What Is Botnet? Detection And Prevention Of Botnets.

What is a Botnet?

A botnet is a group of hacked devices (Like Computers And Androids) under the control of a black hat hacker. Each individual device in a botnet known as a bot. Bots are also known as “zombie computers” because they work under remote direction without their owner's knowledge. The attackers that control botnets are referred to as “bot herders” or “botmasters.”

The most usual applications for botnets include email spam campaigns, denial-of-service attacks (DDoS Attacks), spreading adware/spyware, and data theft (especially financial information, online identities, and user logins). A botnet attack starts with bot recruitment. Bot herders usually recruit bots by spreading botnet viruses, worms, or other malware; it is also possible to use web browser hacking to infect computers with bot malware.

Once a computer has been infected with a botnet virus it will connect back to the bot herder’s command and control (C&C) server. From here the attacker is able to communicate with the bot and controlling the bot. When the botnet grows to its required size, the bot herder can exploit the botnet to carry out attacks (stealing information, overloading servers, click fraud, sending spam, etc).

Example: Zeus Botnets

Zeus is a Trojan horse for Windows that was developed to steal bank information using botnets. First Zeus Botnet discovered in 2007, Zeus grow through email, downloads, and online messaging to users across the globe. Zeus botnets used millions of zombie computers to perform keystroke logging and form grabbing attacks that targeted bank data, account logins, and private user data. The information gathered by Zeus botnets has been used in thousands of cases of online identity theft, credit card theft, and more.

In October 2010, the FBI disclosed that it had detected an international cybercrime ring that had used Zeus botnets to steal over $70 million dollars from bank accounts in the United States. This spurred an FBI crackdown on the Zeus Trojan and Zeus botnets that led to the arrest of over 100 cyber-criminals.

In March 2012, Microsoft announced that they had taken over and shut down most of the control-and-command servers that were being used by Zeus botnets. According to Microsoft, all but three C&C domains had been taken down in the effort (formally referred to as Operation b71). While Microsoft wasn’t able to eliminate every C&C server, their efforts are expected to slow or stop many of the cyber-criminals that were using Zeus botnets.

Botnet Detection and Prevention

Botnet detection can be difficult, as bots are designed to work without users’ knowledge. However, there are some ordinary signs that a computer may be infected with a botnet (listed below). While these symptoms are usually indicative of bot infections, some can also be symptoms of malware infections or network issues and should not be taken as a sure sign that a computer is infected with a bot.
  • IRC traffic (botnets and bot herders use IRC for communications)
  • Connection attempts with known C&C (control-and-command) servers
  • Various machines on a network making identical DNS requests
  • High outgoing SMTP traffic (as a result of sending spam)
  • Unexpected popups (as a result of click fraud activity)
  • High CPU usage/Slow computing
  • Spikes in traffic, especially Port 6667 (used for IRC), Port 25 (used in email spamming), and Port 1080 (used by proxy servers)
  • Outbound messages (email, social media, instant messages, etc) that weren’t sent by the user
  • Problems with Internet access
There are some measures that users can take to prevent botnet virus infection. Since bot infections normally spread via malware, many of these measures actually focus on preventing malware infections. Recommended practices for botnet prevention include:
  • Network baselining: Network performance and activity should be monitored so that irregular network behavior is apparent.
  • Software patches: All software should be kept up-to-date with security patches.
  • Vigilance: Users should be trained to refrain from activity that puts them at risk of bot infections or other malware. This includes opening emails or messages, downloading attachments, or clicking links from untrusted or unfamiliar sources.
  • Anti-Botnet tools: Anti-botnet tools provide botnet detection to augment preventative efforts by finding and blocking bot viruses before infection occurs. Most programs also offer features such as scanning for bot infections and botnet removal as well. Firewalls and antivirus software typically include normal tools for botnet detection, prevention, and elimination. Tools like Network Intrusion Detection Systems (NIDS), rootkit detection packages, network sniffers, and specialized anti-bot programs can be used to provide more sophisticated botnet detection/prevention/removal.

    Botnet Elimination

    Botnet detection is purposeless without having botnet elimination ability. Once a bot has been detected in a computer it should be eliminated as quickly as possible using security software with botnet removal/elimination functionality. Once the process of botnet elimination/removal is complete, it is important to remain proactive in botnet detection and prevention efforts.

    Botnet elimination can go beyond merely eliminating a bot virus from an infected system. On a larger scale, botnet elimination usually requires shutting down the C&C server that is used to control the botnet. This is typically done when an organization is looking to shut down an entire botnet rather than treat bot infections. Microsoft’s campaign against the Zeus botnet is a good example of large-scale botnet removal.

    Note: If You like Our Articles And Posts Then Please Follow Our Blog For Reading Our Latest Tech Articles. Thanks...
    What Is Botnet? Detection And Prevention Of Botnets. What Is Botnet? Detection And Prevention Of Botnets. Reviewed by Technowap on August 01, 2019 Rating: 5

    No comments :

    Powered by Blogger.