SlideShare a Scribd company logo

Botnet

Download as PPTX, PDF
lokenra
lokenra

What are the Botnets? Description of what are botnets and how they works. what are the known botnet attacks.and architecture of botnets. slides also describes some prevention steps from botnet attack.

Engineering
1 of 15
BTIT603: Cyber and Network Security Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore1 Botnet
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore2  Botnets have become one of the biggest threats to security systems today. Their growing popularity among cybercriminals comes from their ability to infiltrate almost any internet-connected device, from DVR players to corporate mainframes.  Botnets are also becoming a larger part of cultural discussions around cyber security. Facebook’s fake ad controversy and the Twitter bot fiasco during the 2016 presidential election worry many politicians and citizens about the disruptive potential of botnets. Recently published studies from MIT have concluded that social media bots and automated accounts play a major role in spreading fake news.  Aside from being tools for influencing elections and mining cryptocurrencies, botnets are also dangerous to corporations and consumers because they’re used to deploy malware, initiate attacks on websites, steal personal information, and defraud advertisers.  It’s clear botnets are bad, but what are they exactly? And how can you protect your personal information and devices?
What is Botnet? Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore3  To better understand what botnets are and how botnets function, consider that the name itself is a blending of the words “robot” and “network”. In a broad sense, that’s exactly what botnets are: a network of robots used to commit cyber crime.  The term botnet is derived from the words robot and network. A bot in this case is a device infected by malware, which then becomes part of a network, or net, of infected devices controlled by a single attacker or attack group. The cyber criminals controlling them are called botmasters or bot herders.  Botnets are the workhorses of the Internet. They’re connected computers performing a number of repetitive tasks to keep websites going.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore4  What you need to be careful of are the illegal and malicious botnets. What happens is that botnets gain access to your machine through some piece of malicious coding. In some cases, your machine is directly hacked, while other times what is known as a “spider” (a program that crawls the Internet looking for holes in security to exploit) does the hacking automatically.  More often than not, what botnets are looking to do is to add your computer to their web. That usually happens through a drive-by download or fooling you into installing a Trojan horse on your computer. Once the software is downloaded, the botnet will now contact its master computer and let it know that everything is ready to go. Now your computer, phone or tablet is entirely under the control of the person who created the botnet.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore5 Once the botnet’s owner is in control of your computer, they usually use your machine to carry out other nefarious tasks. Common tasks executed by botnets include: 1. Using your machine’s power to assist in distributed denial-of- service (DDoS) attacks to shut down websites. 2. Emailing spam out to millions of Internet users. 3. Generating fake Internet traffic on a third-party website for financial gain. 4. Replacing banner ads in your web browser specifically targeted at you. 5. Pop-ups ads designed to get you to pay for the removal of the botnet through a anti-spyware package. 6. The short answer is that a botnet is hijacking your computer to do what botnets do -- carry out mundane(boring, tedious) tasks -- faster and better.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore6 Source of image: https://searchsecurity.techtarget.com/definition/botnet
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore7  Once the desired number of devices is infected, attackers can control the bots using two different approaches. The traditional client/server approach involves setting up a command-and- control (C&C) server and sending automated commands to infected botnet clients through a communications protocol, such as internet relay chat (IRC). The bots are often programmed to remain dormant and await commands from the C&C server before initiating any malicious activities.  The other approach to controlling infected bots involves a peer-to-peer network. Instead of using C&C servers, a peer-to-peer botnet relies on a decentralized approach. Infected devices may be programmed to scan for malicious websites, or even for other devices in the same botnet. The bots can then share updated commands or the latest versions of the botnet malware.  The peer-to-peer approach is more common today, as cybercriminals and hacker groups try to avoid detection by cybersecurity vendors and law enforcement agencies, which have often used C&C communications as a way to monitor for, locate and disrupt botnet operations.
How to Protect Yourself From Botnets? Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore8 Most people who are infected with botnets aren’t even aware that their computer’s security has become compromised. However, taking simple, common-sense precautions when using the Internet can not only remove botnets that have been installed, it can also prevent them from being installed on your computer, tablet and phone in the first place. 1. Always update your computer’s operating system as early as possible. Hackers often utilize known flaws in operating system security to install botnets. You can even set your computer to install updates automatically. 2. The same is true of applications on your computer, phone and tablet. Once weakness are found and announced by software companies, hackers rush to create programs to exploit those weaknesses.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore9 3. Don’t download attachments or click on links from email addresses you don’t recognize. This is one of the most common vectors for all forms of malware. 4. Use a firewall when browsing the Internet. This is easy to do with Mac computers, as they come with Firewall software pre-installed. If you’re using a Windows-based machine, you might need to install third-party software. 5. Don’t visit websites that are known distributors of malware. One of the things that a full-service Internet security suite can do is warn you when you’re visiting such sites. When in doubt, check with Norton Safe Web. In general, hackers tend to look for low-hanging fruit. If you can mount even basic defenses, botnets and other forms of malware are going to look for easier targets How to Protect Yourself From Botnets?
