Studying Spamming Botnets Using Botlab
نویسندگان
چکیده
In this paper we present Botlab, a platform that continually monitors and analyzes the behavior of spamoriented botnets. Botlab gathers multiple real-time streams of information about botnets taken from distinct perspectives. By combining and analyzing these streams, Botlab can produce accurate, timely, and comprehensive data about spam botnet behavior. Our prototype system integrates information about spam arriving at the University of Washington, outgoing spam generated by captive botnet nodes, and information gleaned from DNS about URLs found within these spam messages. We describe the design and implementation of Botlab, including the challenges we had to overcome, such as preventing captive nodes from causing harm or thwarting virtual machine detection. Next, we present the results of a detailed measurement study of the behavior of the most active spam botnets. We find that six botnets are responsible for 79% of spam messages arriving at the UW campus. Finally, we present defensive tools that take advantage of the Botlab platform to improve spam filtering and protect users from harmful web sites advertised within botnet-generated spam.
منابع مشابه
A Browser Malware Taxonomy
This restriction of IP space for mail solves one problem but it doesn’t solve others. On the one hand, it makes management of IPs scalable for machines that are bots. Today, most spam is sent from botnets. However, botnets do not always send out all of their spam directly – many bots compromise legitimate mail hosts or email accounts and send out spam that way, or create a throwaway account at ...
متن کاملSpamming Botnets: Are we losing the war?∗
In this work, we examine the spamming activity of the IP space over time, and observe a worrisome phenomenon: spamming botnets are more widely and thinly spread in the IP space over the last four years. We find that (a), a previouslyunreported IP space (113.* 126.*) has become a major source of spamming activity, and (b), the spamming activity is more equally distributed among IP addresses. Thi...
متن کاملCharacterizing Botnets from Email Spam Records
We develop new techniques to map botnet membership using traces of spam email. To group bots into botnets we look for multiple bots participating in the same spam email campaign. We have applied our technique against a trace of spam email from Hotmail Web mail services. In this trace, we have successfully identified hundreds of botnets. We present new findings about botnet sizes and behavior wh...
متن کاملBOTMAGNIFIER: Locating Spambots on the Internet
Unsolicited bulk email (spam) is used by cybercriminals to lure users into scams and to spread malware infections. Most of these unwanted messages are sent by spam botnets, which are networks of compromised machines under the control of a single (malicious) entity. Often, these botnets are rented out to particular groups to carry out spam campaigns, in which similar mail messages are sent to a ...
متن کاملDetecting Mobile Spam Botnets Using Artificial immune Systems
Malicious software infects large numbers of computers around the world. Once compromised, the computers become part of a botnet and take part in many forms of criminal activity, including the sending of unsolicited commercial email or spam. As mobile devices become tightly integrated with the Internet, associated threats such as botnets have begun to migrate onto the devices. This paper describ...
متن کامل