A hands-on approach on botnets for a learning purpose

Transcript

1. A hands-on approach on botnets for a learning purpose Computer

   Systems Security – 2015/2016 Eduardo Martins / João Pedro Dias / João Sá / José Pinto

2. Agenda • Botnets overview • What's the problem? • What

   we purpose? • Solution • Future Work

3. Botnet overview | Anatomy “A botnet is a number of

   Internet-connected computers communicating with other similar machines in an effort to complete repetitive tasks and objectives.” Botnet. Wikipedia, the free encyclopedia. Retrieved from https://en.wikipedia.org/wiki/Botnet “Cybercriminals use special Trojan viruses to breach the security of several users’ computers, take control of each computer and organize all of the infected machines into a network of ‘bots’ that the criminal can remotely manage.” What is a Botnet?. Kaspersky Lab. Retrieved from http://www.kaspersky.co.uk/internet-security-center/threats/botnet-attacks

4. Botnet overview | Countermeasures Solit, Jonh (2015). Anatomy of a

   Botnet. NTCA. Retrieved from http://www.ncta.com/platform/technology-devices/anatomy-of-a-botnet/

5. Botnet overview | Attacks Botnet Spreading new Malware Installing Advertiseme

   nt Add-ons Google AdSense abuse Distributed Denial of Service Spam Keylogging Mass identity theft Bitcoin Mining

6. Botnet overview | Countermeasures Conficker Working Group (2009). Infection Distribution.

   Retrieved from http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/InfectionDistribution

7. What's the problem? • There is the lack of a

   simple way to learn about botnets, what they are, how they work and what we can do about it. • There isn’t a safe way to experiment with botnets, analyzing and modifying its behavior.

8. What we purpose? • Botnet wiki – A wiki with

   information regarding botnets, its anatomy, typical architecture and impact on the technological world. • Botnet lab – A laboratory with a simple and open-source botnet kit with a set of built-in functionalities. – Easily expanded and modifiable. – Built for anyone who is interested in botnets and want to setup a laboratory at home and play with it.

9. Solution | Botnet Wiki Anatomy •Type of attacks •Types of

   bots •How and What History •List of botnets •Good uses Countermeasures •Detection •Defense Botnet Lab •Setup and Use •Architecture

10.  Available at:  http://jpdias.github.io/botnet-lab

11. Solution | Botnet Lab - Overview • IRC communication protocol

    • Python 2.7.3 • Using several external API’s • Encrypted communication with Public- Key cryptographic

12. Solution | Botnet Lab - Functionalities Bot Keylogger DDoS Spam

    Webcam Control Remote Command Execute Screenshot

13. Solution | Botnet Lab - Architecture

14.  Available at:  http://github.com/jpdias/botnet-lab

15. Future Work • Implementation of other functionalities • Make the

    Botnet as “real” as current threats • Add botnet traffic simulation capabilities

16. Bots and Botnets—A Growing Threat Bots are one of the

    most sophisticated and popular types of cybercrime today. They allow hackers to take control of many computers at a time, and turn them into zombie computers, which operate as part of a powerful botnet to spread viruses, generate spam, and commit other types of online crime and fraud. Bots and Botnets—A Growing Threat. Norton by Symantec. Retrieved from http://us.norton.com/botnet/