Top

Published in:

2013 | OriginalPaper | Chapter

Botnets: How to Fight the Ever-Growing Threat on a Technical Level

Authors : Heli Tiirmaa-Klaar, Jan Gassen, Elmar Gerhards-Padilla, Peter Martini

Published in: Botnets

Publisher: Springer London

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Today’s malware, short term for malicious software, poses one of the major threats to all currently operated computer systems. The scale of the problem becomes obvious by looking at the global economic loss caused by different kinds of malware, which is estimated to be more than US$10 billion every year. This particularly applies for botnets, which are a special kind of malware. In contrast to other kinds of malware, botnets utilize a hidden communication channel to receive commands from their operator and communicate their current status. The ability to execute almost arbitrary commands on the infected machines makes botnets a general-purpose tool to perform malicious cyber-activities. In this context, botnets are used for example by individual perpetrators, organized crime as well as governmentally supported organizations, in order to achieve individual gains. This chapter gives a technical insight into current botnet techniques and discusses state of the art countermeasures to combat the botnet threat in detail. This includes new detection methods as well as different approaches to actively compromise running botnets. Different techniques as well as their impact on current botnets are discussed, considering individual involved stakeholders. In addition to the technical countermeasures, current initiatives countering botnets are introduced.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Botnets, Cybercrime and National Security

Leyden, J. (2009). The Register. [Online]. http://www.theregister.co.uk/2009/01/30/techwatch_ddos/.

Symantec. (2011). Symantec Internet Security Threat Report, Volume 16.

Edwards, C. (2011). Bloomberg. [Online]. http://www.bloomberg.com/news/print/2011-06-27/human-errors-fuel-hacking-as-test-shows-nothing-prevents-idiocy.html.

Lyden, J. (2005). The Register. [Online]. http://www.theregister.co.uk/2005/12/15/mcafee_internal_security_survey/.

Panda Security. (2010). The Cyber-Crime, Black Market: Uncovered.

Krebs, B. (2011). KrebsonSecurity. [Online]. http://krebsonsecurity.com/2011/06/criminal-classifieds-malware-writers-wanted/.

Krebs, B. (2012). Tagging and tracking espionage botnets. [Online]. http://krebsonsecurity.com/2012/07/tagging-and-tracking-espionage-botnets/.

Deibert, R., & Rohozinski, R. (2009). Tracking GhostNet: Investigating a Cyber Espionage Network. Information Warfare Monitor.

Sanger, D. E. (2012). Obama order sped up wave of cyberattacks against Iran. [Online]. http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all.

10.

Ottis, R. (2008). Analysis of the 2007 cyber attacks against estonia from the information warfare. Proceedings of the 7th European Conference on Information (pp. 163–168).

11.

Leyden, J. (2010). The Register. [Online]. http://www.theregister.co.uk/2010/12/06/anonymous_launches_pro_wikileaks_campaign/.

12.

Schmidt, J. (2007). The H Security. [Online]. http://www.h-online.com/security/features/Fast-Flux-747344.html.

13.

Norton. (2011). Symantec.com. [Online]. http://www.symantec.com/about/news/release/article.jsp?prid=20110907_02.

14.

F-Secure. F-Secure.com. [Online]. http://www.f-secure.com/v-descs/brain.shtml.

15.

Munro, R., & Elmer-Dewitt, P. Time.com. [Online]. http://www.time.com/time/magazine/article/0,9171,968490-1,00.html.

16.

BitDefender. (2010). Malware History.

17.

Schauer, C. (2001). The Mechanisms and Effects of the Code Red Worm.

18.

Ferguson, R. Businesscomputingworld. [Online]. http://www.businesscomputingworld.co.uk/the-history-of-the-botnet-part-i/.

19.

Harley, D. (2009). ESET threat blog. [Online]. http://blog.eset.com/2009/07/07/guest-blog-how-much-spam-does-waledac-send.

20.

M86 Security. Spam statistics. [Online]. http://www.m86security.com/labs/spam_statistics.asp.

21.

Namestnikov, Y. (2009, July). The economics of botnets. [Online]. http://www.securelist.com/en/analysis/204792068/The_economics_of_Botnets.

22.

Paulson, R. A., & Weber, J. E. (2006). Cyberextortion: An overview of distributed denial of service attacks against online gaming companies. Issues in Information Systems, 7, 52–56.

23.

M86 Security. (2010). Cybercriminals Target Online Banking Customers.

24.

Stevens, K., & Jackson, D. Dell SecureWorks. [Online]. http://www.secureworks.com/research/threats/zeus/.

25.

(2009). Heise.de. [Online]. http://www.heise.de/security/meldung/Hunderte-Bundeswehr-Rechner-von-Conficker-befallen-195953.html.

26.

Symantec Corp. (2010). W32.Stuxnet Dossier v1.3.

27.

F-Secure. Worm:W32/Downadup.AL. [Online]. http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml.

28.

F-Secure. Backdoor:W32/SdBot.MB. [Online]. http://www.f-secure.com/v-descs/sdbot_mb.shtml.

29.

Kamluk, V. (2009). Securelist. [Online]. http://www.securelist.com/en/weblog?weblogid=208187897.

30.

MessageLabs. (2007). Messagelabs Intelligence: August 2007.

31.

Hypponen, M. (2008). News from the lab. [Online]. http://www.f-secure.com/weblog/archives/00001392.html.

32.

Wisniewski, C. (2011). Naked security. [Online]. http://nakedsecurity.sophos.com/2011/09/07/an-analysis-of-the-pay-per-install-underground-economy/.

33.

Holz T., Steiner M., Dahl F., Biersack E., & Freiling F. (2008). Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm.

