Playing With Botnets For Fun And Profit presented at HITBSecConf Malaysia 2006

by Thorsten Holz (Honeynet Project ),

Tags: Security Botnets

Summary : Presentation Title:Presentation Details:Botnets are still a huge threat within the Internet. These network of compromised machines can be used to carry out DDoS attacks, send spam, or other nefarious purposes. Since the time between a security advisory, the first proof-of-concept exploit, and automated utilization with the help of bots becomes shorter and shorter, this threat will presumably grow.In this presentation, we will briefly present the background of bots & botnets, especially focussing on latest trends. The main part will deal with some ways to play with a botnet: Using nepenthes (, we are able to automatically collect new malware. With the help of a sandbox, this malware can be quickly analyzed, focussing on extracting all important information about the botnet from the binary. And this information can then be used to impersonate as a legal bot and to join the botnet. Now the fun begins since we are part of the botnet and can observe everything what is happening.There are other ways to play with a botnet, some of which are more grey than others. In the presentation, we will introduce these ways to give the audience some food for thought to develop their own techniques. Furthermore, we present in detail the results we have obtained during our work in the last months. Besides rather offensive results, we will also give some best practice recommendations to mitigate the risk posed by botnets.About Thorsten Holz:Thorsten Holz is a Ph.D. student at the Laboratory for Dependable Distributed Systems in Mannheim, Germany. There he teaches besides “system administration” also more interesting courses like the “hacking lab”, a half year long CTF-style course. In addition, he is a member of 0ld Eur0pe, a team of students that regularly competes in CTF contests -finally they won the UCSB CTF in December 2005.Thorsten is one of the founders of the German Honeynet Project. His work there concentrates currently on bots and botnets. He is one of the authors of the “Know Your Enemy: Tracking Botnets” paper and has also published some other papers in this area, e.g., at SecurityFocus and various academic conferences / magazines. Besides this, he is also interested in other areas of IT security, e.g., phishing, web application (in-)securities, or exploitation techniques.He gave talks and trainings at various conferences. CanSecWest / EuSec / PacSec, Black Hat, CCC, and various other (academic) conferences are examples. Moreover, he is the editor-in-chief of the German IT security magazine MISC. You can find his blog at