Cloud-based push-styled mobile botnets: a case study of exploiting the cloud to device messaging service

Given the popularity of smartphones and mobile devices, mobile botnets are becoming an emerging threat to users and network operators. We propose a new form of cloud-based push-styled mobile botnets that exploits today's push notification services as a means of command dissemination. To motivate its practicality, we present a new command and control (C&C) channel using Google's Cloud to Device Messaging (C2DM) service, and develop a C2DM botnet specifically for the Android platform. We present strategies to enhance its scalability to large botnet coverage and its resilience against service disruption. We prototype a C2DM botnet, and perform evaluation to show that the C2DM botnet is stealthy in generating heartbeat and command traffic, resource-efficient in bandwidth and power consumptions, and controllable in quickly delivering a command to all bots. We also discuss how one may deploy a C2DM botnet, and demonstrate its feasibility in launching an SMS-Spam-and-Click attack. Lastly, we discuss how to generalize the design to other platforms, such as iOS or Window-based systems, and recommend possible defense methods. Given the wide adoption of push notification services, we believe that this type of mobile botnets requires special attention from our community.

[1]  Fang Binxing,et al.  Andbot: towards advanced mobile botnets , 2011 .

[2]  H. A. David,et al.  Order Statistics (2nd ed). , 1981 .

[3]  Lei Yang,et al.  Accurate online power estimation and automatic battery behavior based power model generation for smartphones , 2010, 2010 IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[4]  Guang Yang,et al.  An improved SMS based heterogeneous mobile botnet model , 2011, 2011 IEEE International Conference on Information and Automation.

[5]  Jarkko Oikarinen,et al.  Internet Relay Chat Protocol , 1993, RFC.

[6]  Thomas F. La Porta,et al.  On cellular botnets: measuring the impact of malicious devices on a cellular network core , 2009, CCS.

[7]  Jingyu Hua,et al.  A SMS-Based Mobile Botnet Using Flooding Algorithm , 2011, WISTP.

[8]  Shouhuai Xu,et al.  Social Network-Based Botnet Command-and-Control: Emerging Threats and Countermeasures , 2010, ACNS.

[9]  Hein S. Venter,et al.  Mobile Botnet Detection Using Network Forensics , 2010, FIS.

[10]  Axelle Apvrille Symbian worm Yxes: towards mobile botnets? , 2012, Journal in Computer Virology.

[11]  Yajin Zhou,et al.  Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[12]  Herbert A. David,et al.  Order Statistics , 2011, International Encyclopedia of Statistical Science.

[13]  Mitsuaki Akiyama,et al.  A Proposal of Metrics for Botnet Detection Based on Its Cooperative Behavior , 2007, 2007 International Symposium on Applications and the Internet Workshops.

[14]  Heejo Lee,et al.  Botnet Detection by Monitoring Group Activities in DNS Traffic , 2007, 7th IEEE International Conference on Computer and Information Technology (CIT 2007).

[15]  Kang G. Shin,et al.  Design of SMS commanded-and-controlled and P2P-structured mobile botnets , 2012, WISEC '12.

[16]  Wenke Lee,et al.  Evaluating Bluetooth as a Medium for Botnet Command and Control , 2010, DIMVA.

[17]  Vinod Yegneswaran,et al.  An Analysis of the iKee.B iPhone Botnet , 2010, MobiSec.

[18]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[19]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[20]  Jean-Pierre Seifert,et al.  Rise of the iBots: Owning a telco network , 2010, 2010 5th International Conference on Malicious and Unwanted Software.