C&C Techniques in Botnet Development

  • Félix Brezo
  • José Gaviria de la Puerta
  • Igor Santos
  • David Barroso
  • Pablo Garcia Bringas
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 189)


Botnets are one of the most important threats towards nowadays users of the Internet. The joint of malware capabilities to be exploited in the network services and the increasing number of daily transactions performed in the cloud, makes them an attractive target for cybercriminals who have evolved their old IRC-based communication channels, into decentralized P2P networks, HTTP/S botnets and even Twitter-controlled networks. Against this background, this article analyses the threat that will affect computer networks in the upcoming years by going through these different Command & Control channels used by botmasters to keep the control of their hijacked networks.


botnets crimeware cyberfraud C&C source analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Lillington, K.: Time to talk: Anonymus speaks outsGoogle Scholar
  2. 2.
    InfoSecurity: Anonymus hacking group uses IRC channles to co-ordinate DDoS attacks (2011)Google Scholar
  3. 3.
    Office, F.N.P.: Over 1 Million Potential Victims of Botnet Cyber Crime (2007)Google Scholar
  4. 4.
    Corrons, L.: Mariposa botnet (2010)Google Scholar
  5. 5.
    NATO/OTAN: Tackling new security challenges. Technical report (2011)Google Scholar
  6. 6.
    Lemos, R.: U. S. military to build botnets? 737 (2008)Google Scholar
  7. 7.
    Williamson, C.W.: Carpet bombing in cyberspace: Why America needs a military botnetGoogle Scholar
  8. 8.
    Trust, E.T.E.: Desactivando redes de ordenadores controlados por ciberdelincuentes para crear un internet ms seguroy fiable (2010)Google Scholar
  9. 9.
    Studer, R.: Economic and Technical Analysis of BotNets and Denial-of-Service Attacks. In: Communication Systems IV. University of Zurich, Department of Informatics (2011)Google Scholar
  10. 10.
    Bleaken, D.: Botwars: the fight against criminal cyber networks. Computer Fraud & Security 2010(5), 17–19 (2010)CrossRefGoogle Scholar
  11. 11.
    Smith, K., Lin, P.: Keeping internet marketing up and running: potential disasters and how to plan for them. International Journal of Electronic Marketing and Retailing 4(1), 1–15 (2011)CrossRefGoogle Scholar
  12. 12.
    Cranton, T.: Cracking Down on Botnets (2010)Google Scholar
  13. 13.
    Seiiler, J.: Entrance of Wikileaks Into Fourth Estate Creates Perils, OpportunitiesGoogle Scholar
  14. 14.
    Bloxham, A., Swinford, S.: WikiLeaks cyberwar: hackers planning revenge attack on Amazon.Google Scholar
  15. 15.
    Zhuge, J., Holz, T., Han, X., Guo, J., Zou, W.: Characterizing the irc-based botnet phenomenon. In: Reihe Informatik. Pace University, White Plains (2007)Google Scholar
  16. 16.
    Grizzard, J., Sharma, V., Nunnery, C., Kang, B., Dagon, D.: Peer-to-peer botnets: Overview and case study. In: Proceedings of the First USENIX Workshop on Hot Topics in Understanding Botnets (2007)Google Scholar
  17. 17.
    Wang, P., Wu, L., Aslam, B., Zou, C.: An advanced hybrid peer-to-peer botnet. In: USENIX Workshop on Hot Topics in Understanding Botnets (HotBots 2007) (2007)Google Scholar
  18. 18.
    Wang, P., Wu, L., Aslam, B.: C. Zou, C.: A systematic study on peer-to-peer botnets. In: Proceedings of 18th Internatonal Conference on Computer Communications and Networks, ICCCN 2009 (2009)Google Scholar
  19. 19.
    Naoumov, N., Ross, K.: Exploiting p2p systems for ddos attacks (2009)Google Scholar
  20. 20.
    Nagaraja, S., Mittal, P., Hong, C.Y., Caesar, M., Borisov, N.: Botgrep: Finding p2p bots with structured graph analysis (2010)Google Scholar
  21. 21.
    Binsalleeh, H., Ormerod, T., Boukhtouta, A., Sinha, P., Youssef, A., Debbabi, M., Wang, L.: On the analysis of the zeus botnet crimeware toolkit. In: Eighth Annual International Conference on Privacy Security and Trust, PST (2010)Google Scholar
  22. 22.
    Seltzer, L.: Zeus Source Code ReleasedGoogle Scholar
  23. 23.
    Ragan, S.: Overview: Inside the Zeus Trojans source codeGoogle Scholar
  24. 24.
    Calles, J.A., Gonzàlez, P.: Troyano Flu b0.4 Windows. Manual de Usuario (2011)Google Scholar
  25. 25.
    Nazario, J.: Twitter-based Botnet Command Channel (2009)Google Scholar
  26. 26.
    Kartaltepe, E., Morales, J., Xu, S., Sandhu, R.: Social Network-Based Botnet Command-and-Control: Emerging Threats and Countermeasures. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 511–528. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  27. 27.
    Spitzner, L.: The honeynet project: Trapping the hackers. IEEE Security & Privacy 1(2), 15–23 (2003)CrossRefGoogle Scholar
  28. 28.
    Herrero, L., Zurutuza, U., Corchado, E.: A neural-visualization ids for honeynet data. International Journal of Neural Systems 22(2), 1250005 (2012)CrossRefGoogle Scholar
  29. 29.
    Corchado, E., Herrero, Á.: Neural visualization of network traffic data for intrusion detection. Applied Soft Computing 11(2), 2042–2056 (2011)CrossRefGoogle Scholar
  30. 30.
    Massi, J., Panda, S., Rajappa, G., Selvaraj, S., Swapana, R.: Botnet detection and mitigation. In: Student-Faculty Research Day, CSIS. Pace University, White Plains (2010)Google Scholar
  31. 31.
    Goebel, J., Holz, T.: Rishi: Identify bot contaminated hosts by irc nickname evaluation. In: Proceedings of the USENIX Workshop on Hot Topics in Understanding Botnets, HotBots (2007)Google Scholar
  32. 32.
    Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., Osipkov, I.: Spamming botnets: Signatures and characteristics. ACM SIGCOMM Computer Communication Review 38(4), 171–182 (2008)CrossRefGoogle Scholar
  33. 33.
    Ormerod, T., Wang, L., Debbabi, M., Youssef, A., Binsalleeh, H., Boukhtouta, A., Sinh, P.: Defaming botnet toolkits: A bottom-up approach to mitigating the threat. In: eCrime Researchers Summit, eCrime (2010)Google Scholar
  34. 34.
    Riccardi, M., Oro, D., Luna, J., Cremonini, M., Vilanova, M.: A framework for financial botnet analysis. In: eCrime Researchers Summit, eCrime (2010)Google Scholar
  35. 35.
    Liang, J., Naoumov, N., Ross, K.: The index poisoning attack in p2p file sharing systems. In: IEEE INFOCOM, Citeseer, vol. 6 (2006)Google Scholar
  36. 36.
    Lou, X., Hwang, K.: Prevention of index-poisoning DDoS attacks in peer-to-peer file-sharing networks. Submitted to IEEE Trans. on Multimedia, Special Issue on Content Storage and Delivery in P2P Networks (2006)Google Scholar
  37. 37.
    Staniford, S., Parxson, V., Weaver, N.: How to own the internet in your spare time. In: Proceedings of the 11th USENIX Security Symposium (2002)Google Scholar
  38. 38.
    Vogt, R., Aycock, J., Jacobson, M.: Army of botnets. In: Proceedings of the 2007 Network and Distr. System Sec. Symposium (NDSS 2007), Citeseer, pp. 111–123 (2007)Google Scholar
  39. 39.
    Karge, S.: The german anti-botnet initiative. In: OECD Workshop: The Role of Internet Intermediaries in Advancing Public Policy Objectives, Organization for Economic Co-Operation and Development (2011)Google Scholar
  40. 40.
    Ashford, W.: Collaborative strike takes down second hlux/kelihos botnet (2012)Google Scholar
  41. 41.
    Gostev, A.: Kaspersky Security Bulletin. Malware Evolution 2010. Technical report, Karspersky Labs (February 2011)Google Scholar
  42. 42.
    Kok, J., Kurz, B.: Analysis of the botnet ecosystem. In: 10th Conference of Telecommunication, Media and Internet Techno-Economics (CTTE). VDE, pp. 1–10 (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Félix Brezo
    • 1
  • José Gaviria de la Puerta
    • 1
  • Igor Santos
    • 1
  • David Barroso
    • 2
  • Pablo Garcia Bringas
    • 1
  1. 1.DeustoTech ComputingUniversity of DeustoBilbaoSpain
  2. 2.Telefonica I+DMadridSpain

Personalised recommendations