BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

Similar documents
BotNets- Cyber Torrirism

Using big data analytics to identify malicious content: a case study on spam s

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

About Botnet, and the influence that Botnet gives to broadband ISP

Data Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd Riga. Baltic IT&T

Information Security Threat Trends

ENEE 757 CMSC 818V. Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park

Botnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno

Current Threat Scenario and Recent Attack Trends

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Innovations in Network Security

Threat Events: Software Attacks (cont.)

6. ecommerce Security and Payment Systems. Alexander Nikov. Teaching Objectives. Video: Online Banking, Is It Secure?

Seminar Computer Security

Countermeasures against Bots

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013

Different Types of Adware and Services

Emerging Security Technological Threats

Network attack and defense

SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning

Symantec enterprise security. Symantec Internet Security Threat Report April An important note about these statistics.

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Security A to Z the most important terms

A Critical Investigation of Botnet

The Underground Economy of the Pay-Per-Install (PPI) Business

Spyware. Summary. Overview of Spyware. Who Is Spying?

Current counter-measures and responses by CERTs

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks

Stopping zombies, botnets and other - and web-borne threats

Promoting Network Security (A Service Provider Perspective)

A TASTE OF HTTP BOTNETS

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Mobile Malware Network View. Kevin McNamee : Alcatel-Lucent

Denial of Service (DoS)

Ethical Hacking & Cyber Security Workshop

The SMB Cyber Security Survival Guide

CS 356 Lecture 9 Malicious Code. Spring 2013

Protecting your Identity, Computer and Property

David Gamez IUA and the Autumn 2007 Security

WEB ATTACKS AND COUNTERMEASURES

Detailed Description about course module wise:

Course Content: Session 1. Ethics & Hacking

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

Security Incidents And Trends In Croatia. Domagoj Klasić

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

ITU WSIS Thematic Meeting on Countering Spam: The Scope of the problem. Mark Sunner, Chief Technical Officer MessageLabs

The anatomy of an online banking fraud

CEH Version8 Course Outline

Computer Protection. Computer Protection. Computer Protection 5/1/2013. Classic Battle of Good vs Evil. David Watterson & Ross Cavazos

Tips to help you stay safe online

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

GlobalSign Malware Monitoring

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

BE SAFE ONLINE: Lesson Plan

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft

ACS-3921/ Computer Security And Privacy. Lecture Note 5 October 7 th 2015 Chapter 5 Database and Cloud Security

DDoS Attacks Can Take Down Your Online Services

24/7 Visibility into Advanced Malware on Networks and Endpoints

Property of Secure Network Technologies-Do Not Distribute or Post Without Written Permission-Copyrights and Trademark Apply

CRYPTUS DIPLOMA IN IT SECURITY

Security Business Review

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

(General purpose) Program security. What does it mean for a pgm to be secure? Depends whom you ask. Takes a long time to break its security controls.

National Cyber Crime Unit

Computer Security DD2395

Cybercrime. Crime and Cybercrime. Examples of Cybercrime. Illegal, immoral, unethical

Corporate Account Takeover & Information Security Awareness. Customer Training

EC Council Certified Ethical Hacker V8

Detecting peer-to-peer botnets

WHITE PAPER. Understanding How File Size Affects Malware Detection

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Streamlining Web and Security

Malicious Network Traffic Analysis

CYBERTRON NETWORK SOLUTIONS

COB 302 Management Information System (Lesson 8)

Windows Malware Annual Report 2014 And prognosis 2015

Presented by:!!dave Kennedy (RELIK)"!!!!!Ryan Macfarlane "

Network Incident Report

Malware. Björn Victor 1 Feb [Based on Stallings&Brown]

Spyware: Securing gateway and endpoint against data theft

Tespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report

Operation Liberpy : Keyloggers and information theft in Latin America

Transcription:

BOTNETS Douwe Leguit, Manager Knowledge Center GOVCERT.NL

Agenda Bots: what is it What is its habitat How does it spread What are its habits Dutch cases Ongoing developments

Visibility of malware vs malicious intent visibility and malicious intent fame and glory visibility mass-mailers (I love you, bugbear) Typosquatting Malicious intent worms (slammer, blaster) Phishing cybercrime highly profitable Botnets drive-by exploits directed trojans extended virus families crime Rootkits time

Bots What is it autonomous program (robot) performs actions without user intervention good or bad? in the security world: bot = mostly bad used for malicious / criminal purposes modular keyloggers, backdoors, packet sniffers update functionality large # of bots under one control = botnet

Bots - habitat bots prefer broadband bots are not picky, but prefer more recent OS unprotected / under protected machines Targets: home computers corporate networks government agencies universities..

Bots - spreading two tier approach [1] get a foothold [2] scan for more victims bots use a variety of vectors drive-by infection (exploiting vulnerabilities in browsers) network infection, scansploit (lsass, dcom, asn.1 etc ) IM, P2P (mostly useful for home computers) e-mail

Bots - spreading Lure end users into the trap using e.g. Spam

Bots - spreading Scanning for vulnerabilities and exploiting them

Bots - spreading And install a trojan dropper

Bots - spreading That downloads the bot software

Bots - spreading All bots together under one command and control server is called a botnet

Bots spreading Peer-to-Peer technology makes the botnet resilient to dismantling the Command and Control server

Bots - spreading Combination of Classical CNC and P2P is possible

Bots habits (2) Multi-functional: http useful for phishing smtp useful for spam and phishing webserver repository - piracy / data drop off ddos agent extortion packet sniffing / key logging / screen capturing information harvesting (serials, CD keys, banking info)

Bots- botconomics phishing and scams spam fake websites proxies Botnet-PC s ddos-attacks virusses, worms, backdoors, Information Harvesting

CASE 1: Toxbot - botnet Large botnet, made in Holland Conviction early 2007 Public Prosecutor: ten thousands of compromised computers, but probably millions extortion creditcard and transaction data stolen confidence in internet affected Press release: 1.5 Million unique IP addresses

Toxbot botnet information Bots reside in: Italy Netherlands France USA Belgium UK Eastern Europe Middle East

What it sniffed Banks ebay PayPal Hotmail / MSN Messenger Airlines / Various travel agencies Several Universities Yahoo! / Google Mail / Webmail in general Including.gov.cn,.gov.ae,.gov.in, etc Medical Transcription Services / Online pharmacies / Hospitals Online games / Poker / Betting Online dating / sex sites... & much more.

Bots - Scam and Spam Still very profitable Increase in targeted spam and scam

CASE 2: SPAM via botnet Conviction of a Dutch spammer febr. 2007 9 billion spam emails In 14 months He used a botnet of only 700 zombie pc s!

CASE 3: ddos via botnet Early October 2004 Target: several public government sites ddos attack almost for a week They used a botnet of 4000 bots! ddos: distributed Denial of Service

Overheid.nl 3 October 2004 Example

Bots - developments Botnets are the infrastructure for Cyber Crime Criminals will protect their assets Recent activity in the P2P space Encryption and root kit technology introduced Focus on small botnets to prevent detection Development is a professional business Improvement on functionality

Thank you! Douwe Leguit Douwe.Leguit@govcert.nl

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information