Cyber Crime and Cyber Terrorism

Download 5,67 Mb.

Pdf ko'rish

bet	238/283
Sana	19.05.2022
Hajmi	5,67 Mb.
	#604880

1 ... 234 235 236 237 238 239 240 241 ... 283

Bog'liq
Cyber crime and cyber terrorism investigators handbook by Babak

233

A botnet roadmap
It was around 2003 that the criminal interest in botnet capabilities began to be-
come apparent. At the start of the decade, spamming was still a “home-work” occu-
pation with large volumes of Spam sent from dedicated Server Farms, Open Relays
or compromised servers.
Bagle and Bobax were the first spamming botnets and the malware Mytob was
essentially a blend of earlier mass mailing worms MyDoom and SDbot. This enabled
criminals to build large botnets and distribute their spamming activities across their
entire victim PCs, giving them agility and flexibility and helping them to avoid the
legal enforcement activity that was starting to be aggressively pursued.
In 2005, a Russian group of five developers known as UpLevel started developing
Zeus, a “Point-and-Click” program for creating and controlling a network of com-
promised computer systems (
Lemos, 2010
). The following year they released the
first version of the program, a basic Trojan designed to hide on an infected system
and steal information. In 2007, the group came out with a more modular version,
which allowed other underground developers to create plug-ins to add to its func-
tionality. Five years of development later, the latest version of this software (which
can be downloaded for free and required low technical skill to operate), is one of the
most popular botnet platforms for spammers, fraudsters, and people who deal in sto-
len personal information (note that there was an increase of actions you can perform
with a malware). The latest Zeus platform allows users to build custom malicious
software to infect target systems, manage a wide network of compromised machines,
and use the resulting botnet for illegal gain. The construction kit contained a pro-
gram for building the bot software and Web scripts for creating and hosting a central
Command and Control server (
Figure 17.1
).
A survey conducted by a security firm—Atlanta-based Damballa—found Zeus-
controlled programs to be the second most common inside corporate networks in
2009. Damballa tracked more than 200 Zeus-based botnets in enterprise networks.
The largest single botnet controlled using the Zeus platform consisted of 600,000
compromised computers.
Consequently, independent developers have created compatible “exploit packs”
capable of infecting victims’ systems using vulnerabilities in the operating system
or browser. Other developers focus on creating plug-in software to help “wan-
nabe” cybercriminals in making money from a Zeus botnet. For example some
add-ons focus on phishing attacks, delivering images and Web pages needed to
create fraudulent banking sites. With the mentioned features it is very hard for
antivirus software to identify a Zeus payload (
Binsalleeh et al., 2010; Falliere and
Chien, 2009; Wyke, 2011
).
Zeus obviously is not the only tool available for building a botnet, but its birth is
a milestone for the entire cybercriminal sector since it was designed with the “non-
expert” user in mind, including simple point-and-click interfaces for managing in-
fected machines (for these reasons called ZeuS Crimeware family). For example
ZeroAccess botnet—specialized in click fraud attacks and apparently disrupted in
2013—was probably wider than Zeus (it is estimated millions of infections globally
in 2012, with up to 140,000 unique IPs in the US and Europe).

Download 5,67 Mb.

Do'stlaringiz bilan baham:

1 ... 234 235 236 237 238 239 240 241 ... 283