Cyber Crime and Cyber Terrorism



Download 5,67 Mb.
Pdf ko'rish
bet245/283
Sana19.05.2022
Hajmi5,67 Mb.
#604880
1   ...   241   242   243   244   245   246   247   248   ...   283
Bog'liq
Cyber crime and cyber terrorism investigators handbook by Babak

FIGURE 17.6
Botnet centralized architecture.

242
CHAPTER 17
Responding to cyber crime and cyber terrorism
So the bots are not necessarily connected to the C&C servers, but they compose 
a mesh structure where commands are also transmitted “zombie-to-zombie.” Each 
node of the network has a list of addresses of “neighbor” bots with which they ex-
change commands. In a similar structure, each bot could send orders to others and 
attackers to control the entire botnet, but they need access to at least one computer.
Tracking of P2P botnets requires the complete node enumeration, while in or-
dinary botnets it is necessary to find only the C&C servers. The security commu-
nity has been trying to identify the infected machines in this way, collecting the IP 
addresses of the participating nodes. The collected items can be used by security 
defense systems to identify sources of infection, but it is very hard because in many 
cases, bots are behind firewalls or NAT devices (
Figure 17.7
).
Symantec security researchers detected a variant of the popular Zeus malware 
that relies on P2P communication as a backup system in case the C&C servers were 
not reachable. The variant isolated by Symantec does not use C&C servers imple-
menting an autonomous botnet.
This type of botnet is really concerning and is hard to fight due to the absence of 
a single point of failure as represented in classic botnet architecture. Despite the fact 
that destroying a decentralized botnet is more difficult (or maybe impossible?), this 
type of architecture presents a higher management complexity (
Wang, 2013
).
It should now be clear that C&C play an essential role for botnets functionality, 
which are generally hosted on hacked, bought or rented servers. Moreover, regardless 
of the architecture used, a botnet has the need to connect every single bot with one or 
more C&C servers, in order to receive commands or to steal informations, then the 
communication channel is another essential discriminator for botnets (
Lanelli and 
Hackworth, 2005
).

Download 5,67 Mb.

Do'stlaringiz bilan baham:
1   ...   241   242   243   244   245   246   247   248   ...   283



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish