Skip to main content

Android Botnets: What URLs are Telling Us

Part of the Lecture Notes in Computer Science book series (LNSC,volume 9408)

Abstract

Botnets have traditionally been seen as a threat to personal computers; however, the recent shift to mobile platforms resulted in a wave of new botnets. Due to its popularity, Android mobile Operating System became the most targeted platform. In spite of rising numbers, there is a significant gap in understanding the nature of mobile botnets and their communication characteristics. In this paper, we address this gap and provide a deep analysis of Command and Control (C&C) and built-in URLs of Android botnets detected since the first appearance of the Android platform. By combining both static and dynamic analyses with visualization, we uncover the relationships between the majority of the analyzed botnet families and offer an insight into each malicious infrastructure. As a part of this study we compile and offer to the research community a dataset containing 1929 samples representing 14 Android botnet families.

Keywords

  • Android botnet
  • Malware
  • URL
  • Visualization

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-25645-0_6
  • Chapter length: 14 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   69.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-25645-0
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   89.99
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Mobile malware mini dump. http://contagiominidump.blogspot.ca/ (accessed April 1, 2015)

  2. Security threat trends. https://www.sophos.com/en-us/threat-center/medialibrary/PDFs/other/sophos-trends-and-predictions-2015.pdf (accessed August 1, 2015)

  3. Virus total. https://www.virustotal.com/en/ (accessed June 12, 2015)

  4. Android malware: Past, present, and future. http://www.locked.com/sites/default/files/android-malware-past-present-future-wp.pdf (accessed June 7, 2015)

  5. Malware Blocklist. http://www.malwaredomains.com/ (accessed March 5, 2015)

  6. Shalla’s blacklists. http://www.shallalist.de/ (accessed March 5, 2015)

  7. Url blacklist. http://www.urlblacklist.com/ (accessed March 5, 2015)

  8. Zeus tracker. https://zeustracker.abuse.ch/blocklist.php (accessed March 5, 2015)

  9. Anubis: web-based malware analysis for unknown binaries. https://anubis.iseclab.org/ (accessed May 30, 2015)

  10. Abdelrahman, O.H., Gelenbe, E., Görbil, G., Oklander, B.: Mobile network anomaly detection and mitigation: the NEMESYS approach. In: Information Sciences and Systems 2013, pp. 429–438. Springer (2013)

    Google Scholar 

  11. Alzahrani, A.J., Ghorbani, A.A.: SMS mobile botnet detection using a multi-agent system: research in progress. In: Proceedings of the 1st International Workshop on Agents and CyberSecurity, pp. 2:1–2:8. ACM, New York (2014)

    Google Scholar 

  12. Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to Android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 73–84. ACM, New York (2010)

    Google Scholar 

  13. Chebyshev, V., Unuchek, R.: Mobile malware evolution. https://securelist.com/analysis/kaspersky-security-bulletin/58335/mobile-malware-evolution-2013/ (accessed March 5, 2015)

  14. Choi, B., Choi, S.K., Cho, K.: Detection of mobile botnet using VPN. In: Proceedings of the 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, pp. 142–148. IEEE Computer Society, Washington (2013)

    Google Scholar 

  15. Feizollah, A., Anuar, N.B., Salleh, R., Amalina, F., Maarof, R.R., Shamshirband, S.: A study of machine learning classifiers for anomaly-based mobile botnet detection. Malaysian Journal of Computer Science 26(4) (2014)

    Google Scholar 

  16. Geng, G., Xu, G., Zhang, M., Yang, Y., Yang, G.: An improved SMS based heterogeneous mobile botnet model. In: 2011 IEEE International Conference on Information and Automation (ICIA), pp. 198–202, June 2011

    Google Scholar 

  17. Hamon, V.: Android botnets for multi-targeted attacks. Journal of Computer Virology and Hacking Techniques, 1–10 (2014)

    Google Scholar 

  18. Hasan, R., Saxena, N., Haleviz, T., Zawoad, S., Rinehart, D.: Sensing-enabled channels for hard-to-detect command and control of mobile devices. In: Proceedings of the 8th ACM SIGSAC Symposium on Information. Computer and Communications Security, pp. 469–480. ACM, New York (2013)

    Google Scholar 

  19. Hua, J., Sakurai, K.: A SMS-based mobile botnet using flooding algorithm. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 264–279. Springer, Heidelberg (2011)

    Google Scholar 

  20. Le, A., Markopoulou, A., Faloutsos, M.: Phishdef:url names say it all. In: 2011 Proceedings IEEE INFOCOM, pp. 191–195. IEEE (2011)

    Google Scholar 

  21. Loorak, M.H., Fong, P.W.L., Carpendale, S.: Papilio: Visualizing Android Application Permissions. Computer Graphics Forum 33(3), 391–400 (2014). http://diglib.eg.org/EG/CGF/volume33/issue3/v33i3pp391-400.pdf

    CrossRef  Google Scholar 

  22. Luoshi, Z., Yan, N., Xiao, W., Zhaoguo, W., Yibo, X.: A3: automatic analysis of android malware. In: 1st International Workshop on Cloud Computing and Information Security. Atlantis Press (2013)

    Google Scholar 

  23. Pieterse, H., Olivier, M.: Android botnets on the rise: trends and characteristics. In: Information Security for South Africa (ISSA), pp. 1–5, August 2012

    Google Scholar 

  24. Traynor, P., Lin, M., Ongtang, M., Rao, V., Jaeger, T., McDaniel, P., La Porta, T.: On cellular botnets: measuring the impact of malicious devices on a cellular network core. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 223–234. ACM, New York (2009)

    Google Scholar 

  25. Vural, I., Venter, H.: Mobile botnet detection using network forensics. In: Berre, A.J., Gómez-Pérez, A., Tutschku, K., Fensel, D. (eds.) FIS 2010. LNCS, vol. 6369, pp. 57–67. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  26. Xiang, C., Binxing, F., Lihua, Y., Xiaoyi, L., Tianning, Z.: Andbot: towards advanced mobile botnets. In: Proceedings of the 4th USENIX Conference on Large-scale Exploits and Emergent Threats, p. 11. USENIX Association, Berkeley (2011)

    Google Scholar 

  27. Zeng, Y., Shin, K.G., Hu, X.: Design of SMS commanded-and-controlled and p2p-structured mobile botnets. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 137–148. ACM, New York (2012)

    Google Scholar 

  28. Zhao, S., Lee, P.P.C., Lui, J.C.S., Guan, X., Ma, X., Tao, J.: Cloud-based push-styled mobile botnets: a case study of exploiting the cloud to device messaging service. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 119–128. ACM, New York (2012)

    Google Scholar 

  29. Zhou, Y., Jiang, X.: An analysis of the Anserverbot trojan. Tech. rep., Technical report, NQ Mobile Security Research Center (2011)

    Google Scholar 

  30. Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109, May 2012

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Andi Fitriah Abdul Kadir .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Abdul Kadir, A.F., Stakhanova, N., Ghorbani, A.A. (2015). Android Botnets: What URLs are Telling Us. In: Qiu, M., Xu, S., Yung, M., Zhang, H. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science(), vol 9408. Springer, Cham. https://doi.org/10.1007/978-3-319-25645-0_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25645-0_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25644-3

  • Online ISBN: 978-3-319-25645-0

  • eBook Packages: Computer ScienceComputer Science (R0)