427 Botnet fm qxd

of tool. Modern botnets are being fielded that are organized like real armies,
with divisions of zombies controlled by different bot servers.The botherder
controls a set of bot servers, which in turn each control a division of zombies.
That way, if a communications channel is disrupted, only one division is lost.
The other zombie divisions can be used to retaliate or to continue to conduct
business.
The Botnet Life Cycle
Botnets follow a similar set of steps throughout their existence.The sets can
be characterized as a life cycle. Figure 2.1 illustrates the common life cycle of
a botnet client. Our understanding of the botnet life cycle can improve our
ability to both detect and respond to botnet threat.
Exploitation
The life of a botnet client, or botclient, begins when it has been exploited. A
prospective botclient can be exploited via malicious code that a user is tricked
into running; attacks against unpatched vulnerabilities; backdoors left by
Trojan worms or remote access Trojans; and password guessing and brute
force access attempts. In this section we’ll discuss each of these methods of
exploiting botnets.
Malicious Code
Examples of this type of exploit include the following:
■
Phishing e-mails, which lure or goad the user to a Web site that
installs malicious code in the background, sometimes while con-
vincing you to give them your bank userid and password, account
information, and such.This approach is very effective if you are
looking for a set of botnet clients that meet certain qualifications,
such as customers of a common bank.
■
Enticing Web sites with Trojan code (“Click here to see the Dancing
Monkeys!”).
■
E-mail attachments that when opened, execute malicious code.

Download 6,98 Mb.

Do'stlaringiz bilan baham: