Peer-to-peer botnets: A case study on Waledac

Botnets are networks of compromised computer systems used to perform various criminal activities on the Internet. This thesis gives a detailed analysis of the well-knownWaledac botnet, based on results from reverse code engineering and sandboxed execution. The analysis results in methods to detect Waledac bots on a network, and an effective attack aimed at overtaking the entire botnet. In light of the analysis and a overview of the current situation in botnet defence the future of botnets are discussed.

[1]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[2]  Iván Arce,et al.  An Analysis of the Slapper Worm , 2003, IEEE Secur. Priv..

[3]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[4]  Miguel Castro,et al.  Defending against eclipse attacks on overlay networks , 2004, EW 11.

[5]  Thorsten Holz,et al.  A Pointillist Approach for Comparing Honeypots , 2005, DIMVA.

[6]  Andrew H. Sung,et al.  Disassembled code analyzer for malware (DCAM) , 2005, IRI -2005 IEEE International Conference on Information Reuse and Integration, Conf, 2005..

[7]  Farnam Jahanian,et al.  The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets , 2005, SRUTI.

[8]  Ryan Cunningham,et al.  Honeypot-Aware Advanced Botnet Construction and Maintenance , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[9]  Felix C. Freiling,et al.  The Nepenthes Platform: An Efficient Approach to Collect Malware , 2006, RAID.

[10]  Andreas Terzis,et al.  A multifaceted approach to understanding the botnet phenomenon , 2006, IMC '06.

[11]  Wenke Lee,et al.  PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[12]  John Aycock,et al.  Attack of the 50 Foot Botnet , 2006 .

[13]  Ken Chiang,et al.  A Case Study of the Rustock Rootkit and Spam Bot , 2007, HotBots.

[14]  Mattia Monga,et al.  Code Normalization for Self-Mutating Malware , 2007, IEEE Security & Privacy.

[15]  Thorsten Holz,et al.  Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation , 2007, HotBots.

[16]  Niels Provos,et al.  The Ghost in the Browser: Analysis of Web-based Malware , 2007, HotBots.

[17]  Yoichi Shinoda,et al.  Design Issues of an Isolated Sandbox Used to Analyze Malwares , 2007, IWSEC.

[18]  Brent Byunghoon Kang,et al.  Peer-to-Peer Botnets: Overview and Case Study , 2007, HotBots.

[19]  Neil Daswani,et al.  The Anatomy of Clickbot.A , 2007, HotBots.

[20]  Zhuoqing Morley Mao,et al.  Automated Classification and Analysis of Internet Malware , 2007, RAID.

[21]  Paul Barford,et al.  Toward Botnet Mesocosms , 2007, HotBots.

[22]  Christopher Krügel,et al.  Exploring Multiple Execution Paths for Malware Analysis , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[23]  Dawn Song,et al.  Malware Detection , 2010, Advances in Information Security.

[24]  Christopher Krügel,et al.  Limits of Static Analysis for Malware Detection , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[25]  Brian Rexroad,et al.  Wide-Scale Botnet Detection and Characterization , 2007, HotBots.

[26]  Somesh Jha,et al.  OmniUnpack: Fast, Generic, and Safe Unpacking of Malware , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[27]  Satoshi Kondo,et al.  Botnet Traffic Detection Techniques by C&C Session Classification Using SVM , 2007, IWSEC.

[28]  John C. Mitchell,et al.  Characterizing Bots' Remote Control Behavior , 2007, DIMVA.

[29]  Hao Tu,et al.  Detecting Botnets by Analyzing DNS Traffic , 2007, PAISI.

[30]  Sébastien Josse Secure and advanced unpacking using computer emulation , 2007, Journal in Computer Virology.

[31]  Felix C. Freiling,et al.  Toward Automated Dynamic Malware Analysis Using CWSandbox , 2007, IEEE Secur. Priv..

[32]  Sven Dietrich,et al.  Analysis of the Storm and Nugache Trojans: P2P Is Here , 2007, login Usenix Mag..

[33]  Vinod Yegneswaran,et al.  BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[34]  Zhuoqing Morley Mao,et al.  Characterizing Dark DNS Behavior , 2007, DIMVA.

[35]  Chengyu Song,et al.  Collecting Autonomous Spreading Malware Using High-Interaction Honeypots , 2007, ICICS.

[36]  Lei Liu,et al.  BotTracer: Execution-Based Bot-Like Malware Detection , 2008, ISC.

[37]  C. Wilson Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress , 2008 .

[38]  Geoff Hulten,et al.  Spamming botnets: signatures and characteristics , 2008, SIGCOMM '08.

[39]  Lorenzo Martignoni,et al.  FluXOR: Detecting and Monitoring Fast-Flux Service Networks , 2008, DIMVA.

[40]  Jostein Jensen A Novel Testbed for Detection of Malicious Software Functionality , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[41]  Brad Smith,et al.  A Storm (Worm) Is Brewing , 2008, Computer.

[42]  Chris Kanich,et al.  Spamalytics: an empirical analysis of spam marketing conversion , 2008, CCS.

[43]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[44]  Kim-Kwang Raymond Choo,et al.  Criminal Exploitation of Online Systems by Organised Crime Groups , 2008 .

[45]  Barry E. Mullins,et al.  Hindering Reverse Engineering: Thinking Outside the Box , 2008, IEEE Security & Privacy.

[46]  R. Villamarin-Salomon,et al.  Identifying Botnets Using Anomaly Detection Techniques Applied to DNS Traffic , 2008, 2008 5th IEEE Consumer Communications and Networking Conference.

[47]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[48]  Chris Kanich,et al.  On the Spam Campaign Trail , 2008, LEET.

[49]  Engin Kirda,et al.  A View on Current Malware Behaviors , 2009, LEET.

[50]  Ram Dantu,et al.  Email Shape Analysis for Spam Botnet Detection , 2009, 2009 6th IEEE Consumer Communications and Networking Conference.

[51]  Dustin Burke,et al.  Real-Time Detection of Fast Flux Service Networks , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[52]  Farnam Jahanian,et al.  A Survey of Botnet Technology and Defenses , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.