427 Botnet fm qxd



Download 6,98 Mb.
Pdf ko'rish
bet79/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   75   76   77   78   79   80   81   82   ...   387
Bog'liq
Botnets - The killer web applications

www.syngress.com
86
Chapter 3 • Alternative Botnet C&Cs
427_Botnet_03.qxd 1/8/07 11:56 AM Page 86

Unlike IRC, IM networks are controlled, meaning, they operate under
rules of the provider and are enforced on the central server.This fact makes it
easy on the IM services to detect C&Cs over IM, much like infections, and
filter them out, making their shelf-life rather short, making them not very
overall effective in managing the botnet. IM services often watch for this, just
not as much as they could.
Some more information on IM-based worms can be found here:
www.viruslist.com/en/analysis?pubid=162454316#imworms.
Remote Administration Tools
Remote administration tools, such as Terminal Services and PCAnywhere, are
at times installed on compromised computers instead of bots.These need to
be controlled directly (push rather than pull) and require micromanagement
of each and every bot.
Other bots and malware could be put on—dropped—on the compro-
mised computer, but that is not relevant to this section.
An important distinction here would be to distinguish these tools from
malicious software such as SubSeven, which is a Trojan horse (meaning, a
bot). It calls home and was not built for legitimate uses.
Drop Zones and FTP-Based C&Cs
Like many other protocols, FTP has also been experimented with as a control
channel for botnets.Today, it isn’t commonly seen in the wild. However, there
is a type of bot that regularly reports back (echoes) to an FTP C&C, and that
is the phishing or banking Trojan horse.
These bots, such as Dumador or Haxdoor, are basically key loggers, only
very advanced ones.They listen in (sniff ) communication when the user on
the compromised computer surfs the Web. When the user enters an HTTPS
(encrypted) Web site, they perform a man-in-the-middle attack on the com-
puter itself. Maybe we should call this a man-on-the-inside attack, since the
attack takes place inside the victim’s computer.Then the bot presents the user
with a fake Web site locally.This way, they break through the encryption and
log the user’s credentials (such as a username and password).

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   75   76   77   78   79   80   81   82   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish