Anatomy of a Botnet
No Thumbnail Available
URL
Journal Title
Journal ISSN
Volume Title
Helsinki University of Technology |
Diplomityö
Checking the digitized thesis and permission for publishing
Instructions for the author
Instructions for the author
Authors
Date
2009
Department
Major/Subject
Tietokoneverkot
Mcode
T-110
Degree programme
Language
en
Pages
(9+) 46
Series
Abstract
The presence of large pools of compromised computers, also known as botnets, or zombie armies, represents a very serious threat to Internet security. Botnet is a distributed attack infrastructure consisting of a large number of compromised cornputers controlled by an attacker via a command and control server. The controller of a botnet can both attack the comprornised hosts, and use those compromised computers to launch further attacks on other online systems. These compromised computers can he involved in any kind of online criminal activity: such as identity theft, DDoS attacks, spamming, phishing, and for stealing users' credentials (passwords, banking details etc). This master thesis aims at investigating how botnets are build and operated using different methods. It explains how we present the security challenges that a botnet raises together with how we analyze an advanced botnet, namely Asprox botnet. The focus of this thesis work has been to contribute to a deeper understanding of the botnet architecture as well as a better understanding of modern botnet threats. The thesis includes the architecture of a contemporary advanced bot commonly known as Asprox. Asprox is a type of malware that combines two threat vectors of forming a botnet and of generating SQL injection attacks. The thesis knowledge can he used to develop more efficient methods for detecting advanced botnets, and stopping the spreading of botnets on the Internet.Description
Supervisor
Aura, Tuomas|Sjödin, PeterThesis advisor
Josang, AudunKeywords
Asprox, Botnet, DDoS, phishing, spamming, SQL injection