Notable botnet attacks Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore10 1. Zeus The Zeus malware, first detected in 2007, is one of the best-known and widely used malware types in the history of information security.  Zeus uses a Trojan horse program to infect vulnerable devices and systems, and variants of this malware have been used for various purposes over the years, including to spread CryptoLocker ransomware.  Initially, Zeus, or Zbot, was used to harvest banking credentials and financial information from users of infected devices. Once the data was collected, attackers used the bots to send out spam and phishing emails that spread the Zeus Trojan to more prospective victims.  In 2009, cybersecurity vendor Damballa estimated Zeus had infected 3.6 million hosts. The following year, the FBI identified a group of Eastern European cybercriminals who were suspected to be behind the Zeus malware campaign; the FBI later made more than 100 arrests in the U.S. and Europe.  The Zeus botnet was repeatedly disrupted in 2010, when two internet service providers that were hosting the C&C servers for Zeus were shut down. However, new versions of the Zeus malware were later discovered.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore11 2. Srizbi The Srizbi botnet, which was first discovered in 2007, was, for a time, the largest botnet in the world. Srizbi, also known as the Ron Paul spam botnet, was responsible for a massive amount of email spam -- as much as 60 billion messages a day, accounting for roughly half of all email spam on the internet at the time. In 2007, the Srizbi botnet was used to send out political spam emails promoting then-U.S. Presidential candidate Ron Paul.  The botnet used a Trojan to infect users' computers, which were then used to send out spam. Experts estimated that the Srizbi botnet included approximately 450,000 infected systems.  The cybercriminals behind Srizbi used San Jose, Calif.-based hosting provider McColo for the botnet's C&C infrastructure. The botnet's activity ceased when McColo, which was discovered to be hosting other botnet and spam operations, as well, was shut down in 2008.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore12 3. Gameover Zeus Approximately a year after the original Zeus botnet was disrupted, a new version of the Zeus malware emerged, known as Gameover Zeus.  Instead of relying on a traditional, centralized C&C operation to control bots, Gameover Zeus used a peer-to-peer network approach, which initially made the botnet harder for law enforcement and security vendors to pinpoint and disrupt. Infected bots used the domain generation algorithm (DGA) to communicate.  The Gameover Zeus botnet would generate domain names to serve as communication points for infected bots. An infected device would randomly select domains until it reached an active domain that was able to issue new commands. Security firm Bitdefender reported two versions of Gameover Zeus, one of which generated 1,000 new domains, and the other which generated 10,000 new domains each day.  In 2014, international law enforcement agencies took part in Operation Tovar to temporarily disrupt Gameover Zeus by identifying the domains used by the cybercriminals, and then redirecting bot traffic to government-controlled servers.  The FBI also offered a $3 million reward for Russian hacker Evgeniy Bogachev, who is accused of being the mastermind behind the Gameover Zeus botnet. Bogachev is still at large, and new variants of Gameover Zeus have since emerged.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore13 4. Methbot An extensive cybercrime operation and ad fraud botnet known as Methbot was revealed in 2016 by cybersecurity services company White Ops. According to security researchers, Methbot was generating between $3 million and $5 million in fraudulent ad revenue daily last year by producing fraudulent clicks for online ads, as well as fake views of video advertisements.  Instead of infecting random devices, the Methbot campaign is run on approximately 800-1,200 dedicated servers in data centers located in both the U.S. and the Netherlands. The campaign's operational infrastructure includes 6,000 spoofed domains, and more than 850,000 dedicated IP addresses, many of which are falsely registered as belonging to legitimate U.S.-based internet service providers.  The infected servers can produce fake clicks and mouse movements, as well as forge social media account logins to appear as legitimate users to fool conventional ad fraud detection techniques. In an effort to disrupt the monetization scheme for Methbot, White Ops published a list of the spoofed domains and fraudulent IP addresses to alert advertisers and enable them to block the addresses.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore14 5. Mirai Several powerful, record-setting distributed denial-of-service (DDoS) attacks were observed in late 2016, and they later traced to a new brand of malware known as Mirai. The DDoS traffic was produced by a variety of connected devices, such as wireless routers and CCTV cameras.  Mirai malware is designed to scan the internet for insecure connected devices, while also avoiding IP addresses belonging to major corporations, like Hewlett- Packard and government agencies, such as the U.S. Department of Defense.  Once it identifies an insecure device, the malware tries to log in with a series of common default passwords used by manufacturers. If those passwords don't work, then Mirai uses brute force attacks to guess the password. Once a device is compromised, it connects to C&C infrastructure and can divert varying amounts of traffic toward a DDoS target.  Devices that have been infected are often still able to continue functioning normally, making it difficult to detect Mirai botnet activity from a specific device. For some internet of things (IoT) devices, such as digital video recorders, the factory password is hard coded in the device's firmware, and many devices cannot update their firmware over the internet.  The Mirai source code was later released to the public, allowing anyone to use the malware to compose botnets leveraging poorly protected IoT devices.
Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore15  References: 1. https://searchsecurity.techtarget.com/definition/botn et. 2. https://www.pandasecurity.com/mediacenter/security /what-is-a-botnet/ 3. https://us.norton.com/internetsecurity-malware- what-is-a-botnet.html 4. https://en.wikipedia.org/wiki/Botnet

