Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010201701 | HV6773 D86 2009 | Open Access Book | Book | Searching... |
Searching... | 30000010207781 | HV6773 D86 2009 | Open Access Book | Book | Searching... |
Searching... | 30000010264317 | HV6773 D86 2009 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Originally designed as neutral entities, computerized bots are increasingly being used maliciously by online criminals in mass spamming events, fraud, extortion, identity theft, and software theft. Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet explores the rise of dangerous bots and exposes the nefarious methods of "botmasters". This valuable resource assists information security managers in understanding the scope, sophistication, and criminal uses of bots.
With sufficient technical detail to empower IT professionals, this volume provides in-depth coverage of the top bot attacks against financial and government networks over the last several years. The book presents exclusive details of the operation of the notorious Thr34t Krew, one of the most malicious bot herder groups in recent history. Largely unidentified by anti-virus companies, their bots spread globally for months, launching massive distributed denial of service (DDoS) attacks and warez (stolen software distributions). For the first time, this story is publicly revealed, showing how the botherders got arrested, along with details on other bots in the world today. Unique descriptions of the criminal marketplace - how criminals make money off of your computer - are also a focus of this exclusive book!
With unprecedented detail, the book goes on to explain step-by-step how a hacker launches a botnet attack, providing specifics that only those entrenched in the cyber-crime investigation world could possibly offer.
Authors Ken Dunham and Jim Melnick serve on the front line of critical cyber-attacks and countermeasures as experts in the deployment of geopolitical and technical bots. Their work involves advising upper-level government officials and executives who control some of the largest networks in the world. By examining the methods of Internet predators, information security managers will be better able to proactively prote
Author Notes
Dunham, Ken; Melnick, Jim
Table of Contents
Preface | p. ix |
Acknowledgments and Permissions | p. xi |
About the Authors | p. xiii |
1 Introduction to Bots | p. 1 |
2 Thr34t Security Krew and the TK Worm | p. 7 |
2.1 The Investigation of the Thr34t Krew | p. 9 |
2.1.1 First DYNDNS Account (BestIce) | p. 12 |
2.1.2 Second DYNDNS Account (Phreeze) | p. 16 |
2.1.3 Third DYNDNS Account (D00M) | p. 19 |
2.1.4 Seth Fogie | p. 21 |
2.1.5 Help with Additional Technical Details | p. 23 |
2.1.6 A Trip Across the Pond | p. 23 |
2.1.7 Sitexec | p. 25 |
2.1.8 DiSice | p. 26 |
2.1.9 XaNiTH | p. 28 |
2.1.10 Sitexec | p. 30 |
2.1.11 Second Search Warrant Sweep | p. 30 |
2.1.12 Jadaka | p. 30 |
2.1.13 Mr40 | p. 31 |
2.1.14 Thr34t Krew Investigation: Concluding Comments | p. 31 |
3 Demonstration: How a Hacker Launches a Botnet Attack | p. 33 |
3.1 Step 1: Find, Modify, and Build a Bot | p. 33 |
3.2 Step 2: Customize the Binary for Attack | p. 35 |
3.3 Step 3: Launch the Attack | p. 37 |
3.4 Step 4: Managing the Botherd | p. 37 |
3.5 Step 5: Payloads, with an Emphasis on "Pay" | p. 39 |
4 Introduction to the Use of Botnets in Criminal Activity | p. 41 |
4.1 Timeline | p. 41 |
4.2 Bots: A Pathway to Criminalization of the Information Age | p. 44 |
4.3 Bots: The Integrated Business Solution for Criminals | p. 45 |
4.4 "Botmasters" Who Were Caught | p. 46 |
4.4.1 International Botnet Task Force Conferences | p. 47 |
4.4.2 Operation "Bot Roast" I and II | p. 47 |
4.5 How Big Do Botnets Need to Be to Pose a Serious Threat? | p. 48 |
4.6 Peering Inside the IRC Botnet | p. 50 |
4.7 Post-IRC-Based Bots | p. 50 |
4.7.1 Botnet Attack Statistics | p. 52 |
4.8 Botnet Features and the Criminal Enterprise | p. 54 |
4.8.1 A Modular Approach to Botnets: A Major Aid to Criminals | p. 54 |
4.8.2 Granular Spreading Capabilities | p. 55 |
4.8.3 A "Service Bot" | p. 55 |
4.8.4 The Degradation Feature of Botnets and Its Impact on Criminal Activity | p. 56 |
4.9 Botherds Through the Eyes of a Criminal Mind | p. 57 |
4.10 Criminal Vectors Utilizing Bots | p. 57 |
4.10.1 Theft of Sensitive Information | p. 57 |
4.10.2 DDoS Attacks and Extortion | p. 58 |
4.10.3 Bot for Rent or Hire | p. 60 |
4.10.4 Spam | p. 63 |
4.11 Spam Bots and Criminalization | p. 65 |
4.11.1 Pump-and-Dump Fraud | p. 66 |
4.11.2 Covert Communications | p. 67 |
4.11.3 Click Fraud and Affiliate Abuse | p. 68 |
4.11.4 Adware Abuse | p. 69 |
4.11.5 Taking Out the Competition | p. 70 |
5 Botnets and the eCrime Cycle: The iSIGHT Partners' Approach | p. 71 |
6 Technical Introduction to Bots | p. 75 |
6.1 Common Ports | p. 75 |
6.2 Command and Control Strategies | p. 76 |
6.2.1 IRC C&C | p. 76 |
6.2.2 Peer-to-Peer C&C | p. 79 |
6.2.3 Web-Based C&C | p. 80 |
6.2.4 Use of Encryption or Obfuscation | p. 84 |
6.2.5 Types of Distributed Denial of Service (DDoS) Attacks | p. 85 |
6.2.6 Introduction to Selected Bots | p. 86 |
6.2.6.1 AgoBot | p. 89 |
6.2.6.2 SDBot | p. 91 |
6.2.6.3 PhatBot | p. 96 |
6.2.6.4 The Infamous Hang-UP Team and IRC-Based Fraud Operations | p. 98 |
6.2.6.5 Reptile | p. 101 |
6.2.6.6 ZoTob | p. 102 |
6.2.6.7 PBot | p. 103 |
6.2.6.8 Tsunami | p. 105 |
6.2.6.9 Kelvir | p. 106 |
6.2.6.10 MetaFisher | p. 107 |
6.2.6.11 Storm | p. 113 |
7 Mitigation | p. 123 |
8 Concluding Thoughts | p. 125 |
USA Today: Botnets Used for Blackmail in Cyber Extortions | p. 125 |
The Kraken Botnet | p. 126 |
A Botnet That Targets .edu and .mil Servers | p. 126 |
"Poisoning" the Storm Botnet | p. 126 |
The Battle Is Joined! | p. 127 |
The "Cyber Parasites" of the Internet | p. 127 |
On the Edge of a Precipice | p. 128 |
Glossary | p. 131 |
Bibliography | p. 135 |
Index | p. 145 |