Abstract
Today’s malware, short term for malicious software, poses one of the major threats to all currently operated computer systems. The scale of the problem becomes obvious by looking at the global economic loss caused by different kinds of malware, which is estimated to be more than US$10 billion every year. This particularly applies for botnets, which are a special kind of malware. In contrast to other kinds of malware, botnets utilize a hidden communication channel to receive commands from their operator and communicate their current status. The ability to execute almost arbitrary commands on the infected machines makes botnets a general-purpose tool to perform malicious cyber-activities. In this context, botnets are used for example by individual perpetrators, organized crime as well as governmentally supported organizations, in order to achieve individual gains. This chapter gives a technical insight into current botnet techniques and discusses state of the art countermeasures to combat the botnet threat in detail. This includes new detection methods as well as different approaches to actively compromise running botnets. Different techniques as well as their impact on current botnets are discussed, considering individual involved stakeholders. In addition to the technical countermeasures, current initiatives countering botnets are introduced.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Leyden, J. (2009). The Register. [Online]. http://www.theregister.co.uk/2009/01/30/techwatch_ddos/.
Symantec. (2011). Symantec Internet Security Threat Report, Volume 16.
Edwards, C. (2011). Bloomberg. [Online]. http://www.bloomberg.com/news/print/2011-06-27/human-errors-fuel-hacking-as-test-shows-nothing-prevents-idiocy.html.
Lyden, J. (2005). The Register. [Online]. http://www.theregister.co.uk/2005/12/15/mcafee_internal_security_survey/.
Panda Security. (2010). The Cyber-Crime, Black Market: Uncovered.
Krebs, B. (2011). KrebsonSecurity. [Online]. http://krebsonsecurity.com/2011/06/criminal-classifieds-malware-writers-wanted/.
Krebs, B. (2012). Tagging and tracking espionage botnets. [Online]. http://krebsonsecurity.com/2012/07/tagging-and-tracking-espionage-botnets/.
Deibert, R., & Rohozinski, R. (2009). Tracking GhostNet: Investigating a Cyber Espionage Network. Information Warfare Monitor.
Sanger, D. E. (2012). Obama order sped up wave of cyberattacks against Iran. [Online]. http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all.
Ottis, R. (2008). Analysis of the 2007 cyber attacks against estonia from the information warfare. Proceedings of the 7th European Conference on Information (pp. 163–168).
Leyden, J. (2010). The Register. [Online]. http://www.theregister.co.uk/2010/12/06/anonymous_launches_pro_wikileaks_campaign/.
Schmidt, J. (2007). The H Security. [Online]. http://www.h-online.com/security/features/Fast-Flux-747344.html.
Norton. (2011). Symantec.com. [Online]. http://www.symantec.com/about/news/release/article.jsp?prid=20110907_02.
F-Secure. F-Secure.com. [Online]. http://www.f-secure.com/v-descs/brain.shtml.
Munro, R., & Elmer-Dewitt, P. Time.com. [Online]. http://www.time.com/time/magazine/article/0,9171,968490-1,00.html.
BitDefender. (2010). Malware History.
Schauer, C. (2001). The Mechanisms and Effects of the Code Red Worm.
Ferguson, R. Businesscomputingworld. [Online]. http://www.businesscomputingworld.co.uk/the-history-of-the-botnet-part-i/.
Harley, D. (2009). ESET threat blog. [Online]. http://blog.eset.com/2009/07/07/guest-blog-how-much-spam-does-waledac-send.
M86 Security. Spam statistics. [Online]. http://www.m86security.com/labs/spam_statistics.asp.
Namestnikov, Y. (2009, July). The economics of botnets. [Online]. http://www.securelist.com/en/analysis/204792068/The_economics_of_Botnets.
Paulson, R. A., & Weber, J. E. (2006). Cyberextortion: An overview of distributed denial of service attacks against online gaming companies. Issues in Information Systems, 7, 52–56.
M86 Security. (2010). Cybercriminals Target Online Banking Customers.
Stevens, K., & Jackson, D. Dell SecureWorks. [Online]. http://www.secureworks.com/research/threats/zeus/.
(2009). Heise.de. [Online]. http://www.heise.de/security/meldung/Hunderte-Bundeswehr-Rechner-von-Conficker-befallen-195953.html.
Symantec Corp. (2010). W32.Stuxnet Dossier v1.3.
F-Secure. Worm:W32/Downadup.AL. [Online]. http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml.
F-Secure. Backdoor:W32/SdBot.MB. [Online]. http://www.f-secure.com/v-descs/sdbot_mb.shtml.
Kamluk, V. (2009). Securelist. [Online]. http://www.securelist.com/en/weblog?weblogid=208187897.
MessageLabs. (2007). Messagelabs Intelligence: August 2007.
Hypponen, M. (2008). News from the lab. [Online]. http://www.f-secure.com/weblog/archives/00001392.html.
Wisniewski, C. (2011). Naked security. [Online]. http://nakedsecurity.sophos.com/2011/09/07/an-analysis-of-the-pay-per-install-underground-economy/.
Holz T., Steiner M., Dahl F., Biersack E., & Freiling F. (2008). Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm.
Leder,F., & Werner, T. (2009). Know Your Enemy: Containing Conficker. The Honeynet Project.
Computer Security Group, UC Santa Barbara. (2009). Taking over the torpig botnet—my botnet is your botnet. [Online]. http://www.cs.ucsb.edu/~seclab/projects/torpig/.
Krebs, B. (2011). Krebs on security. [Online]. http://krebsonsecurity.com/2011/06/criminal-classifieds-malware-writers-wanted/.
Shah, C. (2010). McAfee blog central. [Online]. http://blogs.mcafee.com/mcafee-labs/zeus-crimeware-toolkit.
Leyden, J. (2011). The Register. [Online]. http://www.theregister.co.uk/2011/09/22/aldi_bot/.
Krebs, B. (2008). Washington Post. [Online]. http://www.washingtonpost.com/wp-dyn/content/story/2008/01/25/ST2008012501460.html.
Fisher, D. (2011). Threatpost. [Online]. http://threatpost.com/en_us/blogs/zeus-source-code-leaked-051011.
Mieres, J. (2011). Threatpost. [Online]. http://threatpost.com/en_us/blogs/ice-ix-first-crimeware-based-leaked-zeus-sources-082411.
Barford, P., & Yegneswaran, V. (2007). An inside look at botnets. Malware Detection (pp. 171–191).
Shadowserver Foundation. (2011, October). Shadowserver foundation—statistics. [Online]. http://www.shadowserver.org.
Damballa Inc. (2011). Top 10 Botnet Threat Report—2010.
Labovitz, C. (2010). Arbor networks security. [Online]. http://asert.arbornetworks.com/2010/12/the-internet-goes-to-war/.
Hogben, G., Plohmann, D., Gerhards-Padilla, E., & Leder, F. (2011). Botnets: Detection, Measurement, Disinfection & Defence.
Goodin, D. (2009). The Register. [Online]. http://www.theregister.co.uk/2009/04/16/new_ibotnet_analysis/.
Goodin, D. (2011). The Register. [Online]. http://www.theregister.co.uk/2011/01/19/mac_linux_bot_vulnerabilities/.
Maslennikov, D. (2011). Securelist. [Online]. http://www.securelist.com/en/analysis/204792168/Mobile_Malware_Evolution_An_Overview_Part_4.
F-Secure. (2010). News from the lab. [Online]. http://www.f-secure.com/weblog/archives/00002037.html.
Microsoft. (2011). Microsoft Security Intelligence Report Volume 11.
Porras, P., Saidi, H., & Yegneswaran, V. (2009). Conficker C Analysis. [Online]. http://mtc.sri.com/Conficker/addendumC/.
Stone-Gross, B. et al. (2009). Your botnet is my botnet: Analysis of a botnet takeover. Proceedings of the 16th ACM conference on Computer and communications security (pp. 635–647).
Kang, B. B. H. et al. (2009) Towards complete node enumeration in a peer-to-peer botnet. Proceedings of the 4th International Symposium on Information, Computer, and Communications Security.
Dittrich, D., & Dietrich, S. (2008). “Discovery Techniques for P2P Botnets.
Norton. (2011). Cybercrime Report 2011.
eEye Digital Security. Zero-day-tracker. [Online]. http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker.
AV-Test.org. [Online]. http://www.av-test.org/en/statistics/malware/.
Fisher, D. (2010). Threatpost. [Online]. http://threatpost.com/en_us/blogs/possible-new-rootkit-has-drivers-signed-realtek-071510.
Botfrei.de. Anti-Botnet Beratungszentrum. [Online]. http://www.botfrei.de.
Tikk, E., Kaska, K., & Vihul, L. (2010). International cyber incidents—legal considerations. Cooperative Cyber Defence Centre of Excellence, Tallin, Estonia.
Leder, F., Werner, T., & Martini, P. (2009). Proactive botnet countermeasures—an offensive approach. Cooperative Cyber Defence Centre of Excellence Tallinn, Estonia.
Ramachandran, A., Feamster, N., & Dagon, D. (2006). Revealing botnet membership using DNSBL counter-intelligence. Proceedings of the 2nd Conference on Steps to Reducing Unwanted Traffic on the Internet (Vol. 2).
Schmidt, J. E. (2006). Dynamic port 25 blocking to control spam zombies. Third Conference on Email and Anti-Spam.
McAfee. (2011). Underground Economy—Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency.
Calvet, J., Davis, C. R., & Bureau, P.-M. (2009). Malware authors don’t learn, and that’s good! Malicious and Unwanted Software (MALWARE) (pp. 88–97).
Castillo, C. (2011, May). I smell a RAT: Java botnet found in the wild. [Online]. http://blogs.mcafee.com/mcafee-labs/i-smell-a-rat-java-botnet-found-in-the-wild.
Benzmüller, R., & Berkenkopf, S. (2011). G Data Malware Report January–June 2011, G Data.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2013 The Author(s)
About this chapter
Cite this chapter
Tiirmaa-Klaar, H., Gassen, J., Gerhards-Padilla, E., Martini, P. (2013). Botnets: How to Fight the Ever-Growing Threat on a Technical Level. In: Botnets. SpringerBriefs in Cybersecurity. Springer, London. https://doi.org/10.1007/978-1-4471-5216-3_2
Download citation
DOI: https://doi.org/10.1007/978-1-4471-5216-3_2
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-4471-5215-6
Online ISBN: 978-1-4471-5216-3
eBook Packages: Computer ScienceComputer Science (R0)