Andbot: towards advanced mobile botnets

Authors:
Cui Xiang;Fang Binxing;Yin Lihua;Liu Xiaoyi;Zang Tianning
Affiliations:
Research Center of Information Security, Institute of Computing Technology, Chinese Academy of Sciences;Research Center of Information Security, Institute of Computing Technology, Chinese Academy of Sciences;Research Center of Information Security, Institute of Computing Technology, Chinese Academy of Sciences;Research Center of Information Security, Institute of Computing Technology, Chinese Academy of Sciences;Research Center of Information Security, Institute of Computing Technology, Chinese Academy of Sciences
Venue:
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Year:
2011

Citing 12
Cited 8

Towards an Intrusion Detection System for Battery Exhaustion Attacks on Mobile Computing Devices

PERCOMW '05 Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops
Automated worm fingerprinting

OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Autograph: toward automated, distributed worm signature detection

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
An advanced hybrid peer-to-peer botnet

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Detecting energy-greedy anomalies and mobile malware variants

Proceedings of the 6th international conference on Mobile systems, applications, and services
Overbot: a botnet protocol based on Kademlia

Proceedings of the 4th international conference on Security and privacy in communication netowrks
Towards Next-Generation Botnets

EC2ND '08 Proceedings of the 2008 European Conference on Computer Network Defense
BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection

SS'08 Proceedings of the 17th conference on Security symposium
On cellular botnets: measuring the impact of malicious devices on a cellular network core

Proceedings of the 16th ACM conference on Computer and communications security
Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering

Proceedings of the 16th ACM conference on Computer and communications security
A foray into Conficker's logic and rendezvous points

LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Evaluating Bluetooth as a medium for botnet command and control

DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment

Poster: recoverable botnets: a hybrid C&C approach

Proceedings of the 18th ACM conference on Computer and communications security
Isolating and analyzing fraud activities in a large cellular network via voice call graph analysis

Proceedings of the 10th international conference on Mobile systems, applications, and services
Advanced triple-channel botnets: model and implementation

Proceedings of the 2012 ACM conference on Computer and communications security
The triple-channel model: toward robust and efficient advanced botnets (poster abstract)

RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Cloud-based push-styled mobile botnets: a case study of exploiting the cloud to device messaging service

Proceedings of the 28th Annual Computer Security Applications Conference
Fluxing botnet command and control channels with URL shortening services

Computer Communications
Botnets: A survey

Computer Networks: The International Journal of Computer and Telecommunications Networking
Sensing-enabled channels for hard-to-detect command and control of mobile devices

Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

With the rapid development of the computing and Internet access (i.e., using WiFi, GPRS and 3G) capabilities of smartphones, constructing practical mobile botnets has become an underlying trend. In this paper, we introduce the design of a mobile botnet called Andbot which exploits a novel command and control (C&C) strategy named URL Flux. The proposed Andbot would have desirable features including being stealthy, resilient and low-cost (i.e., low battery power consumption, low traffic consumption and low money cost) which promise to be appealing for botmasters. To prove the efficacy of our design, we implemented the prototype of Andbot in the most popular open source smartphone platform - Android (Google) - and evaluated it. The preliminary experiment results show that the design of Andbot is suitable for smartphones and hard to defend against. We believe that mobile botnets similar to Andbot will break out in the near future, consequently, security defenders should pay more attention to this kind of advanced mobile botnet in the early stage. The goal of our work is to increase the understanding of mobile botnets which will promote the development of more efficient countermeasures. To conclude our paper, we suggest possible defenses against the emerging threat.