Botnet tracking techniques and tools

Jose Nazario, Jeremy Linden Arbor Networks

Botnets have quickly become one of the chief dangers to large-scale Internet security, threatening nearly every Internet user and even the very infrastructure itself. Unlike traditional malware such as viruses and worms, the structure of a botnet creates the opportunity to perform direct measurements and observation. The common tools to perform these measurements are usually written quickly and may or may not work for long periods of time, especially if the botnet owner is vigilant about checking for lurking hosts. Furthermore, most botnet studies published thus far have focused on studying captured malware samples outside of the network or have been carried out using honeypot hosts. Neither of these techniques provide a full picture of the botnet landscape.

To study larger amounts of information about the botnet community, we have developed simple tools and techniques to infiltrate large numbers of botnets for long periods of time. Our findings reveal how botnet operators manage their networks, what they are doing with the infected hosts, and the skill levels required to create such botnets. The results of this illustrate how lucrative the botnet community is, how easy it is to get started, and how dangerous it can be for the Internet community at large.

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 24 comments

SMI Oil and Gas Cyber Security 2014

Malware Prevalence
Adware-misc |##########|
Java-Exploit |########|
Autorun |#####|
BHO/Toolbar-misc |####|
Conficker/Downadup |###|
 View this month's full report

Virus Bulletin currently has 231,338 registered users.