際際滷

際際滷Share a Scribd company logo

Botnets

Download as PPTX, PDF
Vishwadeep Badgujar
Vishwadeep Badgujar

Botnets are networks of private computers infected with malicious software and controlled without the owners' knowledge. They are commonly used to launch distributed denial-of-service (DDoS) attacks and crack password files using brute force. An attacker first establishes command and control servers, then spreads bots to vulnerable devices using protocols like IRC and HTTP. Large botnets of thousands of devices allow password files to be cracked much faster than by a single computer. Common bot attacks include DDoS, spyware, click fraud, and password cracking. Users can help prevent infection by using antivirus software, firewalls, and keeping systems up to date.

1 of 28
Downloaded 160 times
Botnets MONSTERS OF INTERNET By : Vishwadeep C. Badgujar | Jalgaon
What is a Bot ( Bot/Botnets/Zombies) The word bot comes from Robot A network of private computers/devices infected with malicious software and controlled as a group without the owners' knowledge.
Recent news about bot attacks
BBC website crashed using 300 gbps ddos attacks
Pokemongo game website crashed using 200 gbps ddos attacks
ISPs in Maharashtra are facing DDoS attack
Botnet 25,000 CCTV Cameras Hacked to launch Ddos Attack
Interesting facts - Bots
60% internet traffic consume by bot worldwide
Group of Bots can crack 1 TB password file into 10 hours , Single computer takes 10 years
There are two main Communication Protocols used for bot attacks: IRC HTTP
IRC Protocol IRC Botnets are the predominant version IRC mainly designed for one to many conversations but can also handle one to one Most corporate networks due not allow any IRC traffic so any IRC requests can determine and external or internal bot Outbound IRC requests means an already infected computer on the network Inbound IRC requests mean that a network computer is being recruited
HTTP Protocol Due to prevalence of HTTP usage it is harder to track a botnet that uses HTTP Protocols Using HTTP can allow a botnet to skirt the firewall restrictions that hamper IRC botnets Detecting HTTP botnets is harder but not impossible since the header fields and the payload do not match usual transmissions Some new options emerging are IM and P2P protocols and expect growth here in the future
HTTP Botnet Example: Fast-flux Networks Commonly used scheme Used to control botnets w/ hundreds or even thousands of nodes
C&C Centralized Model Example 3 Steps of Authentication a. Bot to IRC Server b. IRC Server to Bot c. Botmaster to Bot
bots : How exactly work
Suppose attacker have hash file containing important password. And attacker have one 1 Tb file for password cracking.
He spilt this file into 10000 segments Wordlist file ( Size 1 TB )
First attacker Spreads bot in vulnerable devices like routers and cctvs. ( most of the cctv are vulnerable coz of default username and passwords) C & C C & C
Attacker setup C&C server first, then spread bot using C&C server ( Attacker always use Proxy Ip ) Then bots send to vulnerable devices. Then Attacker sends password file segments to bots ( approx each 1 Gb ) Now attackers needs to send command for cracking , As soon as command sends every bots start working for cracking Hash file. Single computer needs 1 years to crack 1 Tb file So 10000 computer or devices proportionally need 10 hours (approx). bots : How exactly work
what can botnets do Distributed Denial-of-Service Attacks Sniffing Traffic Keylogging Spreading new malware Installing Advertisement Addons Attacking IRC Chat Networks Create fake website visitors Manipulating online polls/games
Common bot attacks
Denial-of-service Another popular use of a bot, denial-of-service attacks look to invade a network or an Internet service provider, usually by stealth, in order to disrupt or cripple service. Here, the attacker tries to get as many computers infected as possible in order to have a bigger botnet network.
Spyware Spyware is any malware that can be used to gain information from its target or targets, anything from passwords and credit card information to the physical data contained within files. These can be lucrative to a bot herder, as they can sell the data on the black market. If a bot herder gains control of a corporate network, these can be all the more lucrative, as they may be able to sell the rights to their bank accounts and their intellectual property.
Click fraud his form of remote control can allow a bot herder to surreptitiously click links on Web sites and online advertising, bolstering numbers for advertisers and producing more money.
Wordlist bruteforce This type of bot work for cracking passwords using bruteforce methods
Prevention Against Bots Use best Antivirus software ( Norton/Avast/Avg) and take precautions for auto updates Always use and enable firewall software Update ur operating system regularly Update ur routers regularly Malwarebytes is best software for bots detections
Institute for Advanced Hacking & Cyber Crime Investigation

