Assignment Help logo
support@assignmenthelp.net
Language:EN
Pages: 5
Rating : ⭐⭐⭐⭐⭐
Price: $10.99
Download Now
Page 1 Preview
figure illustrates the common life cycle botnet cl

Figure illustrates the common life cycle botnet client

Botnets: A Call to Action • Chapter 1 23

� A botnet is adaptive; it can be designed to download different modules to exploit specific things that it finds on a victim.

� Botnet attacks are targetable.That is, the hacker can target a company or a market sector for these attacks.

The Industry Responds

� At the TechEd 2006 conference in Boston, Microsoft confirmed that “well-organized mobsters have established control [of] a global billion-dollar crime network using keystroke loggers, IRC bots, and rootkits,” according to “Microsoft: Trojans,Bots Are ‘Significant and Tangible Threat,’” an article by Ryan Naraine in the June 12, 2006, edition of eWEEK.com.

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www. syngress.com/solutions and click on the “Ask the Author” form.

Q: Have we lost the war of the botnets?

A: In 2003, Microsoft established a $5 million antivirus reward program. Microsoft periodi-cally announces that it is offering a bounty for information leading to the arrest and conviction of authors of a specific virus. Rewards of $250,000 have been paid for the creator of the Sasser worm.Today, awards are posted for the authors of the SoBig virus and the Blaster worm. If you have information about a virus that Microsoft has offered a bounty for, you should contact law enforcement. From the Microsoft Q&A page regarding the bounty (www.microsoft.com/presspass/features/2003/nov03/11-
05AntiVirusQA.mspx) “Persons with information should go directly to the law enforce-ment agencies by calling their local FBI (www.fbi.gov/contact/fo/fo.htm) or Secret Service office, or the Interpol National Central Bureau (www.interpol.int) in any of Interpol’s 181 member countries, or by going to the FBI Internet Fraud Complaint Center Web site (www.ic3.gov).” The Microsoft Web page for information about cur-rent rewards is located at www.microsoft.com/security/
antivirus/default.mspx.

What makes a botnet a botnet? In particular, how do you distinguish a botnet client from just another hacker break-in? First, the clients in a botnet must be able to take actions on the client without the hacker having to log into the client’s operating system (Windows, UNIX, or Mac OS). Second, many clients must be able to act in a coordinated fashion to accomplish a common goal with little or no intervention from the hacker. If a collection of computers meet this criteria it is a botnet.

A botnet is the melding of many threats into one.The typical botnet consists of a bot server (usually an IRC server) and one or more botclients (refer to Figure 1.2). Botnets with hundreds or a few thousands of botclients (called zombies or drones) are considered small botnets. In this typical botnet, the bot herder communicates with botclients using an IRC channel on a remote command and control (C&C) server. In step 1, the new botclient joins a predesignated IRC channel on an IRC server and listens for commands. In step 2, the bot herder sends a message to the IRC server for each client to retrieve. In step 3, the clients retrieve the commands via the IRC channel and perform the commands. In step 4, the bot-clients perform the commands—in the case of Figure 1.2, to conduct a DoS attack against a specified target. In step 5, the botclient reports the results of executing the command.

Botnets Overview • Chapter 2 27

standing of the botnet life cycle can improve our ability to both detect and respond to botnet threat.

■ Phishing e-mails, which lure or goad the user to a Web site that installs malicious code in the background, sometimes while convincing you to give them your bank userid and password, account information, and such.This approach is very effective if you are looking for a set of botnet clients that meet certain qualifications, such as customers of a common bank.

■ Enticing Web sites with Trojan code (“Click here to see the Dancing Monkeys!”).

Every “Patch Tuesday” from Microsoft is followed by a flurry of reverse engineering in the hacker community. Within a few days (3 for the last patch Tuesday), someone will release an exploit against the problem that the most recent patch fixed.The hacker community is counting on millions of users that do not update their computers promptly. Modular botnets are able to incorporate new exploits in their scanning tools almost overnight. Diligent patching is the best prevention against this type of attack. If it involves a network protocol

You are viewing 1/3rd of the document.Purchase the document to get full access instantly

Immediately available after payment
Both online and downloadable
No strings attached
How It Works
Login account
Login Your Account
Place in cart
Add to Cart
send in the money
Make payment
Document download
Download File
img

Uploaded by : Josh Walker-Goddard

PageId: DOCC5FBD5D

©2009-2024 Assignmenthelp.net