34.

Leder,F., & Werner, T. (2009). Know Your Enemy: Containing Conficker. The Honeynet Project.

35.

Computer Security Group, UC Santa Barbara. (2009). Taking over the torpig botnet—my botnet is your botnet. [Online]. http://www.cs.ucsb.edu/~seclab/projects/torpig/.

36.

Krebs, B. (2011). Krebs on security. [Online]. http://krebsonsecurity.com/2011/06/criminal-classifieds-malware-writers-wanted/.

37.

Shah, C. (2010). McAfee blog central. [Online]. http://blogs.mcafee.com/mcafee-labs/zeus-crimeware-toolkit.

38.

Leyden, J. (2011). The Register. [Online]. http://www.theregister.co.uk/2011/09/22/aldi_bot/.

39.

Krebs, B. (2008). Washington Post. [Online]. http://www.washingtonpost.com/wp-dyn/content/story/2008/01/25/ST2008012501460.html.

40.

Fisher, D. (2011). Threatpost. [Online]. http://threatpost.com/en_us/blogs/zeus-source-code-leaked-051011.

41.

Mieres, J. (2011). Threatpost. [Online]. http://threatpost.com/en_us/blogs/ice-ix-first-crimeware-based-leaked-zeus-sources-082411.

42.

Barford, P., & Yegneswaran, V. (2007). An inside look at botnets. Malware Detection (pp. 171–191).

43.

Shadowserver Foundation. (2011, October). Shadowserver foundation—statistics. [Online]. http://www.shadowserver.org.

44.

Damballa Inc. (2011). Top 10 Botnet Threat Report—2010.

45.

Labovitz, C. (2010). Arbor networks security. [Online]. http://asert.arbornetworks.com/2010/12/the-internet-goes-to-war/.

46.

Hogben, G., Plohmann, D., Gerhards-Padilla, E., & Leder, F. (2011). Botnets: Detection, Measurement, Disinfection & Defence.

47.

Goodin, D. (2009). The Register. [Online]. http://www.theregister.co.uk/2009/04/16/new_ibotnet_analysis/.

48.

Goodin, D. (2011). The Register. [Online]. http://www.theregister.co.uk/2011/01/19/mac_linux_bot_vulnerabilities/.

49.

Maslennikov, D. (2011). Securelist. [Online]. http://www.securelist.com/en/analysis/204792168/Mobile_Malware_Evolution_An_Overview_Part_4.

50.

F-Secure. (2010). News from the lab. [Online]. http://www.f-secure.com/weblog/archives/00002037.html.

51.

Microsoft. (2011). Microsoft Security Intelligence Report Volume 11.

52.

Porras, P., Saidi, H., & Yegneswaran, V. (2009). Conficker C Analysis. [Online]. http://mtc.sri.com/Conficker/addendumC/.

53.

Stone-Gross, B. et al. (2009). Your botnet is my botnet: Analysis of a botnet takeover. Proceedings of the 16th ACM conference on Computer and communications security (pp. 635–647).

54.

Kang, B. B. H. et al. (2009) Towards complete node enumeration in a peer-to-peer botnet. Proceedings of the 4th International Symposium on Information, Computer, and Communications Security.

55.

Dittrich, D., & Dietrich, S. (2008). “Discovery Techniques for P2P Botnets.

56.

Norton. (2011). Cybercrime Report 2011.

57.

eEye Digital Security. Zero-day-tracker. [Online]. http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker.

58.

AV-Test.org. [Online]. http://www.av-test.org/en/statistics/malware/.

59.

Fisher, D. (2010). Threatpost. [Online]. http://threatpost.com/en_us/blogs/possible-new-rootkit-has-drivers-signed-realtek-071510.

60.

Botfrei.de. Anti-Botnet Beratungszentrum. [Online]. http://www.botfrei.de.

61.

Tikk, E., Kaska, K., & Vihul, L. (2010). International cyber incidents—legal considerations. Cooperative Cyber Defence Centre of Excellence, Tallin, Estonia.

62.

Leder, F., Werner, T., & Martini, P. (2009). Proactive botnet countermeasures—an offensive approach. Cooperative Cyber Defence Centre of Excellence Tallinn, Estonia.

63.

Ramachandran, A., Feamster, N., & Dagon, D. (2006). Revealing botnet membership using DNSBL counter-intelligence. Proceedings of the 2nd Conference on Steps to Reducing Unwanted Traffic on the Internet (Vol. 2).

64.

Schmidt, J. E. (2006). Dynamic port 25 blocking to control spam zombies. Third Conference on Email and Anti-Spam.

65.

McAfee. (2011). Underground Economy—Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency.

66.

Calvet, J., Davis, C. R., & Bureau, P.-M. (2009). Malware authors don’t learn, and that’s good! Malicious and Unwanted Software (MALWARE) (pp. 88–97).

67.

Castillo, C. (2011, May). I smell a RAT: Java botnet found in the wild. [Online]. http://blogs.mcafee.com/mcafee-labs/i-smell-a-rat-java-botnet-found-in-the-wild.

68.

Benzmüller, R., & Berkenkopf, S. (2011). G Data Malware Report January–June 2011, G Data.

Title: Botnets: How to Fight the Ever-Growing Threat on a Technical Level
Authors: Heli Tiirmaa-Klaar
Jan Gassen
Elmar Gerhards-Padilla
Peter Martini
Publisher: Springer London
Book: Botnets
Print ISBN: 978-1-4471-5215-6

Electronic ISBN: 978-1-4471-5216-3

Copyright Year: 2013
DOI: https://doi.org/10.1007/978-1-4471-5216-3_2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner