Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Know Your Enemy: Tracking Botnets

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Know Your Enemy: Tracking Botnets
Date: Tue, 15 Mar 2005 01:07:00 -0600 (CST) 
Forwarded from: Thorsten Holz <thorsten.holz@mmweg.rwth-aachen.de>

Greetings,

The Honeynet Project and Research Alliance is excited to announce the
release of a new paper "KYE: Tracking Botnets". This paper is based on
the extensive research by the German Honeynet Project.

    KYE: Tracking Botnets
    http://www.honeynet.org/papers/bots/

Abstract:
---------

Honeypots are a well known technique for discovering the tools, tactics,
and motives of attackers. In this paper we look at a special kind of
threat: the individuals and organizations who run botnets. A botnet is a
network of compromised machines that can be remotely controlled by an
attacker. Due to their immense size (tens of thousands of systems can be
linked together), they pose a severe threat to the community. With the
help of honeynets we can observe the people who run botnets - a task
that is difficult using other techniques. Due to the wealth of data
logged, it is possible to reconstruct the actions of attackers, the
tools they use, and study them in detail. In this paper we take a closer
look at botnets, common attack techniques, and the individuals involved.

We start with an introduction to botnets and how they work, with
examples of their uses. We then briefly analyze the three most common
bot variants used. Next we discuss a technique to observe botnets,
allowing us to monitor the botnet and observe all commands issued by the
attacker. We present common behavior we captured, as well as statistics
on the quantitative information learned through monitoring more than one
hundred botnets during the last few months. We conclude with an overview
of lessons learned and point out further research topics in the area of
botnet-tracking, including a tool called mwcollect2 that focuses on
collecting malware in an automated fashion.

Thank you for your time,
   Thorsten Holz, on behalf of the GHP 
(http://www-i4.informatik.rwth-aachen.de/lufg/honeynet)



_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Know Your Enemy: Tracking Botnets, InfoSec News <=
Previous by Date:  [ISN] Inside the Ring, InfoSec News
Next by Date:  Re: [ISN] AOL's Terms of Service Update for AIM Raises Eyebrows, InfoSec News
Previous by Thread:  [ISN] Inside the Ring, InfoSec News
Next by Thread:  [ISN] Secrecy News -- 03/10/05, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]