Toll Free: 1-866-989-9119
BOTNET
The term Bot is short for robot. Botnets are the networks of infected computers that can be controlled by a master computer. When this occurs, your computer can perform automated tasks over the Internet; Victims are normally unaware that their system is being controlled remotely by a botnet administrator. Such compromised computers are infected due to a malicious code. The malicious code or malware is sent to computers through various medians like email attachments, spam emails, video downloads, music downloads etc. Vulnerable computers are the first ones to be targeted.
The infected systems are used to perform various illegal tasks such as sending massive amount of spam emails or launching Distributed Denial-of-Service (DDoS) attacks that can completely shutdown networks of corporate or government targets.
The infected systems are used to perform various illegal tasks such as sending massive amount of spam emails or launching Distributed Denial-of-Service (DDoS) attacks that can completely shutdown networks of corporate or government targets.
Types of BOTNET
There are many types of bots. Here are some described briefly.1. GT-Bots
GT (Global Threat) Bot is mIRC-based bot. It enables a mIRC chat-client based on a set of binaries (mainly DLLs) and scripts. It often hides the application window in compromised hosts to make mIRC invisible to the user.
2. DSNX Bots
DSNX (Data Spy Network X) Bots have a convenient plug-in interface for adding a new function. Albeit the default version does not meet the requirement of spreaders, plug-in can help to address this problem.
3. Q8 Bots
It is designed for Unix/Linux OS with the common features of a bot, such as dynamic HTTP updating, various DDoS-attacks, execution of arbitrary commands etc.
4. Kaiten
It is quite similar to Q8 Bots due to the same runtime environment and lacking of spreader as well. Kaiten has an easy remote shell, thus it is convenient to check further.
5. Perl-Based Bots
Perl-Based Bots are so small that they only have a few hundred lines of the bots code [9]. Thus, limited fundamental commands are available for attacks, especially for DDoS-attacks in Unix-based systems.
Botnet DETECTION:-
There are several different ways to identify botnets that have been proposed or attempted. Some are as below:1. Honeypot
Honeypots are well-known by their strong ability to detect security threats, collect malwares, and to understand the behaviors and motivations of perpetrators.
2. IRC-based Detection
IRC-based botnet is wildly studied and therefore several characteristics have been discovered for detection so far. One of the most easy ways to detect this kind of botnets is to sniff traffic on common IRC ports (TCP port 6667), and then check whether the strings in our knowledge database.
3. Detection Based on Anomaly Activities
Authors proposed this is an algorithm for anomaly-based botnet detection that combines IRC mesh features with TCP-based anomaly detection module. It first observed and recorded a large number of TCP packets with respect to IRC hosts over total number of TCP packets; it is able to detect some anomaly activities.
4. DNS Tracking
Bots usually send DNS queries in order to access the C2 servers, if we can intercept their domain names; the botnet traffic is captured by blacklisting the domain names. Actually, it also provides an important secondary avenue to take down botnets by disabling their propagation capability.
What can a Bot do?
• P2P Spreading (Limewire, uTorrent, etc.)• IM Spreading (Sends to contacts on MSN, AIM, etc.)
• DDoS attacking (See "DDoS attack”)
• Spam mailing to lists of emails (Often used to spread)
• Collecting personal information (Passwords, bank details etc)
THREADS OF BOTNETS:-
Botnets are, without any doubts, one of the biggest scourges of IT security today. According to the recent McAfee Labs Threats Report instances of Distributed Denial of Service attacks are growing rapidly.In the last quarter the McAfee Labs observed many new attacks demanding ransom money including those aimed at sports betting companies which were taken out of action during key sporting events to cause losses in the millions. Such attacks have not only been used to make money, but also silence political opinion.