Recommended

Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case StudyAmr Thabet
 
Botnets
BotnetsBotnets
BotnetsKavisha Miyan
 
Ransomware
RansomwareRansomware
RansomwareG Prachi
 
CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)AFROZULLA KHAN Z
 
What is botnet?
What is botnet?What is botnet?
What is botnet?Milan Petrásek
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for studentsAkhil Nadh PC
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingKeith Brooks
 
Ipspoofing
IpspoofingIpspoofing
IpspoofingAkhil Kumar
 

Recommended

Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case StudyAmr Thabet
 
Botnets
BotnetsBotnets
BotnetsKavisha Miyan
 
Ransomware
RansomwareRansomware
RansomwareG Prachi
 
CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)AFROZULLA KHAN Z
 
What is botnet?
What is botnet?What is botnet?
What is botnet?Milan Petrásek
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for studentsAkhil Nadh PC
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingKeith Brooks
 
Ipspoofing
IpspoofingIpspoofing
IpspoofingAkhil Kumar
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
introduction to Botnet
introduction to Botnetintroduction to Botnet
introduction to Botnetyogendra singh chahar
 
Capture the flag
Capture the flagCapture the flag
Capture the flagKachkad Narender
 
Hacking and Anti Hacking
Hacking and Anti HackingHacking and Anti Hacking
Hacking and Anti HackingInternational Islamic University
 
Cyber crime - What is and types.
Cyber crime - What is and types.Cyber crime - What is and types.
Cyber crime - What is and types.Niloy Biswas
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Securitysumit saurav
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & SecurityDilip Prajapati
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar ReportArindam Sarkar
 
Cyber security & awareness
Cyber security & awarenessCyber security & awareness
Cyber security & awarenessRishab garg
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofingarpit.arp
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptYash Diwakar
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Esteban Bedoya
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virussumitra22
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
 
Cybersecurity Awareness Infographics
Cybersecurity Awareness InfographicsCybersecurity Awareness Infographics
Cybersecurity Awareness InfographicsNetLockSmith
 
Cybercrime presentation
Cybercrime presentationCybercrime presentation
Cybercrime presentationRajat Jain
 
