Dissecting SpyEye - Understanding the design of third generation botnets
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
Botnets continue to be a critical tool for hackers in exploiting vulnerabilities of systems and destructing computer networks. Botnet monitoring is a method used to study and identify malicious capabilities of a botnet, but current botnet monitoring projects mainly identify the magnitude of the botnet problem and tend to overt some fundamental problems, such as the diversified sources of the attacks. Most malicious botnets have the ability to be rented out to a broad range of potential customers, allowing each customer to launch different attacks from the other. Consequently, under the control of multiple botmasters, various attacks and transactions at different times attempt to damage networked infrastructures. In this paper we propose a multi-layered analysis system called Master Blaster which identifies the communication characteristics of a botmaster in botnet transactions and correlates those characteristics with evolutionary changes within botnet communication channels. Our results show the level of involvement of the monitored botmasters within a botnet as well as their general motives. Our system clearly indicates that the investigation of each botmaster and analysis of botmaster interactions are essential to cope with net-centric attacks caused by botnets.