PowerPoint Presentation

BOTLAB

By: Anthony W. Stamm

What is a BOTNET?A botnet is a collection of infected computers that have been infected with a virus to bring them under the control of one single hacker or organization.

This ability to control a large botnet gives hackers and cybercriminals the ability to send billions of spam emails, or orchestrate massive DDOS attacks at will. A single Bot program is normally very weak unless spread across more computers.Botnets are designed to harvest data such as passwords, Social Security numbers, credit card numbers, addresses, telephone numbers and other personal information. A Botnet can have anywhere from a few hundred to thousands of devices at their disposal.

What Are Botnets used For?Keylogging

A DDoS attack is an attack on the computers system or network that is usually focused on consuming the networks bandwidth and overloading the computational resources of the victims system

Spamming is when an attacker is able to send massive amounts of bulk email (spam). Some bots also implement a special function to harvest email-addresses. Often that spam you are receiving was sent from, or proxied through, a family members old Windows computer sitting at home.

Spamming

Distributed Denial-of-Service Attacks (DDoS)

With the help of a keylogger it is very easy for an attacker to retrieve sensitive information. An implemented filtering mechanism (e.g. "I am only interested in key sequences near the keyword 'usaa.com'") would further helps in stealing secret data.

BOTNET ARCHITECTURE

ClientserverA network based on the client-server model, where individual clients request services and resources from centralized serversStar topology, in which the bots are organized around a central server. Multi-server, in which there are multiple C&C servers for redundancy. Hierarchical, in which multiple C&C servers that are organized into tiered groups.

BOTNET ARCHITECTURE

Peer-To-Peer (P2P)botnets have a random organization and operate without a C&C server. Bot software maintains a list of trusted computersThe lack of a command-and-control server makes it less likely that detection of a single bot can lead to investigators taking down the entire network.The work is distributed between many nodes, allowing them to shift to another node if one is taken down.Any node in the network can act as both a client and a server.

Social MediaHackers can use such aspects like Facebook in order to spread the Botnets across the world much like in 2013 where a Botnet called Lecpetex which infected over 50,000 personal computers.

HackersTargetHostComputer

Who's spamming us now?Websites like http://botlab.org/ are used in finding and tracking the current Bot activity throughout the world.The top three countries that experience the most spam volume are: India with 10.49% spam volume. USA with 7.69% spam volumeVietnam with 6.01% and increasing

The top three countries that experience the most Bot IPs volume are: India BrazilRussia

Protective Mindset

02010304ANTI-VIRUSRemember to keep it updatedFIREWALLand other security software helps protect ones systemAttachmentsScan and verify every attachment before opening themMobile DevicesAre also at risk and can be used as Bots

8

YOUTHANKFOR WATCHING