LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Take a deep breath: a stealthy, resilient and cost-effective botnet using skype
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet
Proceedings of the 26th Annual Computer Security Applications Conference
Conficker and beyond: a large-scale empirical study
Proceedings of the 26th Annual Computer Security Applications Conference
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
BOTMAGNIFIER: locating spambots on the internet
SEC'11 Proceedings of the 20th USENIX conference on Security
RatBot: anti-enumeration peer-to-peer botnets
ISC'11 Proceedings of the 14th international conference on Information security
Understanding fraudulent activities in online ad exchanges
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Detecting malware's failover C&C strategies with squeeze
Proceedings of the 27th Annual Computer Security Applications Conference
Spy vs. Spy: counter-intelligence methods for backtracking malicious intrusions
Proceedings of the 2011 Conference of the Center for Advanced Studies on Collaborative Research
Peri-Watchdog: Hunting for hidden botnets in the periphery of online social networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
A botnet is a network of compromised machines under the control of an attacker. Botnets are the driving force behind several misuses on the Internet, for example spam mails or automated identity theft. In this paper, we study the most prevalent peer-to-peer botnet in 2009: Waledac. We present our in ltration of the Waledac botnet, which can be seen as the successor of the Storm Worm botnet. To achieve this we implemented a clone of the Waledac bot named Walowdac. It implements the communication features of Waledac but does not cause any harm, i.e., no spam emails are sent and no other commands are executed. With the help of this tool we observed a minimum daily population of 55,000 Waledac bots and a total of roughly 390,000 infected machines throughout the world. Furthermore, we gathered internal information about the success rates of spam campaigns and newly introduced features like the theft of cre- dentials from victim machines.