Industroyer: biggest threat to industrial control systems since Stuxnet by An...
Industroyer: biggest threat to industrial control systems since Stuxnet by An...Industroyer: biggest threat to industrial control systems since Stuxnet by An...
Industroyer: biggest threat to industrial control systems since Stuxnet by An...CODE BLUE
 
Botnet
BotnetBotnet
BotnetJoshin Gomez
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Aniq Eastrarulkhair
 

More Related Content

What's hot

Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Cyber crime - What is and types.
Cyber crime - What is and types.Cyber crime - What is and types.
Cyber crime - What is and types.Niloy Biswas
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Securitysumit saurav
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar ReportArindam Sarkar
 
Cyber security & awareness
Cyber security & awarenessCyber security & awareness
Cyber security & awarenessRishab garg
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptYash Diwakar
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Esteban Bedoya
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virussumitra22
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
 
Cybersecurity Awareness Infographics
Cybersecurity Awareness InfographicsCybersecurity Awareness Infographics
Cybersecurity Awareness InfographicsNetLockSmith
 
Cybercrime presentation
Cybercrime presentationCybercrime presentation
Cybercrime presentationRajat Jain
 
Industroyer: biggest threat to industrial control systems since Stuxnet by An...
Industroyer: biggest threat to industrial control systems since Stuxnet by An...Industroyer: biggest threat to industrial control systems since Stuxnet by An...
Industroyer: biggest threat to industrial control systems since Stuxnet by An...CODE BLUE
 

What's hot (20)

Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
introduction to Botnet
introduction to Botnetintroduction to Botnet
introduction to Botnet
 
Capture the flag
Capture the flagCapture the flag
Capture the flag
 
Hacking and Anti Hacking
Hacking and Anti HackingHacking and Anti Hacking
Hacking and Anti Hacking
 
Cyber crime - What is and types.
Cyber crime - What is and types.Cyber crime - What is and types.
Cyber crime - What is and types.
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
 
Phishing
PhishingPhishing
Phishing
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Security
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & Security
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar Report
 
Cyber security & awareness
Cyber security & awarenessCyber security & awareness
Cyber security & awareness
 
System hacking
System hackingSystem hacking
System hacking
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCrypt
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virus
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic Analysis
 
Cybersecurity Awareness Infographics
Cybersecurity Awareness InfographicsCybersecurity Awareness Infographics
Cybersecurity Awareness Infographics
 
Cybercrime presentation
Cybercrime presentationCybercrime presentation
Cybercrime presentation
 
Industroyer: biggest threat to industrial control systems since Stuxnet by An...
Industroyer: biggest threat to industrial control systems since Stuxnet by An...Industroyer: biggest threat to industrial control systems since Stuxnet by An...
Industroyer: biggest threat to industrial control systems since Stuxnet by An...
 

Similar to Botnet

Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Aniq Eastrarulkhair
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Mohammed Jaseem Tp
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsConnecting Up
 
Types of Malware.docx
Types of Malware.docxTypes of Malware.docx
Types of Malware.docxSarahReese14
 
Botnet Attacks How They Work and How to Defend Against Them.pdf
Botnet Attacks How They Work and How to Defend Against Them.pdfBotnet Attacks How They Work and How to Defend Against Them.pdf
Botnet Attacks How They Work and How to Defend Against Them.pdfuzair
 
trojon horse Seminar report
trojon horse Seminar report trojon horse Seminar report
trojon horse Seminar reportNamanKikani
 
Untitled document.pdf
Untitled document.pdfUntitled document.pdf
Untitled document.pdfgoogle
 
Types of malware threats
Types of malware threatsTypes of malware threats
Types of malware threatsEC-Council
 
System Based Attacks - CYBER SECURITY
System Based Attacks - CYBER SECURITYSystem Based Attacks - CYBER SECURITY
System Based Attacks - CYBER SECURITYSouma Maiti
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)EC-Council
 
20210717-AntiBotnets-FundamentalInfoSec.pptx
20210717-AntiBotnets-FundamentalInfoSec.pptx20210717-AntiBotnets-FundamentalInfoSec.pptx
20210717-AntiBotnets-FundamentalInfoSec.pptxSuman Garai
 
