An Analysis of the Asprox Botnet

The presence of large pools of compromised computers, also known as botnets, or zombie armies, represents a very serious threat to Internet security. This paper describes the architecture of a contemporary advanced bot commonly known as Asprox. Asprox is a type of malware that combines the two threat vectors of forming a botnet and of generating SQL injection attacks. The main features of the Asprox botnet are the use of centralized command and control structure, HTTP based communication, use of advanced double fast-flux service networks, use of SQL injection attacks for recruiting new bots and social engineering tricks to spread malware binaries. The objective of this paper is to contribute to a deeper understanding of Asprox in particular and a better understanding of modern botnet designs in general. This knowledge can be used to develop more effective methods for detecting botnets, and stopping the spreading of botnets on the Internet.

[1]  T. Baker Asymptotic Behavior of Digital FM Spectra , 1974, IEEE Trans. Commun..

[2]  J.E. Mazo,et al.  Digital communications , 1985, Proceedings of the IEEE.

[3]  Jon Postel,et al.  File Transfer Protocol , 1985, RFC.

[4]  S.M. Elnoubi,et al.  Analysis of GMSK with discriminator detection in mobile radio channels , 1986, 36th IEEE Vehicular Technology Conference.

[5]  Tor Aulin,et al.  Digital Phase Modulation , 1986, Applications of Communications Theory.

[6]  Jarkko Oikarinen,et al.  Internet Relay Chat Protocol , 1993, RFC.

[7]  M. Schwartz,et al.  Communication Systems and Techniques , 1996, IEEE Communications Magazine.

[8]  Gregory W. Wornell,et al.  Distributed space-time-coded protocols for exploiting cooperative diversity in wireless networks , 2003, IEEE Trans. Inf. Theory.

[9]  Mostafa Kaveh,et al.  Exact symbol error probability of a Cooperative network in a Rayleigh-fading environment , 2004, IEEE Transactions on Wireless Communications.

[10]  Gregory W. Wornell,et al.  Cooperative diversity in wireless networks: Efficient protocols and outage behavior , 2004, IEEE Transactions on Information Theory.

[11]  Helmut Bölcskei,et al.  Fading relay channels: performance limits and space-time signal design , 2004, IEEE Journal on Selected Areas in Communications.

[12]  Aria Nosratinia,et al.  Cooperative communication in wireless networks , 2004, IEEE Communications Magazine.

[13]  John Canavan,et al.  The evolution of malicious IRC bots , 2005 .

[14]  S. Yiu,et al.  Distributed space-time block coding for cooperative networks with multiple-antenna nodes , 2005, 1st IEEE International Workshop on Computational Advances in Multi-Sensor Adaptive Processing, 2005..

[15]  Farnam Jahanian,et al.  The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets , 2005, SRUTI.

[16]  Felix C. Freiling,et al.  Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks , 2005, ESORICS.

[17]  Yindi Jing,et al.  Distributed Space-Time Coding in Wireless Relay Networks , 2006, IEEE Transactions on Wireless Communications.

[18]  Aaron Hackworth,et al.  Botnets as a Vehicle for Online Crimes , 2006 .

[19]  Andreas Terzis,et al.  A multifaceted approach to understanding the botnet phenomenon , 2006, IMC '06.

[20]  J. Lindqvist,et al.  IPv6 Stateless Address Autoconfiguration Considered Harmful , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[21]  Aggelos Bletsas,et al.  A simple Cooperative diversity method based on network path selection , 2005, IEEE Journal on Selected Areas in Communications.

[22]  Halim Yanikomeroglu,et al.  Cooperative relaying in multi-antenna fixed relay networks , 2007, IEEE Transactions on Wireless Communications.

[23]  Raviraj S. Adve,et al.  Improving amplify-and-forward relay networks: optimal power allocation versus selection , 2006, IEEE Transactions on Wireless Communications.

[24]  Jae Hong Lee,et al.  Adaptive Amplify-and-Forward Cooperative Diversity using Phase Feedback , 2007, 2007 IEEE 65th Vehicular Technology Conference - VTC2007-Spring.

[25]  Elza Erkip,et al.  Multiple-Antenna Cooperative Wireless Systems: A Diversity–Multiplexing Tradeoff Perspective , 2007, IEEE Transactions on Information Theory.

[26]  Nicolas Ianelli,et al.  Botnets as a Vehicle for Online Crime , 2007 .

[27]  Desmond P. Taylor,et al.  Cooperative Relaying with CPFSK and Distributed Space-Time Trellis Codes , 2008, IEEE Communications Letters.

[28]  Bhavani Thuraisingham,et al.  Peer to peer botnet detection for cyber-security: a data mining approach , 2008, CSIIRW '08.

[29]  Murat Uysal,et al.  Cooperative Diversity with Multiple-Antenna Nodes in Fading Relay Channels , 2008, IEEE Transactions on Wireless Communications.

[30]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[31]  Murat Uysal,et al.  Cooperative diversity over log-normal fading channels: performance analysis and optimization , 2008, IEEE Transactions on Wireless Communications.

[32]  T. Holz,et al.  Towards Next-Generation Botnets , 2008, 2008 European Conference on Computer Network Defense.

[33]  Murat Uysal,et al.  Distributed Differential Space-Time Coding for Broadband Cooperative Networks , 2009, VTC Spring 2009 - IEEE 69th Vehicular Technology Conference.

[34]  Paul K. M. Ho,et al.  Cooperative Transmission with Continuous Phase Frequency Shift Keying and Phase-Forward Relays , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[35]  Internet Architecture Board,et al.  Peer-to-Peer (P2P) Architecture: Definition, Taxonomies, Examples, and Applicability , 2009, RFC.

[36]  Paul K. M. Ho,et al.  Phase Forward Cooperative Communications with Antenna Selection and Continuous Phase Modulation , 2010, 2010 IEEE 71st Vehicular Technology Conference.