Andbot: towards advanced mobile botnets

With the rapid development of the computing and Internet access (i.e., using WiFi, GPRS and 3G) capabilities of smartphones, constructing practical mobile botnets has become an underlying trend. In this paper, we introduce the design of a mobile botnet called Andbot which exploits a novel command and control (C&C) strategy named URL Flux. The proposed Andbot would have desirable features including being stealthy, resilient and low-cost (i.e., low battery power consumption, low traffic consumption and low money cost) which promise to be appealing for botmasters. To prove the efficacy of our design, we implemented the prototype of Andbot in the most popular open source smartphone platform - Android (Google) - and evaluated it. The preliminary experiment results show that the design of Andbot is suitable for smartphones and hard to defend against. We believe that mobile botnets similar to Andbot will break out in the near future, consequently, security defenders should pay more attention to this kind of advanced mobile botnet in the early stage. The goal of our work is to increase the understanding of mobile botnets which will promote the development of more efficient countermeasures. To conclude our paper, we suggest possible defenses against the emerging threat.

[1]  Kang G. Shin,et al.  Detecting energy-greedy anomalies and mobile malware variants , 2008, MobiSys '08.

[2]  B. Karp,et al.  Autograph: Toward Automated, Distributed Worm Signature Detection , 2004, USENIX Security Symposium.

[3]  Vinod Yegneswaran,et al.  An Analysis of the iKee.B iPhone Botnet , 2010, MobiSec.

[4]  T. Holz,et al.  Towards Next-Generation Botnets , 2008, 2008 European Conference on Computer Network Defense.

[5]  George Varghese,et al.  Automated Worm Fingerprinting , 2004, OSDI.

[6]  Abhinav Srivastava,et al.  Evaluating email’s feasibility for botnet command and control , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[7]  Thomas F. La Porta,et al.  On cellular botnets: measuring the impact of malicious devices on a cellular network core , 2009, CCS.

[8]  Kang G. Shin,et al.  Design of SMS commanded-and-controlled and P2P-structured mobile botnets , 2012, WISEC '12.

[9]  Christopher Krügel,et al.  Overbot: a botnet protocol based on Kademlia , 2008, SecureComm.

[10]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[11]  Hassen Saïdi,et al.  A Foray into Conficker's Logic and Rendezvous Points , 2009, LEET.

[12]  Jean-Pierre Seifert,et al.  Rise of the iBots: Owning a telco network , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[13]  Michael S. Hsiao,et al.  Towards an intrusion detection system for battery exhaustion attacks on mobile computing devices , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[14]  Ping Wang,et al.  An Advanced Hybrid Peer-to-Peer Botnet , 2007, IEEE Transactions on Dependable and Secure Computing.

[15]  Dawn Xiaodong Song,et al.  Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering , 2009, CCS.

[16]  John Aycock,et al.  Army of Botnets , 2007, NDSS.

[17]  Wenke Lee,et al.  Evaluating Bluetooth as a Medium for Botnet Command and Control , 2010, DIMVA.

[18]  Grant A. Jacoby,et al.  Battery-based intrusion detection , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[19]  Axelle Apvrille Symbian worm Yxes: towards mobile botnets? , 2012, Journal in Computer Virology.