How spam change the world
How spam change the world How spam change the world
How spam change the world Farhaan Bukhsh
 

Similar to Botnet (20)

Botnet
BotnetBotnet
Botnet
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
 
Malicious malware breaches - eScan
Malicious malware breaches - eScanMalicious malware breaches - eScan
Malicious malware breaches - eScan
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
 
Types of Malware.docx
Types of Malware.docxTypes of Malware.docx
Types of Malware.docx
 
Botnet Attacks How They Work and How to Defend Against Them.pdf
Botnet Attacks How They Work and How to Defend Against Them.pdfBotnet Attacks How They Work and How to Defend Against Them.pdf
Botnet Attacks How They Work and How to Defend Against Them.pdf
 
trojon horse Seminar report
trojon horse Seminar report trojon horse Seminar report
trojon horse Seminar report
 
Untitled document.pdf
Untitled document.pdfUntitled document.pdf
Untitled document.pdf
 
I.T Security Threats
I.T Security ThreatsI.T Security Threats
I.T Security Threats
 
Types of malware threats
Types of malware threatsTypes of malware threats
Types of malware threats
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 
System Based Attacks - CYBER SECURITY
System Based Attacks - CYBER SECURITYSystem Based Attacks - CYBER SECURITY
System Based Attacks - CYBER SECURITY
 
Malware
MalwareMalware
Malware
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
 
20210717-AntiBotnets-FundamentalInfoSec.pptx
20210717-AntiBotnets-FundamentalInfoSec.pptx20210717-AntiBotnets-FundamentalInfoSec.pptx
20210717-AntiBotnets-FundamentalInfoSec.pptx
 
viruses.pptx
viruses.pptxviruses.pptx
viruses.pptx
 
BOTNETS
BOTNETSBOTNETS
BOTNETS
 
BOTNET
BOTNETBOTNET
BOTNET
 
How spam change the world
How spam change the world How spam change the world
How spam change the world
 

Recently uploaded

247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 

Recently uploaded (20)

