetsBotnets
Botnets
 
Botnets
BotnetsBotnets
Botnets
 
1 of 16
Bot and Botnets By : Sitanshu Dubey Security analyst and researcher Hicube Infosec Pvt. Ltd. E-mail: sitanshu@hicubes.com
Session Flow o Introduction o Type of Attacks o History of Botnet o Type of Botnet o Working o Some Stats o Prevention o Conclusion
Introduction o Bots : Bots are short form of ‘robots’ which works on commands given by the Administrator. Here bots are refer to malware infected computers which is controlled by a hacker.
Introduction o Botnet : Botnet is a network of infected computers which works on commands issued by attackers. OR Botnet is a group of bots which is controlled by an attacker.
Type of Attacks o DDoS Attacks o Spamming o Key Logging o Identity Theft o Phishing o Click Fraud o Distribution of Malwares (Spyware/Adware)
History of Botnet o Originally used in IRC as a way to allow automated tasks to be done. o Eventually evolved into a way to automate malicious tasks. o Started with DoS/DDoS against servers. TFN, stacheldraht, trinoo (1999)
Types of Botnet o IRC Based Botnet : o HTTP Based Botnet: o P2P Based Botnet:
Working 1. Worm/Trojan program that's usually transmitted through a spam.
Working 1. Worm/Trojan program that's usually transmitted through a spam. 2. Bot connects to IRC C&C channel
Working 3. Botmaster sends commands through IRC C&C channel to bots
Working 4. Repeat. Soon the botmaster has an army of bots to control from a single point
Some Stats o DDoS attack on an Asian e-commerce company in Nov. 2011 o According to security company Prolexic it was the largest DDoS attacks in 2011 o The 15,000 requests per second were performed by a botnet of 250,000 PCs in total, which together peaked at 45Gbps DDoS traffic.
Some Stats o The DDoS attack was launched against Spamhaus , an organization that stops spam emails from getting to people’s inboxes, apparently by one or more of groups whose spam was being targeted, on 26 March 2013. o It is the Biggest Cyber Threat till the date.
Examples Some popular loaders are here: o Zeus Bot (Http Based) o VertexNet (Http Based) o SpyEye (Http Based) o GT Bot (IRC Based)
Prevention o Using anti-virus and anti-spyware software and keeping it up to date. o Using a firewall to protect your computer from hacking attacks while it is connected to the Internet. o Setting your operating system software to download and install security patches automatically. o Being cautious about opening any attachments or downloading files from emails you receive.
Conclusion o Attacker remains anonymous and hard to trace. o Used in many malicious activity. o It’s a biggest threat of internet. o Works automatically and autonomously

More Related Content

Bots and Botnet

  • 1. Bot and Botnets By : Sitanshu Dubey Security analyst and researcher Hicube Infosec Pvt. Ltd. E-mail: sitanshu@hicubes.com
  • 2. Session Flow o Introduction o Type of Attacks o History of Botnet o Type of Botnet o Working o Some Stats o Prevention o Conclusion
  • 3. Introduction o Bots : Bots are short form of ‘robots’ which works on commands given by the Administrator. Here bots are refer to malware infected computers which is controlled by a hacker.
  • 4. Introduction o Botnet : Botnet is a network of infected computers which works on commands issued by attackers. OR Botnet is a group of bots which is controlled by an attacker.
  • 5. Type of Attacks o DDoS Attacks o Spamming o Key Logging o Identity Theft o Phishing o Click Fraud o Distribution of Malwares (Spyware/Adware)
  • 6. History of Botnet o Originally used in IRC as a way to allow automated tasks to be done. o Eventually evolved into a way to automate malicious tasks. o Started with DoS/DDoS against servers. TFN, stacheldraht, trinoo (1999)
  • 7. Types of Botnet o IRC Based Botnet : o HTTP Based Botnet: o P2P Based Botnet:
  • 8. Working 1. Worm/Trojan program that's usually transmitted through a spam.
  • 9. Working 1. Worm/Trojan program that's usually transmitted through a spam. 2. Bot connects to IRC C&C channel
  • 10. Working 3. Botmaster sends commands through IRC C&C channel to bots
  • 11. Working 4. Repeat. Soon the botmaster has an army of bots to control from a single point
  • 12. Some Stats o DDoS attack on an Asian e-commerce company in Nov. 2011 o According to security company Prolexic it was the largest DDoS attacks in 2011 o The 15,000 requests per second were performed by a botnet of 250,000 PCs in total, which together peaked at 45Gbps DDoS traffic.
  • 13. Some Stats o The DDoS attack was launched against Spamhaus , an organization that stops spam emails from getting to people’s inboxes, apparently by one or more of groups whose spam was being targeted, on 26 March 2013. o It is the Biggest Cyber Threat till the date.
  • 14. Examples Some popular loaders are here: o Zeus Bot (Http Based) o VertexNet (Http Based) o SpyEye (Http Based) o GT Bot (IRC Based)
  • 15. Prevention o Using anti-virus and anti-spyware software and keeping it up to date. o Using a firewall to protect your computer from hacking attacks while it is connected to the Internet. o Setting your operating system software to download and install security patches automatically. o Being cautious about opening any attachments or downloading files from emails you receive.
  • 16. Conclusion o Attacker remains anonymous and hard to trace. o Used in many malicious activity. o It’s a biggest threat of internet. o Works automatically and autonomously