Malicious bots : an inside look into the cyber-criminal underground of the internet

Title:

Personal Author:

Dunham, Ken

Publication Information:

Boca Raton, FL : Auerbach Publications, 2009

Physical Description:

xiv, 153 p. : ill. ; 25 cm.

ISBN:

9781420069037

Subject Term:

Computer crimes -- Case studies

Internet (Computer network)

Added Author:

Melnick, Jim

Available:*

Library	Item Barcode	Call Number	Material Type	Item Category 1	Status
Searching... PSZ JB	30000010201701	HV6773 D86 2009	Open Access Book	Book	Searching... Unknown
Searching... PSZ KL	30000010207781	HV6773 D86 2009	Open Access Book	Book	Searching... Unknown
Searching... PSZ KL	30000010264317	HV6773 D86 2009	Open Access Book	Book	Searching... Unknown

Originally designed as neutral entities, computerized bots are increasingly being used maliciously by online criminals in mass spamming events, fraud, extortion, identity theft, and software theft. Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet explores the rise of dangerous bots and exposes the nefarious methods of "botmasters". This valuable resource assists information security managers in understanding the scope, sophistication, and criminal uses of bots.

With sufficient technical detail to empower IT professionals, this volume provides in-depth coverage of the top bot attacks against financial and government networks over the last several years. The book presents exclusive details of the operation of the notorious Thr34t Krew, one of the most malicious bot herder groups in recent history. Largely unidentified by anti-virus companies, their bots spread globally for months, launching massive distributed denial of service (DDoS) attacks and warez (stolen software distributions). For the first time, this story is publicly revealed, showing how the botherders got arrested, along with details on other bots in the world today. Unique descriptions of the criminal marketplace - how criminals make money off of your computer - are also a focus of this exclusive book!

With unprecedented detail, the book goes on to explain step-by-step how a hacker launches a botnet attack, providing specifics that only those entrenched in the cyber-crime investigation world could possibly offer.

Authors Ken Dunham and Jim Melnick serve on the front line of critical cyber-attacks and countermeasures as experts in the deployment of geopolitical and technical bots. Their work involves advising upper-level government officials and executives who control some of the largest networks in the world. By examining the methods of Internet predators, information security managers will be better able to proactively prote

Author Notes

Dunham, Ken; Melnick, Jim

Lance Mueller

Preface	p. ix
Acknowledgments and Permissions	p. xi
About the Authors	p. xiii
1 Introduction to Bots	p. 1
2 Thr34t Security Krew and the TK Worm	p. 7
2.1 The Investigation of the Thr34t Krew	p. 9
2.1.1 First DYNDNS Account (BestIce)	p. 12
2.1.2 Second DYNDNS Account (Phreeze)	p. 16
2.1.3 Third DYNDNS Account (D00M)	p. 19
2.1.4 Seth Fogie	p. 21
2.1.5 Help with Additional Technical Details	p. 23
2.1.6 A Trip Across the Pond	p. 23
2.1.7 Sitexec	p. 25
2.1.8 DiSice	p. 26
2.1.9 XaNiTH	p. 28
2.1.10 Sitexec	p. 30
2.1.11 Second Search Warrant Sweep	p. 30
2.1.12 Jadaka	p. 30
2.1.13 Mr40	p. 31
2.1.14 Thr34t Krew Investigation: Concluding Comments	p. 31
3 Demonstration: How a Hacker Launches a Botnet Attack	p. 33
3.1 Step 1: Find, Modify, and Build a Bot	p. 33
3.2 Step 2: Customize the Binary for Attack	p. 35
3.3 Step 3: Launch the Attack	p. 37
3.4 Step 4: Managing the Botherd	p. 37
3.5 Step 5: Payloads, with an Emphasis on "Pay"	p. 39
4 Introduction to the Use of Botnets in Criminal Activity	p. 41
4.1 Timeline	p. 41
4.2 Bots: A Pathway to Criminalization of the Information Age	p. 44
4.3 Bots: The Integrated Business Solution for Criminals	p. 45
4.4 "Botmasters" Who Were Caught	p. 46
4.4.1 International Botnet Task Force Conferences	p. 47
4.4.2 Operation "Bot Roast" I and II	p. 47
4.5 How Big Do Botnets Need to Be to Pose a Serious Threat?	p. 48
4.6 Peering Inside the IRC Botnet	p. 50
4.7 Post-IRC-Based Bots	p. 50
4.7.1 Botnet Attack Statistics	p. 52
4.8 Botnet Features and the Criminal Enterprise	p. 54
4.8.1 A Modular Approach to Botnets: A Major Aid to Criminals	p. 54
4.8.2 Granular Spreading Capabilities	p. 55
4.8.3 A "Service Bot"	p. 55
4.8.4 The Degradation Feature of Botnets and Its Impact on Criminal Activity	p. 56
4.9 Botherds Through the Eyes of a Criminal Mind	p. 57
4.10 Criminal Vectors Utilizing Bots	p. 57
4.10.1 Theft of Sensitive Information	p. 57
4.10.2 DDoS Attacks and Extortion	p. 58
4.10.3 Bot for Rent or Hire	p. 60
4.10.4 Spam	p. 63
4.11 Spam Bots and Criminalization	p. 65
4.11.1 Pump-and-Dump Fraud	p. 66
4.11.2 Covert Communications	p. 67
4.11.3 Click Fraud and Affiliate Abuse	p. 68
4.11.4 Adware Abuse	p. 69
4.11.5 Taking Out the Competition	p. 70
5 Botnets and the eCrime Cycle: The iSIGHT Partners' Approach	p. 71
6 Technical Introduction to Bots	p. 75
6.1 Common Ports	p. 75
6.2 Command and Control Strategies	p. 76
6.2.1 IRC C&C	p. 76
6.2.2 Peer-to-Peer C&C	p. 79
6.2.3 Web-Based C&C	p. 80
6.2.4 Use of Encryption or Obfuscation	p. 84
6.2.5 Types of Distributed Denial of Service (DDoS) Attacks	p. 85
6.2.6 Introduction to Selected Bots	p. 86
6.2.6.1 AgoBot	p. 89
6.2.6.2 SDBot	p. 91
6.2.6.3 PhatBot	p. 96
6.2.6.4 The Infamous Hang-UP Team and IRC-Based Fraud Operations	p. 98
6.2.6.5 Reptile	p. 101
6.2.6.6 ZoTob	p. 102
6.2.6.7 PBot	p. 103
6.2.6.8 Tsunami	p. 105
6.2.6.9 Kelvir	p. 106
6.2.6.10 MetaFisher	p. 107
6.2.6.11 Storm	p. 113
7 Mitigation	p. 123
8 Concluding Thoughts	p. 125
USA Today: Botnets Used for Blackmail in Cyber Extortions	p. 125
The Kraken Botnet	p. 126
A Botnet That Targets .edu and .mil Servers	p. 126
"Poisoning" the Storm Botnet	p. 126
The Battle Is Joined!	p. 127
The "Cyber Parasites" of the Internet	p. 127
On the Edge of a Precipice	p. 128
Glossary	p. 131
Bibliography	p. 135
Index	p. 145

Available:*

On Order

Summary

Summary

Author Notes

Table of Contents