247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 

Botnet

  • 1. BTIT603: Cyber and Network Security Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore1 Botnet
  • 2. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore2  Botnets have become one of the biggest threats to security systems today. Their growing popularity among cybercriminals comes from their ability to infiltrate almost any internet-connected device, from DVR players to corporate mainframes.  Botnets are also becoming a larger part of cultural discussions around cyber security. Facebook’s fake ad controversy and the Twitter bot fiasco during the 2016 presidential election worry many politicians and citizens about the disruptive potential of botnets. Recently published studies from MIT have concluded that social media bots and automated accounts play a major role in spreading fake news.  Aside from being tools for influencing elections and mining cryptocurrencies, botnets are also dangerous to corporations and consumers because they’re used to deploy malware, initiate attacks on websites, steal personal information, and defraud advertisers.  It’s clear botnets are bad, but what are they exactly? And how can you protect your personal information and devices?
  • 3. What is Botnet? Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore3  To better understand what botnets are and how botnets function, consider that the name itself is a blending of the words “robot” and “network”. In a broad sense, that’s exactly what botnets are: a network of robots used to commit cyber crime.  The term botnet is derived from the words robot and network. A bot in this case is a device infected by malware, which then becomes part of a network, or net, of infected devices controlled by a single attacker or attack group. The cyber criminals controlling them are called botmasters or bot herders.  Botnets are the workhorses of the Internet. They’re connected computers performing a number of repetitive tasks to keep websites going.
  • 4. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore4  What you need to be careful of are the illegal and malicious botnets. What happens is that botnets gain access to your machine through some piece of malicious coding. In some cases, your machine is directly hacked, while other times what is known as a “spider” (a program that crawls the Internet looking for holes in security to exploit) does the hacking automatically.  More often than not, what botnets are looking to do is to add your computer to their web. That usually happens through a drive-by download or fooling you into installing a Trojan horse on your computer. Once the software is downloaded, the botnet will now contact its master computer and let it know that everything is ready to go. Now your computer, phone or tablet is entirely under the control of the person who created the botnet.
  • 5. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore5 Once the botnet’s owner is in control of your computer, they usually use your machine to carry out other nefarious tasks. Common tasks executed by botnets include: 1. Using your machine’s power to assist in distributed denial-of- service (DDoS) attacks to shut down websites. 2. Emailing spam out to millions of Internet users. 3. Generating fake Internet traffic on a third-party website for financial gain. 4. Replacing banner ads in your web browser specifically targeted at you. 5. Pop-ups ads designed to get you to pay for the removal of the botnet through a anti-spyware package. 6. The short answer is that a botnet is hijacking your computer to do what botnets do -- carry out mundane(boring, tedious) tasks -- faster and better.
  • 6. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore6 Source of image: https://searchsecurity.techtarget.com/definition/botnet
  • 7. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore7  Once the desired number of devices is infected, attackers can control the bots using two different approaches. The traditional client/server approach involves setting up a command-and- control (C&C) server and sending automated commands to infected botnet clients through a communications protocol, such as internet relay chat (IRC). The bots are often programmed to remain dormant and await commands from the C&C server before initiating any malicious activities.  The other approach to controlling infected bots involves a peer-to-peer network. Instead of using C&C servers, a peer-to-peer botnet relies on a decentralized approach. Infected devices may be programmed to scan for malicious websites, or even for other devices in the same botnet. The bots can then share updated commands or the latest versions of the botnet malware.  The peer-to-peer approach is more common today, as cybercriminals and hacker groups try to avoid detection by cybersecurity vendors and law enforcement agencies, which have often used C&C communications as a way to monitor for, locate and disrupt botnet operations.
  • 8. How to Protect Yourself From Botnets? Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore8 Most people who are infected with botnets aren’t even aware that their computer’s security has become compromised. However, taking simple, common-sense precautions when using the Internet can not only remove botnets that have been installed, it can also prevent them from being installed on your computer, tablet and phone in the first place. 1. Always update your computer’s operating system as early as possible. Hackers often utilize known flaws in operating system security to install botnets. You can even set your computer to install updates automatically. 2. The same is true of applications on your computer, phone and tablet. Once weakness are found and announced by software companies, hackers rush to create programs to exploit those weaknesses.
  • 9. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore9 3. Don’t download attachments or click on links from email addresses you don’t recognize. This is one of the most common vectors for all forms of malware. 4. Use a firewall when browsing the Internet. This is easy to do with Mac computers, as they come with Firewall software pre-installed. If you’re using a Windows-based machine, you might need to install third-party software. 5. Don’t visit websites that are known distributors of malware. One of the things that a full-service Internet security suite can do is warn you when you’re visiting such sites. When in doubt, check with Norton Safe Web. In general, hackers tend to look for low-hanging fruit. If you can mount even basic defenses, botnets and other forms of malware are going to look for easier targets How to Protect Yourself From Botnets?
