Supremacy Botnet Version-3a.zip

A botnet is a collection of internet-connected devices, which may include personal computers (PCs), servers, mobile devices and internet of things (IoT) devices, that are infected and controlled by a common type of malware, often unbeknownst to their owner.

The term botnet is derived from the words robot and network. A bot, in this case, is a device infected by malicious code, which then becomes part of a network, or net, of infected machines all controlled by a single attacker or attack group.

DOWNLOAD

The objective for creating a botnet is to infect as many connected devices as possible and to use the large-scale computing power and functionality of those devices for automated tasks that generally remain hidden to the users of the devices.

For example, an ad fraud botnet infects a user's PC with malicious software that uses the system's web browsers to divert fraudulent traffic to certain online advertisements. However, to stay concealed, the botnet won't take complete control of the operating system (OS) or the web browser, which would alert the user.

On its own, that fraction of bandwidth taken from an individual device won't offer much to the cybercriminals running the ad fraud campaign. However, a botnet that combines millions of botnet devices will be able to generate a massive amount of fake traffic for ad fraud.

The traditional client-server model involves setting up a command and control (C&C) server and sending automated commands to infected botnet clients through a communications protocol, such as Internet Relay Chat (IRC).

The P2P approach is more common today, as cybercriminals and hacker groups try to avoid detection by cybersecurity vendors and law enforcement agencies, which have often used C&C communications to locate and disrupt botnet operations.

The Zeus botnet was repeatedly disrupted in 2010 when two internet service providers (ISPs) that were hosting the C&C servers for Zeus were shut down. However, new versions of the Zeus malware were later discovered.

Instead of relying on traditional, centralized C&C servers to control bots, GameOver Zeus used a P2P network approach, which initially made the botnet harder for law enforcement and security vendors to pinpoint and disrupt.

Infected bots used a domain generation algorithm (DGA) to communicate. The GameOver Zeus botnet would generate domain names to serve as communication points for infected bots. An infected device randomly selected domains until it reached an active domain that was able to issue new commands. Security firm Bitdefender found it could issue as many as 10,000 new domains each day.

The FBI also offered a $3 million reward for Russian hacker Evgeniy Bogachev, who was accused of being the mastermind behind the GameOver Zeus botnet. Bogachev is still at large, and new variants of GameOver Zeus have since emerged.

Once a device was compromised, it connected to C&C infrastructure and could divert varying amounts of traffic toward a DDoS target. Devices that were infected often still continued functioning normally, making it difficult to detect Mirai botnet activity.

The increase of connected devices used across modern industries provides an ideal landscape for botnet propagation. Botnets rely on a large network of devices to complete their objective, making IoT -- with its large attack surface -- a prime target. Today's cheap, internet-capable devices are vulnerable to botnet attacks, not only because of their proliferation, but because they often have limited security features. In addition, IoT devices are often easier to hack because they cannot be managed, accessed or monitored in the same way that conventional information technology (IT) devices can. Businesses can work to improve IoT security by putting stricter authentication methods in place.

In the past, botnet attacks were disrupted by focusing on the C&C source. Law enforcement agencies and security vendors traced the bots' communications to wherever the control server was hosted and then forced the hosting or service provider to shut the server down.

However, as botnet malware becomes more sophisticated and communications are decentralized, takedown efforts have shifted away from targeting C&C infrastructures to other approaches. These include identifying and removing botnet malware infections at the source device, identifying and replicating P2P communication methods, and, in cases of ad fraud, cracking down on monetary transactions rather than technical infrastructure.

From a user perspective, botnet attacks are difficult to detect because devices continue to act normally even when infected. It may be possible for a user to remove the malware itself, but it is unlikely for the user to have any effect on the botnet as a whole. As botnet and IoT attack vectors increase in sophistication, IoT security will need to be addressed at an industry level.

38c6e68cf9

Page updated

Google Sites

Report abuse