pBot botnets: An OverviewReturn to TOC presented at FIRST 2014

by Fernando Karl, Felipe Boeira,

Summary : Botnets (robot networks) are computer networks connected one to another that are under the control of a master computer which is denominated the botmaster. Botnets have become one of the largest sources of illegal activities on the internet, being its use assigned to activities such as the mass send of unsolicited e-mails (spam), e-mail addresses harvesting, malicious content hosting (phishing and malware), execution of distributed denial of service attacks, among others. This research consists on the establishment of honeypots to detect attacks, malware source code analysis on a controlled environment and botnet activity monitoring. During 6 months we tracked more than 300 botnets formed by pBot using IRC channels. We found the use of automatic and manual exploitation, spam generator, botnet trading activities and worldwide spread botnets being used by criminal groups located at specific countries. As a final result, we present several new insights relating to the information captured during this period like: preferred weekday for each command, attackers origin contry, common exploits used by these botnets, worldwide distribution of botnets and how the targets are established.