BOTNETS : BOTNETS Presented By
CHAMPAT INGLE Roll No :35106
PROF.C.A.LAULKAR A BIGGEST THREAT TO INERNET A Quick Glance : A Quick Glance Introduction
More about botnets
Some good application
Types of BOTS
Conclusion INTRODUCTION : INTRODUCTION Botnets are networks of computers taken hostage by malware that controls them and makes them to act in other nefarious ways.
A "botnet" is a collection of computers that have been infected with remote-control software.
Runs autonomously and automatically.
User unaware ACTUAL WORKING : ACTUAL WORKING Worm/Trojan program that's usually transmitted through a spam.
Communicates with attacker.
Attacker send commands through IRC. PROTOCOLS : PROTOCOLS IRC
P2P INTERNET RELAY CHAT :IRC : INTERNET RELAY CHAT :IRC Zombie establish connection with bot controller.
All bots are connected to IRC servers.
Bot controller send commands to bots through IRC MORE ABOUT BOTNETS : MORE ABOUT BOTNETS Size of Botnets:
50,000 or more for single botnet.
1000 home PCs with an average upstream of 128KBit/s can offer more than 100MBit/s.
IRC hides IP’S.
Different botnets can be connected through IRC
Botnets can be rented
Botnet controller is always unidentified. Malicious activities : Malicious activities Distributed Denial-of-Service (DDoS) attacks.
Spreading new malware
Mass identity theft (Phishing) GOOD APPLICATIONS : GOOD APPLICATIONS Manipulating online polls/games:
Search Engines EXAMPLE : EXAMPLE DDOS Attack by CHINA on US TYPES OF BOTS : TYPES OF BOTS Agobot:
IRC based command/control.
Capable of many DoS attack types .
Traffic sniffers/key logging.
Simpler than Agobot, 2,000 lines C code.
Non-malicious at base.
Utilitarian IRC-based command/control.
Easily extended for malicious purposes.
Sniffers TYPES OF BOTS : SpyBot:
<3,000 lines C code.
Possibly evolved from SDBot .
Similar command/control engine.
No attempts to hide malicious purposes.
Functions based on mIRC scripting capabilities.
HideWindow program hides bot on local system.
Port scanning, DoS attacks, exploits for RPC . TYPES OF BOTS TRACKING & STOPPING BOTS : TRACKING & STOPPING BOTS Tracking IRC Servers
Bring Down The IRC Servers
Honeynets PREVENTION : PREVENTION Using anti-virus and anti-spyware software and keeping it up to date.
Setting your operating system software to download and install security patches automatically.
Being cautious about opening any attachments or downloading files from emails you receive.
Using a firewall to protect your computer from hacking attacks while it is connected to the Internet. PREVENTION : Disconnecting from the Internet when you're away from your computer.
Downloading free software only from sites you know and trust.
Taking action immediately if your computer is infected. PREVENTION CONCLUSION : CONCLUSION Botnet a large army of networked computers.
Used in many malicious activities.
Works automatically and autonomously.
Hence biggest threat to INTERNET THANK YOU : THANK YOU