  • 10. Notable botnet attacks Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore10 1. Zeus The Zeus malware, first detected in 2007, is one of the best-known and widely used malware types in the history of information security.  Zeus uses a Trojan horse program to infect vulnerable devices and systems, and variants of this malware have been used for various purposes over the years, including to spread CryptoLocker ransomware.  Initially, Zeus, or Zbot, was used to harvest banking credentials and financial information from users of infected devices. Once the data was collected, attackers used the bots to send out spam and phishing emails that spread the Zeus Trojan to more prospective victims.  In 2009, cybersecurity vendor Damballa estimated Zeus had infected 3.6 million hosts. The following year, the FBI identified a group of Eastern European cybercriminals who were suspected to be behind the Zeus malware campaign; the FBI later made more than 100 arrests in the U.S. and Europe.  The Zeus botnet was repeatedly disrupted in 2010, when two internet service providers that were hosting the C&C servers for Zeus were shut down. However, new versions of the Zeus malware were later discovered.
  • 11. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore11 2. Srizbi The Srizbi botnet, which was first discovered in 2007, was, for a time, the largest botnet in the world. Srizbi, also known as the Ron Paul spam botnet, was responsible for a massive amount of email spam -- as much as 60 billion messages a day, accounting for roughly half of all email spam on the internet at the time. In 2007, the Srizbi botnet was used to send out political spam emails promoting then-U.S. Presidential candidate Ron Paul.  The botnet used a Trojan to infect users' computers, which were then used to send out spam. Experts estimated that the Srizbi botnet included approximately 450,000 infected systems.  The cybercriminals behind Srizbi used San Jose, Calif.-based hosting provider McColo for the botnet's C&C infrastructure. The botnet's activity ceased when McColo, which was discovered to be hosting other botnet and spam operations, as well, was shut down in 2008.
  • 12. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore12 3. Gameover Zeus Approximately a year after the original Zeus botnet was disrupted, a new version of the Zeus malware emerged, known as Gameover Zeus.  Instead of relying on a traditional, centralized C&C operation to control bots, Gameover Zeus used a peer-to-peer network approach, which initially made the botnet harder for law enforcement and security vendors to pinpoint and disrupt. Infected bots used the domain generation algorithm (DGA) to communicate.  The Gameover Zeus botnet would generate domain names to serve as communication points for infected bots. An infected device would randomly select domains until it reached an active domain that was able to issue new commands. Security firm Bitdefender reported two versions of Gameover Zeus, one of which generated 1,000 new domains, and the other which generated 10,000 new domains each day.  In 2014, international law enforcement agencies took part in Operation Tovar to temporarily disrupt Gameover Zeus by identifying the domains used by the cybercriminals, and then redirecting bot traffic to government-controlled servers.  The FBI also offered a $3 million reward for Russian hacker Evgeniy Bogachev, who is accused of being the mastermind behind the Gameover Zeus botnet. Bogachev is still at large, and new variants of Gameover Zeus have since emerged.
  • 13. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore13 4. Methbot An extensive cybercrime operation and ad fraud botnet known as Methbot was revealed in 2016 by cybersecurity services company White Ops. According to security researchers, Methbot was generating between $3 million and $5 million in fraudulent ad revenue daily last year by producing fraudulent clicks for online ads, as well as fake views of video advertisements.  Instead of infecting random devices, the Methbot campaign is run on approximately 800-1,200 dedicated servers in data centers located in both the U.S. and the Netherlands. The campaign's operational infrastructure includes 6,000 spoofed domains, and more than 850,000 dedicated IP addresses, many of which are falsely registered as belonging to legitimate U.S.-based internet service providers.  The infected servers can produce fake clicks and mouse movements, as well as forge social media account logins to appear as legitimate users to fool conventional ad fraud detection techniques. In an effort to disrupt the monetization scheme for Methbot, White Ops published a list of the spoofed domains and fraudulent IP addresses to alert advertisers and enable them to block the addresses.
  • 14. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore14 5. Mirai Several powerful, record-setting distributed denial-of-service (DDoS) attacks were observed in late 2016, and they later traced to a new brand of malware known as Mirai. The DDoS traffic was produced by a variety of connected devices, such as wireless routers and CCTV cameras.  Mirai malware is designed to scan the internet for insecure connected devices, while also avoiding IP addresses belonging to major corporations, like Hewlett- Packard and government agencies, such as the U.S. Department of Defense.  Once it identifies an insecure device, the malware tries to log in with a series of common default passwords used by manufacturers. If those passwords don't work, then Mirai uses brute force attacks to guess the password. Once a device is compromised, it connects to C&C infrastructure and can divert varying amounts of traffic toward a DDoS target.  Devices that have been infected are often still able to continue functioning normally, making it difficult to detect Mirai botnet activity from a specific device. For some internet of things (IoT) devices, such as digital video recorders, the factory password is hard coded in the device's firmware, and many devices cannot update their firmware over the internet.  The Mirai source code was later released to the public, allowing anyone to use the malware to compose botnets leveraging poorly protected IoT devices.
  • 15. Lokendra Vishwakarma, Assistant Professor, SVIIT-SVVV, Indore15  References: 1. https://searchsecurity.techtarget.com/definition/botn et. 2. https://www.pandasecurity.com/mediacenter/security /what-is-a-botnet/ 3. https://us.norton.com/internetsecurity-malware- what-is-a-botnet.html 4. https://en.wikipedia.org/wiki/Botnet