Evaluating email's feasibility for botnet command and control
نویسندگان
چکیده
The usefulness ofemail has been tempered by its role in the widespread distribution ofspam and malicious content. Security solutions have .focused on filtering out malicious payloads and weblinksfrom email; the potential dangers of email go past these boundaries: harmless-looking emails can carry dangerous, hidden botnet content. In this paper, we evaluate the suitability ofemail communicationfor botnet command and control. What makes email-based botnets interesting is the lack ofclear detection and mitigation strategies that defenders could use to disrupt the botnet. We first demonstrate that botnet commands can remain hidden in spam due to its enormous volume. Ifemail providers deploy specialized detection ofspam-based botnets, botmasters can alternatively communicate with bots via non-spam email that cannot be safely discarded. We show the viability ofsuch communication by means ofsimulations and a prototype, and we discuss the limited prospects for detection ofemail botnets.
منابع مشابه
BotOnus: an online unsupervised method for Botnet detection
Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage ...
متن کاملDesign of a Hybrid Command and Control Mobile Botnet
The increasing popularity and improvement in capabilities offered by smartphones caught the attention of botnet developers. Now the threat of botnets is moving towards the mobile environment. A mobile botnet is defined as a collection of compromised smartphones controlled by a botmaster through a command and control network to serve a malicious purpose. This study presents the design of a hybri...
متن کاملSocial Networking for Botnet Command and Control
A botnet is a group of compromised computers— often a large group—under the command and control of a malicious botmaster. Botnets can be used for a wide variety of malicious attacks, including spamming, distributed denial of service, and identity theft. Botnets are generally recognized as a serious threat on the Internet. This paper discusses SocialNetworkingBot, a botnet we have developed that...
متن کاملA Comparative Analysis of the Resilience of Peer–to–Peer Botnets
Botnets have traditionally used centralized architectures for command and control. In such architectures, a relatively small number of centralized servers is used to command the bots. Centralized botnet architectures are straightforward to deploy, but relatively easy to take down by disabling the command and control servers. In an effort to increase the resilience of their botnets, malware crea...
متن کاملStudy of the Honeypot-Aware Peer-to-Peer Botnet and Its Feasibility
The research objective of this project is to investigate one possible advanced botnet – honeypotaware peer-to-peer (P2P) botnet: verifying our analysis of the propagation of a honeypot-aware P2P botnet, and then showing the feasibility of developing a such botnet in terms of its propagation effectiveness. A “botnet” is a network composed of compromised computers (“bots”) on the Internet, that a...
متن کامل