Peer-to-peer botnets: overview and case study
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
The heisenbot uncertainty problem: challenges in separating bots from chaff
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Spamalytics: an empirical analysis of spam marketing conversion
Proceedings of the 15th ACM conference on Computer and communications security
Towards complete node enumeration in a peer-to-peer botnet
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Walowdac - Analysis of a Peer-to-Peer Botnet
EC2ND '09 Proceedings of the 2009 European Conference on Computer Network Defense
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
BOTMAGNIFIER: locating spambots on the internet
SEC'11 Proceedings of the 20th USENIX conference on Security
Tracking DDoS attacks: insights into the business of disrupting the web
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Fluxing botnet command and control channels with URL shortening services
Computer Communications
PeerRush: mining for unwanted p2p traffic
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Hi-index | 0.00 |
In this study, we advance the understanding of botmaster-owned systems in an advanced botnet, Waledac, through the analysis of file-system and network trace data from the upper-tiers in its architecture. The functionality and existence of these systems has to-date only been postulated as existing knowledge has generally been limited to behavioral observations from hosts infected by bot binaries. We describe our new findings for this botnet relating to botmaster interaction, topological nuances, provided services, and malicious output, providing a more complete view of the botnet infrastructure and insight into the motivations and methods of sophisticated botnet deployment. The exposure of these explicit details of Waledac reveals and clarifies overall trends in the construction of advanced botnets with tiered architectures, both past, such as the Storm botnet which featured a highly similar architecture, and future. Implications of our findings are discussed, addressing how the botnet's auditing activities, authenticated spam dispersion technique, repacking method, and tier utilization affect remediation and challenge current notions of botnet configuration and behavior.