More Related Content

Botnets

  • 1. Botnets MONSTERS OF INTERNET By : Vishwadeep C. Badgujar | Jalgaon
  • 2. What is a Bot ( Bot/Botnets/Zombies) The word bot comes from Robot A network of private computers/devices infected with malicious software and controlled as a group without the owners' knowledge.
  • 3. Recent news about bot attacks
  • 4. BBC website crashed using 300 gbps ddos attacks
  • 5. Pokemongo game website crashed using 200 gbps ddos attacks
  • 6. ISPs in Maharashtra are facing DDoS attack
  • 7. Botnet 25,000 CCTV Cameras Hacked to launch Ddos Attack
  • 9. 60% internet traffic consume by bot worldwide
  • 10. Group of Bots can crack 1 TB password file into 10 hours , Single computer takes 10 years
  • 11. There are two main Communication Protocols used for bot attacks: IRC HTTP
  • 12. IRC Protocol IRC Botnets are the predominant version IRC mainly designed for one to many conversations but can also handle one to one Most corporate networks due not allow any IRC traffic so any IRC requests can determine and external or internal bot Outbound IRC requests means an already infected computer on the network Inbound IRC requests mean that a network computer is being recruited
  • 13. HTTP Protocol Due to prevalence of HTTP usage it is harder to track a botnet that uses HTTP Protocols Using HTTP can allow a botnet to skirt the firewall restrictions that hamper IRC botnets Detecting HTTP botnets is harder but not impossible since the header fields and the payload do not match usual transmissions Some new options emerging are IM and P2P protocols and expect growth here in the future
  • 14. HTTP Botnet Example: Fast-flux Networks Commonly used scheme Used to control botnets w/ hundreds or even thousands of nodes
  • 15. C&C Centralized Model Example 3 Steps of Authentication a. Bot to IRC Server b. IRC Server to Bot c. Botmaster to Bot
  • 16. bots : How exactly work
  • 17. Suppose attacker have hash file containing important password. And attacker have one 1 Tb file for password cracking.
  • 18. He spilt this file into 10000 segments Wordlist file ( Size 1 TB )
  • 19. First attacker Spreads bot in vulnerable devices like routers and cctvs. ( most of the cctv are vulnerable coz of default username and passwords) C & C C & C
  • 20. Attacker setup C&C server first, then spread bot using C&C server ( Attacker always use Proxy Ip ) Then bots send to vulnerable devices. Then Attacker sends password file segments to bots ( approx each 1 Gb ) Now attackers needs to send command for cracking , As soon as command sends every bots start working for cracking Hash file. Single computer needs 1 years to crack 1 Tb file So 10000 computer or devices proportionally need 10 hours (approx). bots : How exactly work
  • 21. what can botnets do Distributed Denial-of-Service Attacks Sniffing Traffic Keylogging Spreading new malware Installing Advertisement Addons Attacking IRC Chat Networks Create fake website visitors Manipulating online polls/games
  • 23. Denial-of-service Another popular use of a bot, denial-of-service attacks look to invade a network or an Internet service provider, usually by stealth, in order to disrupt or cripple service. Here, the attacker tries to get as many computers infected as possible in order to have a bigger botnet network.
  • 24. Spyware Spyware is any malware that can be used to gain information from its target or targets, anything from passwords and credit card information to the physical data contained within files. These can be lucrative to a bot herder, as they can sell the data on the black market. If a bot herder gains control of a corporate network, these can be all the more lucrative, as they may be able to sell the rights to their bank accounts and their intellectual property.
  • 25. Click fraud his form of remote control can allow a bot herder to surreptitiously click links on Web sites and online advertising, bolstering numbers for advertisers and producing more money.
  • 26. Wordlist bruteforce This type of bot work for cracking passwords using bruteforce methods
  • 27. Prevention Against Bots Use best Antivirus software ( Norton/Avast/Avg) and take precautions for auto updates Always use and enable firewall software Update ur operating system regularly Update ur routers regularly Malwarebytes is best software for bots detections
  • 28. Institute for Advanced Hacking & Cyber Crime Investigation