From Botnet Tracking to Intrusion Detection

October 15th, 2007 · No Comments

The following is an excerpt from the book Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In this section of Chapter 11:Tracking Botnets (.pdf), authors Niels Provos and Thorsten Holz explain how virtual honeypots can be used in the real world to investigate botnets and their behaviour. Something that is interesting, but rarely seen is botnet owners discussing issues in their bot channel. We observed several of those talks and learned more about their social life this way. The bot-herders often discuss issues related to botnets but also talk about other computer crime-related things or simply talk about what they do.

Our observations showed that often botnets are run by young males with surprisingly limited programming skills. These people often achieve a good spread of their bots, but their actions are more or less harmless. Nevertheless, we also observed some more advanced attackers, but these persons joined the control channel only occasionally. They use only one-character nicks, issue a command, and leave. The updates of the bots they run are very professional. Probably these people use the botnets for commercial usage and sell the services. More and more attackers use their botnets for financial gain. Virtual Honeypots: From Botnet Tracking to Intrusion Detection : Security Topics

The Network Security. Org

From Botnet Tracking to Intrusion Detection

October 15th, 2007 · No Comments

From around the Web

Advertisments

Sponsors

Sponsors

Earlier Archives

Web Links